Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Browser starting automatically on boot to display ad page


  • This topic is locked This topic is locked
7 replies to this topic

#1 Jax765

Jax765

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 21 August 2014 - 06:58 PM

Recently, my Opera internet browser has been starting up by itself when I boot the pc, and opens a page called extendedunlimited or a russian page. I uninstalled Opera, but then the same thing happened with Internet Explorer instead. I'm assuming this is adware of some kind? I've run a full scan with Malwarebytes, but nothing's been detected, same with Microsoft Security Essentials. I came across a similar topic, where the topic creator was told to run and post the logs from Adwcleaner and Farbar recovery scan tool, so I've included them below my DDS log. I'd like to know if it's safe to clean what Adwcleaner detected?

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by Zeyn at 0:43:43 on 2014-08-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.16337.13129 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
D:\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\SysWOW64\HsMgr.exe
C:\Windows\system\HsMgr64.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\ASUS Xonar DGX Audio\Customapp\ASUSAUDIOCENTER.EXE
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverrider.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera_crashreporter.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [CMD] cmd.exe /c start http://extendedunlimited.org && exit
mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [BCSSync] "D:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [D3DOverrider] "D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverriderWrapper.exe" /s
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [DiscWizardMonitor.exe] "C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C9C74A00-4C30-41A3-985A-A66DE0B0A8C3} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [Cmaudio8788] C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
x64-Run: [Cmaudio8788GX] C:\windows\syswow64\HsMgr.exe Envoke
x64-Run: [Cmaudio8788GX64] C:\windows\system\HsMgr64.exe Envoke
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [ShadowPlay] C:\windows\System32\rundll32.exe C:\windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2013-10-22 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R0 mv91xx;mv91xx;C:\windows\System32\drivers\mv91xx.sys [2013-10-22 310064]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-11-1 56208]
R0 vididr;Acronis Virtual Disk;C:\windows\System32\drivers\vididr.sys [2014-1-21 210016]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\windows\System32\drivers\vsflt53.sys [2014-1-21 141920]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2013-11-12 22528]
R2 Ds3Service;SCP DS3 Service;D:\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe [2013-10-30 388352]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-10-22 169432]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-10 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-10 860472]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 133928]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-5 1720792]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-10-22 18973144]
R2 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2011-6-30 1191408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-7-30 411936]
R3 cmudaxp;ASUS Xonar DGX Audio Interface;C:\windows\System32\drivers\cmudaxp.sys [2013-10-22 2727936]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2013-10-26 283064]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\windows\System32\drivers\e1d62x64.sys [2013-10-22 490256]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2013-10-22 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2013-10-22 786416]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-10-25 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-10 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-10 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-5-15 20440]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\windows\System32\drivers\nvvad64v.sys [2014-5-15 40392]
R3 ScpVBus;Scp Virtual Bus Driver;C:\windows\System32\drivers\ScpVBus.sys [2013-10-25 39168]
RUnknown aswMonFlt;aswMonFlt; [x]
RUnknown aswRvrt;aswRvrt; [x]
RUnknown aswSnx;aswSnx; [x]
RUnknown aswSP;aswSP; [x]
RUnknown aswStm;aswStm; [x]
RUnknown aswVmm;aswVmm; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 BRDriver64;BRDriver64;C:\ProgramData\BitRaider\BRDriver64.sys [2014-1-11 75048]
S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-1-11 477960]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe [2014-1-16 25832]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-10-22 137336]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 mv91cons;mv91cons;C:\windows\System32\drivers\mv91cons.sys [2013-10-22 27440]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2013-10-22 450848]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-10-31 19456]
S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-11-12 31800]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\windows\System32\drivers\rusb3hub.sys [2012-8-27 114568]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\windows\System32\drivers\rusb3xhc.sys [2012-8-27 230280]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-15 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-10-31 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-10-27 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [UserChoice]
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-08-21 23:41:16 -------- d-----w- C:\FRST
2014-08-21 23:33:47 -------- d-----w- C:\AdwCleaner
2014-08-21 23:33:37 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FDDE958-7344-488D-BCC6-E8727B96A1F7}\offreg.dll
2014-08-21 23:04:13 -------- d-----w- C:\Users\Zeyn\AppData\Roaming\AVAST Software
2014-08-21 23:03:28 43152 ----a-w- C:\windows\avastSS.scr
2014-08-21 23:02:12 -------- d-----w- C:\Program Files\AVAST Software
2014-08-21 23:00:46 -------- d-----w- C:\ProgramData\AVAST Software
2014-08-21 22:57:42 11319200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1FDDE958-7344-488D-BCC6-E8727B96A1F7}\mpengine.dll
2014-08-21 22:56:13 -------- d-sh--w- C:\$RECYCLE.BIN
2014-08-21 22:51:31 98816 ----a-w- C:\windows\sed.exe
2014-08-21 22:51:31 256000 ----a-w- C:\windows\PEV.exe
2014-08-21 22:51:31 208896 ----a-w- C:\windows\MBR.exe
2014-08-21 12:38:39 1169712 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EEF0739A-0B25-4BA6-BB5B-E5819E64B4DD}\gapaengine.dll
2014-08-21 12:38:32 11319200 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-20 14:31:41 -------- d-----w- C:\Users\Zeyn\AppData\Roaming\LavasoftStatistics
2014-08-20 14:31:18 -------- d-----w- C:\Program Files\Lavasoft
2014-08-19 13:42:42 -------- d-----w- C:\Users\Zeyn\AppData\Local\Adobe
2014-08-14 14:59:12 -------- d-----w- C:\Users\Zeyn\AppData\Local\Risen3
2014-08-14 02:00:33 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-08-14 02:00:33 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-08-14 02:00:33 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-08-14 02:00:33 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-08-14 02:00:32 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-08-14 02:00:32 8856 ----a-w- C:\windows\System32\icardres.dll
2014-08-14 02:00:25 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 02:00:25 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-08-13 01:39:24 -------- d-----w- C:\windows\pss
2014-08-13 01:35:02 -------- d-----w- C:\windows\SysWow64\Do not install
2014-08-13 01:35:01 -------- d-----w- C:\Program Files (x86)\3DRipperDX
2014-08-12 16:41:37 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 16:41:37 -------- d-----w- C:\Program Files\iTunes
2014-08-12 16:41:37 -------- d-----w- C:\Program Files\iPod
2014-08-12 16:41:37 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-11 15:59:21 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-05 22:26:51 -------- d-----w- C:\Users\Zeyn\AppData\Local\119614890736297204
2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-08-03 20:30:47 -------- d-----w- C:\Users\Zeyn\AppData\Local\119614890735183092
2014-08-03 20:29:56 -------- d-----w- C:\Users\Zeyn\AppData\Local\119614890735248628
2014-08-03 20:25:29 -------- d-----w- C:\Users\Zeyn\AppData\Local\119614890734724340
2014-07-30 12:30:52 609240 ----a-w- C:\windows\SysWow64\nvStreaming.exe
2014-07-27 15:30:13 -------- d-----w- C:\windows\81C42533F5A846CE9013ECF783A4CBD4.TMP
2014-07-27 14:12:44 -------- d-----w- C:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2014-07-27 14:12:44 -------- d-----w- C:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2014-07-26 18:10:58 -------- d-----w- C:\Users\Zeyn\AppData\Roaming\Psi-Ops - The Mindgate Conspiracy
2014-07-26 17:18:10 1713152 ----a-w- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xpadder [5.7].exe
2014-07-24 18:55:26 -------- d-----w- C:\temp
2014-07-24 18:55:26 -------- d-----w- C:\Studio4
2014-07-24 18:55:26 -------- d-----w- C:\shaders
2014-07-24 18:55:26 -------- d-----w- C:\Roaming
2014-07-24 18:55:26 -------- d-----w- C:\DAZ 3D
2014-07-24 18:55:26 -------- d-----w- C:\AppData
2014-07-23 11:56:36 -------- d-----w- C:\ProgramData\REVOLT
.
==================== Find3M  ====================
.
2014-08-21 23:28:43 122584 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-19 11:59:24 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-19 11:59:24 699568 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-08-09 00:22:16 1291280 ----a-w- C:\windows\SysWow64\nvspbridge.dll
2014-08-09 00:22:16 1126480 ----a-w- C:\windows\SysWow64\nvspcap.dll
2014-08-09 00:22:05 1715224 ----a-w- C:\windows\System32\nvspbridge64.dll
2014-08-09 00:22:05 1283136 ----a-w- C:\windows\System32\nvspcap64.dll
2014-08-07 02:06:41 529920 ----a-w- C:\windows\System32\aepdu.dll
2014-08-07 02:01:34 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-07-25 14:02:12 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\windows\SysWow64\wininet.dll
2014-07-16 03:25:04 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-07-16 03:23:41 2048 ----a-w- C:\windows\System32\tzres.dll
2014-07-16 02:46:24 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-07-16 02:46:02 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-07-16 02:12:11 3163648 ----a-w- C:\windows\System32\win32k.sys
2014-07-14 02:02:45 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-07-14 01:40:58 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03:23 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-07-02 18:55:43 6783776 ----a-w- C:\windows\System32\nvcpl.dll
2014-07-02 18:55:43 3522392 ----a-w- C:\windows\System32\nvsvc64.dll
2014-07-02 18:55:41 935368 ----a-w- C:\windows\System32\nvvsvc.exe
2014-07-02 18:55:41 62808 ----a-w- C:\windows\System32\nvshext.dll
2014-07-02 18:55:41 386520 ----a-w- C:\windows\System32\nvmctray.dll
2014-07-02 10:14:12 3826628 ----a-w- C:\windows\System32\nvcoproc.bin
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2014-06-13 02:59:26 1542088 ----a-w- C:\windows\System32\nvdispgenco6434043.dll
2014-06-13 02:59:20 1890264 ----a-w- C:\windows\System32\nvdispco6434043.dll
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-06-03 10:02:37 112064 ----a-w- C:\windows\System32\consent.exe
2014-06-03 10:02:21 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-06-03 10:02:21 3241984 ----a-w- C:\windows\System32\msi.dll
2014-06-03 10:02:12 1941504 ----a-w- C:\windows\System32\authui.dll
2014-06-03 09:29:50 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-06-03 09:29:50 2363392 ----a-w- C:\windows\SysWow64\msi.dll
2014-06-03 09:29:40 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
.
============= FINISH:  0:43:53.07 ===============
 
 
 
 
 
 
 
 
 
 
# AdwCleaner v3.308 - Report created 22/08/2014 at 00:34:25
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zeyn - ZEYN-PC
# Running from : C:\Users\Zeyn\Desktop\adwcleaner_3.308.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software\adawarebp
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v31.0 (x86 en-GB)
 
[ File : C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [1337 octets] - [22/08/2014 00:34:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1397 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2014
Ran by Zeyn (administrator) on ZEYN-PC on 22-08-2014 00:41:24
Running from C:\Users\Zeyn\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Scarlet.Crush Productions) D:\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Seagate) C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Seagate) C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverrider.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
() C:\Program Files (x86)\Opera\23.0.1522.77_0\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\23.0.1522.77_0\opera.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [Cmaudio8788] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [Seagate Scheduler2 Service] => C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe [395152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => D:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [D3DOverrider] => D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverriderWrapper.exe [40960 2009-08-22] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1517128 2013-10-18] (Seagate Technology LLC)
HKLM-x32\...\Run: [DiscWizardMonitor.exe] => C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe [2638152 2011-06-30] (Seagate)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1937600 2014-08-13] (Valve Corporation)
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [122984 2013-10-18] (Seagate Technology LLC)
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: HardLinkMenu -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: IconOverlayHardLink -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers: IconOverlaySymbolicLink -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: HardLinkMenu -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: IconOverlayHardLink -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: IconOverlaySymbolicLink -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files\LinkShellExtension\32\HardlinkShellExt.dll (Hermann Schinagl)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA0D62F7295BDCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
FireFox:
========
FF ProfilePath: C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: DownloadHelper - C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-18]
FF Extension: Speed Dial - C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-07-29]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2014-07-26]
FF Extension: Adblock Plus - C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-27]
FF Extension: Greasemonkey - C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2014-05-29]
 
Chrome: 
=======
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-01-11] (BitRaider, LLC)
S3 DAUpdaterSvc; D:\games\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-12-15] (BioWare)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
R2 Ds3Service; D:\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files\Microsoft Office\Office14\GROOVE.EXE [30963576 2010-01-21] (Microsoft Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18973144 2014-08-09] (NVIDIA Corporation)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2014-05-12] ()
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-10-18] (Seagate Technology LLC)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2014-01-11] (BitRaider)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2727936 2011-12-20] (C-Media Inc)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-26] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [490256 2013-01-23] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20440 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 rusb3hub; C:\Windows\system32\drivers\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
S3 rusb3xhc; C:\Windows\system32\drivers\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2014-01-21] (Acronis)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-22 00:41 - 2014-08-22 00:41 - 00023266 _____ () C:\Users\Zeyn\Desktop\FRST.txt
2014-08-22 00:41 - 2014-08-22 00:41 - 00000000 ____D () C:\FRST
2014-08-22 00:40 - 2014-08-22 00:40 - 02101760 _____ (Farbar) C:\Users\Zeyn\Desktop\FRST64.exe
2014-08-22 00:33 - 2014-08-22 00:34 - 00000000 ____D () C:\AdwCleaner
2014-08-22 00:33 - 2014-08-22 00:33 - 01364531 _____ () C:\Users\Zeyn\Desktop\adwcleaner_3.308.exe
2014-08-22 00:04 - 2014-08-22 00:04 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\AVAST Software
2014-08-22 00:03 - 2014-08-22 00:03 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-08-22 00:02 - 2014-08-22 00:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-22 00:00 - 2014-08-22 00:02 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-21 23:56 - 2014-08-21 23:56 - 00029871 _____ () C:\ComboFix.txt
2014-08-21 23:51 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-08-21 23:51 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-08-21 23:51 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-08-21 23:51 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-08-21 23:51 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-08-21 23:51 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-08-21 23:51 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-08-21 23:51 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-08-21 23:48 - 2014-08-21 23:56 - 00000000 ____D () C:\Qoobox
2014-08-21 23:48 - 2014-08-21 23:55 - 00000000 ____D () C:\windows\erdnt
2014-08-21 23:44 - 2014-08-21 23:58 - 00001990 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-08-21 23:44 - 2014-08-21 23:44 - 00003814 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1408661085
2014-08-21 21:26 - 2014-08-21 21:32 - 128316186 _____ () C:\Users\Zeyn\Downloads\Adventurer's Jacket.rar
2014-08-21 21:24 - 2014-08-21 21:27 - 76088565 _____ () C:\Users\Zeyn\Downloads\M4 Business Suit Textures.rar
2014-08-21 21:23 - 2014-08-21 21:32 - 15549237 _____ () C:\Users\Zeyn\Downloads\Just Chill.rar
2014-08-21 21:21 - 2014-08-21 21:41 - 36594269 _____ () C:\Users\Zeyn\Downloads\M4 G.I.N.A Agent.rar
2014-08-21 21:21 - 2014-08-21 21:22 - 32461062 _____ () C:\Users\Zeyn\Downloads\M4 Beowulf.rar
2014-08-21 20:34 - 2014-08-21 21:09 - 64884542 _____ () C:\Users\Zeyn\Downloads\M4 Business Suit.rar
2014-08-21 20:18 - 2014-08-21 20:30 - 21731735 _____ () C:\Users\Zeyn\Downloads\Long Nose Shoes.rar
2014-08-21 04:57 - 2014-08-21 04:57 - 94470040 _____ () C:\Users\Zeyn\Downloads\Aiko 6 Booster.rar
2014-08-20 18:36 - 2014-08-20 18:36 - 00007600 _____ () C:\Users\Zeyn\AppData\Local\Resmon.ResmonCfg
2014-08-20 15:38 - 2014-08-20 21:37 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Lavasoft
2014-08-20 15:31 - 2014-08-20 15:31 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\LavasoftStatistics
2014-08-20 15:31 - 2014-08-20 15:31 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-20 15:28 - 2014-08-20 15:28 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-19 17:12 - 2014-08-19 17:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-19 14:42 - 2014-08-19 20:48 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Adobe
2014-08-19 00:44 - 2014-08-19 05:40 - 00000000 ____D () C:\Users\Zeyn\Downloads\Clothes Collection
2014-08-18 22:19 - 2014-08-18 22:21 - 00000000 ____D () C:\Users\Zeyn\Downloads\Emo Hair
2014-08-14 15:59 - 2014-08-14 15:59 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Risen3
2014-08-14 13:12 - 2014-08-22 00:28 - 00051467 _____ () C:\windows\setupact.log
2014-08-14 13:12 - 2014-08-14 13:12 - 00000000 _____ () C:\windows\setuperr.log
2014-08-14 03:00 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 03:00 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 03:00 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 03:00 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 03:00 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 03:00 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 03:00 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 03:00 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 13:02 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-13 13:02 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-13 13:02 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 13:02 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 13:02 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 13:02 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 13:02 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 13:02 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 13:02 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 13:02 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 13:02 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 13:02 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 13:02 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 13:02 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 13:02 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 13:02 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 13:02 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 13:02 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 13:02 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 13:02 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 13:02 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:02 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 13:02 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 13:02 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 13:02 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:02 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:02 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 13:02 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:02 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 13:02 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 13:02 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 13:02 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 13:02 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 13:02 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 13:02 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 13:02 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 13:02 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 13:02 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 13:02 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 13:02 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 13:02 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:02 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 13:02 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 13:02 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 13:02 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 13:02 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 13:02 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 13:02 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 13:02 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 13:02 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 13:02 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:02 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 13:02 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 13:02 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 13:02 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 13:02 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 13:02 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 13:02 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 13:02 - 2014-07-16 04:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-13 13:02 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 13:02 - 2014-07-16 03:46 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-13 13:02 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 13:02 - 2014-07-16 03:12 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-13 13:02 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 13:02 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-13 13:02 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 13:02 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 13:02 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 13:02 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 13:02 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 13:02 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:02 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:02 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:02 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 13:02 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:02 - 2014-07-08 23:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 13:02 - 2014-07-08 23:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 13:02 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 13:02 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 13:02 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:02 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 13:02 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 13:02 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 13:02 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 13:02 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 13:02 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 13:02 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 02:39 - 2014-08-13 02:39 - 00000000 ____D () C:\windows\pss
2014-08-13 02:35 - 2014-08-13 02:43 - 00000000 ____D () C:\Program Files (x86)\3DRipperDX
2014-08-13 02:35 - 2014-08-13 02:35 - 00000000 ____D () C:\windows\SysWOW64\Do not install
2014-08-13 02:35 - 2014-08-13 02:35 - 00000000 ____D () C:\Users\Zeyn\Documents\3DReaperDX
2014-08-13 02:35 - 2014-08-13 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Ripper DX
2014-08-13 02:30 - 2014-08-13 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games
2014-08-12 23:27 - 2014-08-12 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-08-12 22:38 - 2014-08-12 23:27 - 00000637 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1.lnk
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\Program Files\iTunes
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\Program Files\iPod
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-12 13:45 - 2014-08-12 13:47 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2014-08-11 16:59 - 2014-08-11 16:59 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-11 16:59 - 2014-08-11 16:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-11 16:59 - 2014-08-11 16:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-11 16:59 - 2014-08-11 16:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 16:59 - 2014-08-11 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-10 21:44 - 2014-08-11 12:41 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-08-05 23:26 - 2014-08-05 23:26 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890736297204
2014-08-03 22:04 - 2014-08-03 22:04 - 00000000 ____D () C:\Users\Zeyn\Documents\Freedom Fighters
2014-08-03 22:03 - 2014-08-13 02:30 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-03 21:30 - 2014-08-03 21:30 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890735183092
2014-08-03 21:29 - 2014-08-03 21:29 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890735248628
2014-08-03 21:25 - 2014-08-03 21:25 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890734724340
2014-08-03 13:00 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-03 13:00 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-03 13:00 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-03 13:00 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-03 13:00 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-03 13:00 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-03 13:00 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-03 13:00 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-03 13:00 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-03 13:00 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-03 13:00 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-03 13:00 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-03 13:00 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-03 13:00 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-07-30 13:30 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvStreaming.exe
2014-07-30 13:29 - 2014-07-02 21:48 - 31512520 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 24196896 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 22994208 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 17555104 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 15294296 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 13922752 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 13835208 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 12866008 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2014-07-30 13:29 - 2014-07-02 21:48 - 11283344 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 11222048 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 04247000 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 03989960 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 01890080 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6434052.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 01539928 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6434052.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00944928 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00907096 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00903624 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00869152 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00846832 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00502232 _____ (NVIDIA Corporation) C:\windows\system32\nvEncodeAPI64.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00418760 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvEncodeAPI.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00391640 _____ (NVIDIA Corporation) C:\windows\system32\NvIFROpenGL.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00354016 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00348120 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFROpenGL.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00166568 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll
2014-07-30 13:29 - 2014-07-02 21:48 - 00146480 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2014-07-27 16:30 - 2014-07-27 16:30 - 00000000 ____D () C:\windows\81C42533F5A846CE9013ECF783A4CBD4.TMP
2014-07-27 15:12 - 2014-07-27 15:12 - 00000000 ____D () C:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2014-07-27 15:12 - 2014-07-27 15:12 - 00000000 ____D () C:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2014-07-26 19:10 - 2014-07-26 19:10 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Psi-Ops - The Mindgate Conspiracy
2014-07-26 18:18 - 2010-03-20 10:25 - 01713152 _____ () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xpadder [5.7].exe
2014-07-26 04:39 - 2014-07-26 04:39 - 00000000 ____D () C:\Users\Zeyn\Documents\Outlook Files
2014-07-26 03:58 - 2014-07-26 03:58 - 00000000 ___DL () C:\Users\Zeyn\Documents\Larian Studios
2014-07-25 17:10 - 2014-07-25 17:10 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-07-25 17:10 - 2014-07-25 17:10 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-07-25 15:32 - 2014-07-25 15:32 - 00001397 _____ () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2014-07-24 22:44 - 2014-08-05 18:22 - 00003128 _____ () C:\windows\System32\Tasks\pc shutdown
2014-07-24 19:55 - 2014-07-30 13:31 - 00000000 ____D () C:\temp
2014-07-24 19:55 - 2014-07-24 19:55 - 00000000 ____D () C:\Studio4
2014-07-24 19:55 - 2014-07-24 19:55 - 00000000 ____D () C:\shaders
2014-07-24 19:55 - 2014-07-24 19:55 - 00000000 ____D () C:\DAZ 3D
2014-07-23 12:56 - 2014-07-23 12:56 - 00000000 ____D () C:\ProgramData\REVOLT
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-22 00:41 - 2014-08-22 00:41 - 00023266 _____ () C:\Users\Zeyn\Desktop\FRST.txt
2014-08-22 00:41 - 2014-08-22 00:41 - 00000000 ____D () C:\FRST
2014-08-22 00:40 - 2014-08-22 00:40 - 02101760 _____ (Farbar) C:\Users\Zeyn\Desktop\FRST64.exe
2014-08-22 00:40 - 2013-10-25 18:10 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-22 00:35 - 2009-07-14 05:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-22 00:35 - 2009-07-14 05:45 - 00028944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-22 00:34 - 2014-08-22 00:33 - 00000000 ____D () C:\AdwCleaner
2014-08-22 00:34 - 2009-07-14 06:13 - 00784286 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-22 00:33 - 2014-08-22 00:33 - 01364531 _____ () C:\Users\Zeyn\Desktop\adwcleaner_3.308.exe
2014-08-22 00:31 - 2013-10-23 10:22 - 02083856 _____ () C:\windows\WindowsUpdate.log
2014-08-22 00:28 - 2014-08-14 13:12 - 00051467 _____ () C:\windows\setupact.log
2014-08-22 00:28 - 2014-04-10 15:27 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 00:28 - 2013-10-25 17:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-22 00:28 - 2013-10-22 11:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-22 00:28 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-22 00:12 - 2014-02-04 13:46 - 00014532 _____ () C:\windows\PFRO.log
2014-08-22 00:12 - 2009-07-14 05:45 - 05112152 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-22 00:04 - 2014-08-22 00:04 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\AVAST Software
2014-08-22 00:03 - 2014-08-22 00:03 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-08-22 00:02 - 2014-08-22 00:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-22 00:02 - 2014-08-22 00:00 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-21 23:58 - 2014-08-21 23:44 - 00001990 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-08-21 23:56 - 2014-08-21 23:56 - 00029871 _____ () C:\ComboFix.txt
2014-08-21 23:56 - 2014-08-21 23:48 - 00000000 ____D () C:\Qoobox
2014-08-21 23:55 - 2014-08-21 23:48 - 00000000 ____D () C:\windows\erdnt
2014-08-21 23:55 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-08-21 23:45 - 2013-10-25 17:12 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Opera Software
2014-08-21 23:44 - 2014-08-21 23:44 - 00003814 _____ () C:\windows\System32\Tasks\Opera scheduled Autoupdate 1408661085
2014-08-21 23:44 - 2013-10-25 17:12 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Opera Software
2014-08-21 23:44 - 2013-10-25 17:12 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-21 23:38 - 2013-10-26 01:08 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\BitTorrent
2014-08-21 23:38 - 2013-10-25 17:07 - 00001420 _____ () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-21 21:41 - 2014-08-21 21:21 - 36594269 _____ () C:\Users\Zeyn\Downloads\M4 G.I.N.A Agent.rar
2014-08-21 21:32 - 2014-08-21 21:26 - 128316186 _____ () C:\Users\Zeyn\Downloads\Adventurer's Jacket.rar
2014-08-21 21:32 - 2014-08-21 21:23 - 15549237 _____ () C:\Users\Zeyn\Downloads\Just Chill.rar
2014-08-21 21:27 - 2014-08-21 21:24 - 76088565 _____ () C:\Users\Zeyn\Downloads\M4 Business Suit Textures.rar
2014-08-21 21:22 - 2014-08-21 21:21 - 32461062 _____ () C:\Users\Zeyn\Downloads\M4 Beowulf.rar
2014-08-21 21:09 - 2014-08-21 20:34 - 64884542 _____ () C:\Users\Zeyn\Downloads\M4 Business Suit.rar
2014-08-21 20:30 - 2014-08-21 20:18 - 21731735 _____ () C:\Users\Zeyn\Downloads\Long Nose Shoes.rar
2014-08-21 16:52 - 2013-10-30 21:38 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\vlc
2014-08-21 14:40 - 2013-12-18 06:12 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\dxhr
2014-08-21 04:57 - 2014-08-21 04:57 - 94470040 _____ () C:\Users\Zeyn\Downloads\Aiko 6 Booster.rar
2014-08-20 21:37 - 2014-08-20 15:38 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Lavasoft
2014-08-20 18:36 - 2014-08-20 18:36 - 00007600 _____ () C:\Users\Zeyn\AppData\Local\Resmon.ResmonCfg
2014-08-20 15:31 - 2014-08-20 15:31 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\LavasoftStatistics
2014-08-20 15:31 - 2014-08-20 15:31 - 00000000 ____D () C:\Program Files\Lavasoft
2014-08-20 15:28 - 2014-08-20 15:28 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-08-20 12:18 - 2014-05-29 13:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-19 20:48 - 2014-08-19 14:42 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Adobe
2014-08-19 17:13 - 2014-08-19 17:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-19 12:59 - 2013-10-25 18:10 - 00699568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-08-19 12:59 - 2013-10-25 18:10 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-19 12:59 - 2013-10-25 18:10 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-08-19 05:40 - 2014-08-19 00:44 - 00000000 ____D () C:\Users\Zeyn\Downloads\Clothes Collection
2014-08-18 22:21 - 2014-08-18 22:19 - 00000000 ____D () C:\Users\Zeyn\Downloads\Emo Hair
2014-08-14 20:17 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-08-14 16:36 - 2014-02-01 18:13 - 00347978 _____ () C:\windows\DirectX.log
2014-08-14 15:59 - 2014-08-14 15:59 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Risen3
2014-08-14 13:12 - 2014-08-14 13:12 - 00000000 _____ () C:\windows\setuperr.log
2014-08-14 03:32 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 03:05 - 2013-10-30 17:57 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 03:03 - 2013-10-27 04:17 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 03:01 - 2013-10-27 04:17 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 03:00 - 2014-04-27 19:27 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-08-13 04:05 - 2014-05-29 12:52 - 00000000 ____D () C:\ProgramData\Origin
2014-08-13 02:43 - 2014-08-13 02:35 - 00000000 ____D () C:\Program Files (x86)\3DRipperDX
2014-08-13 02:39 - 2014-08-13 02:39 - 00000000 ____D () C:\windows\pss
2014-08-13 02:35 - 2014-08-13 02:35 - 00000000 ____D () C:\windows\SysWOW64\Do not install
2014-08-13 02:35 - 2014-08-13 02:35 - 00000000 ____D () C:\Users\Zeyn\Documents\3DReaperDX
2014-08-13 02:35 - 2014-08-13 02:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Ripper DX
2014-08-13 02:30 - 2014-08-13 02:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games
2014-08-13 02:30 - 2014-08-03 22:03 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-08-13 02:30 - 2013-10-22 11:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-12 23:27 - 2014-08-12 23:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
2014-08-12 23:27 - 2014-08-12 22:38 - 00000637 _____ () C:\Users\Public\Desktop\PCSX2 1.2.1.lnk
2014-08-12 20:51 - 2014-06-06 21:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-12 20:21 - 2014-05-29 12:52 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\Program Files\iTunes
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\Program Files\iPod
2014-08-12 17:41 - 2014-08-12 17:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-12 13:47 - 2014-08-12 13:45 - 00000000 ____D () C:\Users\Public\Documents\TimeGate Studios
2014-08-12 02:42 - 2013-10-22 11:17 - 00000000 ____D () C:\ProgramData\Intel
2014-08-11 17:00 - 2013-10-25 19:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-11 16:59 - 2014-08-11 16:59 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-11 16:59 - 2014-08-11 16:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-11 16:59 - 2014-08-11 16:59 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-11 16:59 - 2014-08-11 16:59 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-11 16:59 - 2014-08-11 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-11 12:41 - 2014-08-10 21:44 - 00000000 ____D () C:\Users\Public\Documents\Monolith Productions
2014-08-11 01:30 - 2014-02-15 20:24 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\HandBrake
2014-08-10 21:15 - 2013-11-01 05:03 - 00000000 ____D () C:\ProgramData\Ubisoft
2014-08-09 01:22 - 2014-06-02 16:07 - 01715224 _____ (NVIDIA Corporation) C:\windows\system32\nvspbridge64.dll
2014-08-09 01:22 - 2014-06-02 16:07 - 01291280 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspbridge.dll
2014-08-09 01:22 - 2013-10-29 16:37 - 01283136 _____ (NVIDIA Corporation) C:\windows\system32\nvspcap64.dll
2014-08-09 01:22 - 2013-10-29 16:37 - 01126480 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvspcap.dll
2014-08-07 03:06 - 2014-08-13 13:02 - 00529920 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-13 13:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-06 13:44 - 2013-11-29 03:30 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Skyrim
2014-08-05 23:26 - 2014-08-05 23:26 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890736297204
2014-08-05 18:22 - 2014-07-24 22:44 - 00003128 _____ () C:\windows\System32\Tasks\pc shutdown
2014-08-04 16:10 - 2013-10-26 00:31 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DAZ 3D
2014-08-04 16:02 - 2013-12-07 01:49 - 00000132 _____ () C:\Users\Zeyn\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-08-03 22:04 - 2014-08-03 22:04 - 00000000 ____D () C:\Users\Zeyn\Documents\Freedom Fighters
2014-08-03 21:30 - 2014-08-03 21:30 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890735183092
2014-08-03 21:29 - 2014-08-03 21:29 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890735248628
2014-08-03 21:25 - 2014-08-03 21:25 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\119614890734724340
2014-08-01 00:41 - 2014-08-13 13:02 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-01 00:16 - 2014-08-13 13:02 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-30 13:31 - 2014-07-24 19:55 - 00000000 ____D () C:\temp
2014-07-30 13:31 - 2013-10-22 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-30 13:30 - 2013-10-22 11:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-30 13:28 - 2013-11-14 01:33 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\NVIDIA Corporation
2014-07-29 14:49 - 2013-10-25 17:07 - 00000000 ____D () C:\Users\Zeyn
2014-07-27 16:30 - 2014-07-27 16:30 - 00000000 ____D () C:\windows\81C42533F5A846CE9013ECF783A4CBD4.TMP
2014-07-27 15:12 - 2014-07-27 15:12 - 00000000 ____D () C:\windows\DD1865F0AD7340FBB23E1822E02396FF.TMP
2014-07-27 15:12 - 2014-07-27 15:12 - 00000000 ____D () C:\windows\A7E07C2B2220441587E3784D5814BC93.TMP
2014-07-26 19:10 - 2014-07-26 19:10 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Psi-Ops - The Mindgate Conspiracy
2014-07-26 04:39 - 2014-07-26 04:39 - 00000000 ____D () C:\Users\Zeyn\Documents\Outlook Files
2014-07-26 03:58 - 2014-07-26 03:58 - 00000000 ___DL () C:\Users\Zeyn\Documents\Larian Studios
2014-07-26 03:58 - 2014-05-22 11:32 - 00000000 ____D () C:\Users\Zeyn\Documents\Ilsa Work
2014-07-25 17:12 - 2013-11-01 02:03 - 00000000 ____D () C:\Users\Zeyn\AppData\Local\Ubisoft Game Launcher
2014-07-25 17:10 - 2014-07-25 17:10 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-07-25 17:10 - 2014-07-25 17:10 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-07-25 15:52 - 2014-08-13 13:02 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-25 15:32 - 2014-07-25 15:32 - 00001397 _____ () C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
2014-07-25 15:30 - 2014-05-29 12:52 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\Origin
2014-07-25 15:21 - 2013-10-31 00:22 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-25 15:21 - 2013-10-31 00:22 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-25 15:02 - 2014-08-13 13:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-25 15:01 - 2014-08-13 13:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-25 14:51 - 2014-08-13 13:02 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-25 14:30 - 2014-08-13 13:02 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-25 14:28 - 2014-08-13 13:02 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-25 14:28 - 2014-08-13 13:02 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-25 14:25 - 2014-08-13 13:02 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-25 14:25 - 2014-08-13 13:02 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-25 14:11 - 2014-08-13 13:02 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-25 14:10 - 2014-08-13 13:02 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-25 14:04 - 2014-08-13 13:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-25 14:03 - 2014-08-13 13:02 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-25 14:00 - 2014-08-13 13:02 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-25 14:00 - 2014-08-13 13:02 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-25 13:59 - 2014-08-13 13:02 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-25 13:47 - 2014-08-13 13:02 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-25 13:40 - 2014-08-13 13:02 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-25 13:34 - 2014-08-13 13:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-25 13:34 - 2014-08-13 13:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-25 13:33 - 2014-08-13 13:02 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-25 13:30 - 2014-08-13 13:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-25 13:28 - 2014-08-13 13:02 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-25 13:28 - 2014-08-13 13:02 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 13:21 - 2014-08-13 13:02 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-25 13:19 - 2014-08-13 13:02 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-25 13:18 - 2014-08-13 13:02 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-25 13:17 - 2014-08-13 13:02 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-25 13:17 - 2014-08-13 13:02 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-25 13:12 - 2014-08-13 13:02 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-25 13:10 - 2014-08-13 13:02 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-25 13:10 - 2014-08-13 13:02 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-25 13:08 - 2014-08-13 13:02 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-25 13:06 - 2014-08-13 13:02 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-25 13:01 - 2014-03-13 04:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-25 12:52 - 2014-08-13 13:02 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-25 12:47 - 2014-08-13 13:02 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-25 12:43 - 2014-08-13 13:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 12:42 - 2014-08-13 13:02 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-25 12:39 - 2014-08-13 13:02 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-25 12:39 - 2014-08-13 13:02 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-25 12:36 - 2014-08-13 13:02 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-25 12:34 - 2014-08-13 13:02 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-25 12:29 - 2014-08-13 13:02 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-25 12:23 - 2014-08-13 13:02 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-25 12:13 - 2014-08-13 13:02 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-25 12:07 - 2014-08-13 13:02 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-25 12:07 - 2014-08-13 13:02 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-25 12:03 - 2014-08-13 13:02 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-25 11:52 - 2014-08-13 13:02 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-25 11:26 - 2014-08-13 13:02 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-25 11:17 - 2014-08-13 13:02 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-25 11:09 - 2014-08-13 13:02 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-25 11:05 - 2014-08-13 13:02 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-25 11:00 - 2014-08-13 13:02 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-24 19:55 - 2014-07-24 19:55 - 00000000 ____D () C:\Studio4
2014-07-24 19:55 - 2014-07-24 19:55 - 00000000 ____D () C:\shaders
2014-07-24 19:55 - 2014-07-24 19:55 - 00000000 ____D () C:\DAZ 3D
2014-07-24 19:38 - 2014-05-20 21:41 - 00000000 ____D () C:\Users\Zeyn\AppData\Roaming\OctaneRender
2014-07-23 12:56 - 2014-07-23 12:56 - 00000000 ____D () C:\ProgramData\REVOLT
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-17 14:36
 
==================== End Of Log ============================
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:49 AM

Posted 22 August 2014 - 03:04 AM

:welcome:

Hello Jax765,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Jax765

Jax765
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 22 August 2014 - 07:00 AM

SecurityCheck log.

 

 

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 67  
 Adobe Flash Player 14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 31% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 
 
 
 
OTL.txt
 
 
 
OTL logfile created on: 8/22/2014 12:51:13 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zeyn\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.95 Gb Total Physical Memory | 13.33 Gb Available Physical Memory | 83.56% Memory free
16.95 Gb Paging File | 14.00 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): d:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.75 Gb Total Space | 29.84 Gb Free Space | 25.13% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 77.97 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
 
Computer Name: ZEYN-PC | User Name: Zeyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zeyn\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverrider.exe ()
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\video.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\libavcodec-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-53.dll ()
MOD - C:\Program Files (x86)\Steam\libavformat-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\libswscale-2.dll ()
MOD - C:\Program Files (x86)\Notepad++\libxml2.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\XMLTools.dll ()
MOD - C:\Program Files (x86)\Notepad++\libxslt.dll ()
MOD - C:\Program Files (x86)\Notepad++\zlib1.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\ae18426916e4acf912f54aefb8cd00c7\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\ComparePlugin.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files (x86)\Notepad++\plugins\NppExport.dll ()
MOD - C:\Program Files\ASUS Xonar DGX Audio\Customapp\VMixP8.dll ()
MOD - D:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\RTUI.dll ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverrider.exe ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\RTFC.dll ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverriderHooks.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Program Files\LinkShellExtension\32\RockallDLL.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BRSptSvc) -- C:\ProgramData\BitRaider\BRSptSvc.exe (BitRaider, LLC)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Seagate Dashboard Services) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Ds3Service) -- D:\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe (Scarlet.Crush Productions)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- D:\Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe (BioWare)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (ScpVBus) -- C:\Windows\SysNative\drivers\ScpVBus.sys (Scarlet.Crush Productions)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (e1dexpress) -- C:\Windows\SysNative\drivers\e1d62x64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (rusb3xhc) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (rusb3hub) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BRDriver64) -- C:\ProgramData\BitRaider\BRDriver64.sys (BitRaider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 D6 2F 72 95 BD CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.23
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/05/29 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Extensions
[2014/08/18 21:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions
[2014/08/18 21:31:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/29 17:32:07 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2014/08/16 20:56:51 | 000,020,092 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/07/27 18:46:47 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/29 14:34:51 | 000,297,630 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/08/19 17:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/19 17:13:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/21 23:54:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [D3DOverrider] D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverriderWrapper.exe ()
O4 - HKLM..\Run: [DBAgent] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [CMD] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C74A00-4C30-41A3-985A-A66DE0B0A8C3}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/22 12:49:14 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Desktop\OTL
[2014/08/22 12:46:19 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Desktop\SecurityCheck
[2014/08/22 00:58:23 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Desktop\FRST
[2014/08/22 00:58:15 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Desktop\DDS
[2014/08/22 00:41:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/22 00:33:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/22 00:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/08/21 23:56:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/21 23:51:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/08/21 23:51:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/08/21 23:51:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/08/21 23:48:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/21 23:48:38 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/08/20 21:37:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/08/20 15:38:05 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Lavasoft
[2014/08/20 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\LavasoftStatistics
[2014/08/20 15:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/08/20 15:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/08/19 17:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/19 14:42:42 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\Adobe
[2014/08/14 15:59:12 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\Risen3
[2014/08/14 11:53:17 | 000,000,000 | R--D | C] -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/08/14 03:00:33 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/14 03:00:33 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/14 03:00:33 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/14 03:00:33 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/14 03:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/14 03:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/14 03:00:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/14 03:00:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/08/13 13:02:31 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/13 13:02:31 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/13 13:02:31 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/13 13:02:31 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/13 13:02:31 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/13 13:02:31 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/13 13:02:29 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/13 13:02:28 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/08/13 13:02:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/08/13 13:02:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/08/13 13:02:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/08/13 13:02:27 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/08/13 13:02:27 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/08/13 13:02:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/13 13:02:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/08/13 13:02:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/13 13:02:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/08/13 13:02:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/08/13 13:02:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/08/13 13:02:26 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/08/13 13:02:26 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/08/13 13:02:26 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/08/13 13:02:26 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/08/13 13:02:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/08/13 13:02:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/08/13 13:02:25 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/08/13 13:02:25 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/08/13 13:02:25 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/08/13 13:02:25 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/08/13 13:02:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/08/13 13:02:25 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/08/13 13:02:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/08/13 13:02:24 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/08/13 13:02:24 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/08/13 13:02:24 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/08/13 13:02:24 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/08/13 13:02:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/08/13 13:02:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/08/13 13:02:24 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/08/13 13:02:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/13 13:02:23 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/08/13 13:02:23 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/08/13 13:02:06 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/13 13:02:04 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/13 13:02:03 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/13 02:39:24 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/08/13 02:35:53 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\3DReaperDX
[2014/08/13 02:35:02 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Do not install
[2014/08/13 02:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Ripper DX
[2014/08/13 02:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3DRipperDX
[2014/08/13 02:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games
[2014/08/12 23:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2014/08/12 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/12 13:45:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TimeGate Studios
[2014/08/11 16:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/11 16:59:22 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/08/11 16:59:21 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/08/11 16:59:21 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/08/11 16:59:21 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/11 16:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/10 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2014/08/05 23:26:51 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890736297204
[2014/08/03 22:04:03 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\Freedom Fighters
[2014/08/03 22:03:35 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/08/03 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890735183092
[2014/08/03 21:29:56 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890735248628
[2014/08/03 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890734724340
[2014/08/03 13:00:59 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/08/03 13:00:59 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/08/03 13:00:59 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2014/08/03 13:00:57 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/08/03 13:00:57 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/08/03 13:00:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/08/03 13:00:57 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2014/08/03 13:00:57 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2014/08/03 13:00:57 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2014/08/03 13:00:56 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/08/03 13:00:56 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/08/03 13:00:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/08/03 13:00:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/07/30 13:30:52 | 000,609,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvStreaming.exe
[2014/07/30 13:29:49 | 031,512,520 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2014/07/30 13:29:49 | 024,196,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2014/07/30 13:29:49 | 022,994,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2014/07/30 13:29:49 | 017,555,104 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2014/07/30 13:29:49 | 015,294,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2014/07/30 13:29:49 | 013,922,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2014/07/30 13:29:49 | 013,835,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2014/07/30 13:29:49 | 011,283,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2014/07/30 13:29:49 | 011,222,048 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2014/07/30 13:29:49 | 004,247,000 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2014/07/30 13:29:49 | 003,989,960 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2014/07/30 13:29:49 | 001,890,080 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco6434052.dll
[2014/07/30 13:29:49 | 001,539,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco6434052.dll
[2014/07/30 13:29:49 | 000,944,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFR64.dll
[2014/07/30 13:29:49 | 000,907,096 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFR.dll
[2014/07/30 13:29:49 | 000,903,624 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvFBC64.dll
[2014/07/30 13:29:49 | 000,869,152 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvFBC.dll
[2014/07/30 13:29:49 | 000,846,832 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll
[2014/07/30 13:29:49 | 000,502,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvEncodeAPI64.dll
[2014/07/30 13:29:49 | 000,418,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvEncodeAPI.dll
[2014/07/30 13:29:49 | 000,391,640 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFROpenGL.dll
[2014/07/30 13:29:49 | 000,354,016 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglshim64.dll
[2014/07/30 13:29:49 | 000,348,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFROpenGL.dll
[2014/07/30 13:29:49 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglshim32.dll
[2014/07/30 13:29:49 | 000,166,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll
[2014/07/30 13:29:49 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll
[2014/07/26 19:10:58 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Psi-Ops - The Mindgate Conspiracy
[2014/07/26 04:39:40 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\Outlook Files
[2014/07/26 03:58:19 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\Larian Studios
[2014/07/25 17:10:39 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2014/07/25 17:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\temp
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\Studio4
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\shaders
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\Roaming
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\DAZ 3D
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\AppData
[2014/07/23 12:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\REVOLT
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/22 12:50:55 | 000,028,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/22 12:50:55 | 000,028,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/22 12:49:45 | 000,784,286 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/22 12:49:45 | 000,667,674 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/22 12:49:45 | 000,126,848 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/22 12:43:53 | 005,112,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/22 12:43:53 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/22 12:43:48 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/22 12:43:45 | 4270,284,799 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/22 05:40:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/22 00:33:34 | 001,364,531 | ---- | M] () -- C:\Users\Zeyn\Desktop\adwcleaner_3.308.exe
[2014/08/21 23:58:27 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/08/21 23:54:59 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/08/20 18:36:23 | 000,007,600 | ---- | M] () -- C:\Users\Zeyn\AppData\Local\Resmon.ResmonCfg
[2014/08/19 12:59:24 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/08/19 12:59:24 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/12 23:27:52 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 1.2.1.lnk
[2014/08/11 16:59:19 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/11 16:59:18 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/08/11 16:59:18 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/08/11 16:59:18 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/08/09 01:22:16 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspbridge.dll
[2014/08/09 01:22:16 | 001,126,480 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspcap.dll
[2014/08/09 01:22:05 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvspbridge64.dll
[2014/08/09 01:22:05 | 001,283,136 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvspcap64.dll
[2014/08/07 03:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/07 03:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/04 16:02:26 | 000,000,132 | ---- | M] () -- C:\Users\Zeyn\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/08/03 14:06:19 | 000,001,501 | ---- | M] () -- C:\Users\Zeyn\Desktop\translation.rtf
[2014/07/25 15:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/07/25 14:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/25 14:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/07/25 14:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/07/25 14:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/07/25 14:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/25 14:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/07/25 14:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/07/25 14:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/07/25 13:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/07/25 13:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 13:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/25 13:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/25 13:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/07/25 13:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/07/25 13:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/25 13:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 13:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/25 13:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/25 13:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/25 13:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/07/25 13:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/25 13:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/07/25 13:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/07/25 12:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/25 12:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 12:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/25 12:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/25 12:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/07/25 12:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/25 12:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/25 12:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/25 12:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/07/25 11:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/07/25 11:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/22 00:33:33 | 001,364,531 | ---- | C] () -- C:\Users\Zeyn\Desktop\adwcleaner_3.308.exe
[2014/08/21 23:51:31 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/08/21 23:51:31 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/08/21 23:51:31 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/08/21 23:51:31 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/08/21 23:51:31 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/08/21 23:44:45 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/08/20 18:36:23 | 000,007,600 | ---- | C] () -- C:\Users\Zeyn\AppData\Local\Resmon.ResmonCfg
[2014/08/12 22:38:17 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 1.2.1.lnk
[2014/08/03 13:58:53 | 000,001,501 | ---- | C] () -- C:\Users\Zeyn\Desktop\translation.rtf
[2014/07/26 18:18:10 | 001,713,152 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xpadder [5.7].exe
[2014/07/25 15:32:21 | 000,001,397 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
[2014/07/09 22:07:58 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2014/06/12 23:53:18 | 000,354,304 | ---- | C] () -- C:\windows\SysWow64\pythoncom27.dll
[2014/06/12 23:53:18 | 000,110,080 | ---- | C] () -- C:\windows\SysWow64\pywintypes27.dll
[2014/06/12 23:53:18 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\pythoncomloader27.dll
[2014/06/08 17:12:40 | 000,004,608 | ---- | C] () -- C:\Users\Zeyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/23 04:44:12 | 000,000,132 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2014/05/12 00:26:08 | 000,280,856 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2014/05/12 00:26:07 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2014/05/10 22:44:07 | 000,000,000 | -HS- | C] () -- C:\Users\Zeyn\AppData\Local\LumaEmu
[2014/02/28 22:08:34 | 000,000,073 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\ScriptStudioLayout.ini
[2014/02/28 22:08:34 | 000,000,031 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\ScriptStudioBookmarks.ini
[2014/02/04 00:21:53 | 000,001,456 | ---- | C] () -- C:\Users\Zeyn\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/01/16 21:41:19 | 000,119,296 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2014/01/16 21:41:19 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ADsSecurity.dll
[2014/01/16 21:41:19 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dxinputdll.dll
[2013/12/07 01:49:29 | 000,000,132 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/12/02 21:28:48 | 000,188,416 | ---- | C] () -- C:\windows\SysWow64\utv_core.dll
[2013/12/02 21:28:48 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\utv_vcm.dll
[2013/11/18 04:44:12 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/11/02 02:19:34 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin
[2013/10/28 22:26:49 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\nvRegDev.dll
[2013/10/28 22:26:32 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\nvPhotoshopUtil.dll
[2013/10/28 22:26:32 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\nvISWOW64.dll
[2013/10/22 11:46:46 | 000,200,704 | ---- | C] () -- C:\windows\SysWow64\HsMgr.exe
[2013/10/22 11:46:46 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\VmixP8.dll
[2013/10/22 11:46:46 | 000,044,950 | ---- | C] () -- C:\windows\Cmicnfgp.ini.cfl
[2013/10/22 11:46:46 | 000,000,049 | ---- | C] () -- C:\windows\SysWow64\cmasiop.ini
[2013/10/22 11:46:45 | 000,000,907 | ---- | C] () -- C:\windows\Cmicnfgp.ini.imi
[2013/10/22 11:46:44 | 000,005,066 | ---- | C] () -- C:\windows\Cmicnfgp.ini.cfg
[2013/10/22 11:46:44 | 000,000,594 | ---- | C] () -- C:\windows\cmudaxp.ini
[2013/10/22 11:22:44 | 000,768,152 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/22 11:08:00 | 000,000,051 | ---- | C] () -- C:\windows\smsts.ini
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/10/25 17:07:09 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\ASUS
[2014/06/08 17:13:58 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Audacity
[2014/01/11 06:50:43 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Awesomium
[2014/08/22 01:22:32 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\BitTorrent
[2013/12/02 22:56:32 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Calibrated Software, Inc
[2014/02/01 18:05:04 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\DAEMON Tools Lite
[2014/05/01 02:37:39 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\DarkSoulsII
[2014/04/27 22:17:36 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\DAZ 3D
[2014/02/05 20:09:04 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Doublefine
[2014/01/02 22:08:57 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Dropbox
[2013/11/18 04:44:49 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Final Draft
[2014/07/05 16:11:35 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\GameCompanion
[2014/04/04 15:03:51 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Guild Wars 2
[2014/08/11 01:30:01 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\HandBrake
[2013/12/23 17:54:31 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Injustice
[2014/03/24 04:29:33 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\IrfanView
[2013/12/06 00:16:42 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Kalypso Media
[2014/01/20 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Leadertech
[2013/10/31 13:39:49 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Lionhead Studios
[2013/10/31 22:59:09 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\New Technology Studio
[2014/05/28 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Notepad++
[2014/07/24 19:38:53 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\OctaneRender
[2014/08/21 23:45:09 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Opera Software
[2014/07/25 15:30:05 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Origin
[2014/02/03 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Outlast
[2013/11/01 01:36:42 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\PACE Anti-Piracy
[2014/01/16 21:43:46 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\PowerUp Software
[2014/07/26 19:10:58 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Psi-Ops - The Mindgate Conspiracy
[2014/06/13 21:00:12 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Python
[2013/12/11 02:13:19 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\ScripterRon
[2014/01/21 04:23:07 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Seagate
[2014/02/11 18:07:45 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\steamvr
[2014/03/14 16:48:54 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\The Creative Assembly
[2013/12/06 17:48:43 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Tropico 4
[2014/07/08 15:18:35 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Tucknology
[2014/06/12 20:18:49 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\Ubisoft
[2013/10/27 17:56:31 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\uTorrent
[2014/06/20 02:26:01 | 000,000,000 | ---D | M] -- C:\Users\Zeyn\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 1018 bytes -> C:\Users\Zeyn\AppData\Local\SveiCmQhOax:Da6EqJMHdVEx382CQAbub7
 
< End of report >
 
 
 
 
 
 
extras.txt
 
 
 

OTL Extras logfile created on: 8/22/2014 12:51:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zeyn\Desktop\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.95 Gb Total Physical Memory | 13.33 Gb Available Physical Memory | 83.56% Memory free
16.95 Gb Paging File | 14.00 Gb Available in Paging File | 82.58% Paging File free
Paging file location(s): d:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.75 Gb Total Space | 29.84 Gb Free Space | 25.13% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 77.97 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
 
Computer Name: ZEYN-PC | User Name: Zeyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- D:\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11BA2F82-F58D-42E4-BE5D-BF2F812A7657}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{1C6A3B67-53A4-4901-9B18-D96BB7945E04}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{21991BE0-1A54-4564-AC3C-C4209A92DC67}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{255E9191-91A3-4AE4-866B-762567E3AF87}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{26521595-5AC8-4D7D-8EFE-91C80A177F7C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{26F8EF17-3E75-4B2F-9C63-14CD6A4C8629}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{29CE0E7F-DFA9-4604-97D1-61450209DF08}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{32E93F69-6CDC-4E46-B2BD-958AE2658715}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{396A986A-0EE1-4A56-92F4-4E8D4A423978}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{4306F177-39F1-4338-BC1C-099C57515D35}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{4A46D99A-0A16-440C-8BAB-B11958716BF3}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{5B9FBCFA-580C-4DA4-B5E0-9DDA2DA42F5B}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{61B6C9E5-4A2D-4E34-873F-08CF4EE9F357}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{6EB4A336-8CB4-4515-A518-CBBE9F646166}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{722E0ABF-55EB-40F8-BCE3-9AB6D7A0C3D7}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{78AE1F9B-AEA3-48C7-BB8C-13E9E7ED4C98}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{85EBE168-4087-4F09-B20D-7A1411C0FE60}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{A06D85D7-22A6-4C6F-8CCF-8A26B4E5A433}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{A496D188-7BEE-4B37-A722-AA6BA0F22B83}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{AE847FBC-C2EF-4B9C-A43C-F9D21026E825}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{B4DD44C8-A8F2-43EC-BCD9-D542D06D07EC}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{B6DE36AD-F1E2-4C6A-8E6B-5A2E74E76903}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{D9118157-D8D7-4534-9C33-79E443326369}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{DCCA2F44-EC5C-46AF-929E-2FA9140644CC}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{E9384F35-7C3B-4505-B204-C0ED4F2216FA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{EC37BA02-6F07-410F-91D4-258C19A90EF3}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{EC4BD754-DC30-474C-9DFA-A6A3F59E3630}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{EF42123F-FEF6-42EA-9D5B-B2927F80A299}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{F6BB6CE7-FA8C-4C2D-8FE8-996167E16F4E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F8891AEE-F0A5-4AD1-B652-32B2B114F09C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{FA3B5099-2DC3-4246-BA6E-56F92B78C3F9}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA55E0-B9DF-42E7-A285-F2BA2EBB8727}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{013C2FBE-12FC-4E1C-9DC4-B0B9D8E43273}" = protocol=17 | dir=in | app=d:\games\splinter cell blacklist\src\system\gu.exe | 
"{0485B9B8-E5D3-4183-A4C3-B485F8F6BA68}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe | 
"{0A448611-C0FF-4774-A177-D9F0AC6F17E6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe | 
"{0B4E18EA-175E-4654-B66C-7B05D52FD7F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe | 
"{0BBC7FF3-C1F4-4212-8DA1-07ED8A1F80F5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{0D44F062-72B3-4DC2-BB72-5FF89AB6D94A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{0D579D62-8E4C-4B9D-BB37-5A949276069C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2.exe | 
"{0DE21267-6E14-4B6A-BD56-B05DB1004AEF}" = protocol=6 | dir=in | app=d:\games\dead rising 2\deadrising2.exe | 
"{1B11C66C-0C1D-4DBA-A27D-C041784AD225}" = protocol=17 | dir=in | app=d:\games\dead rising 2\deadrising2.exe | 
"{1F0859C6-2CBE-4DBA-ADF4-448E06484BC6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{26D870CF-7677-4B2B-B3C5-FA765522590C}" = protocol=6 | dir=in | app=c:\program files\luxrender\luxconsole.exe | 
"{28416AD7-E8FB-4F6B-A6D2-8BA5B1719E9D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{2D0956F2-B9B0-4F1E-BE55-E2751712CCBA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 2\launcher.exe | 
"{2D65A117-1B23-4A2C-B48F-E9BCE2A51733}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{3383731E-F00E-452E-B137-2FA0A35C4986}" = protocol=6 | dir=in | app=d:\games\splinter cell blacklist\src\system\blacklist_game.exe | 
"{3A99996F-726A-4A5E-BDF2-AB70506F9081}" = protocol=6 | dir=in | app=d:\games\driver san francisco\driver.exe | 
"{3C6E988D-467C-4D0B-82B2-43CA092DEFB8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe | 
"{3FFCB9A0-DA1F-4121-9DC0-70CAE94E2714}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4058F55D-A572-45E7-BD29-25AAA94D9049}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe | 
"{413A9B80-813B-45CA-8D99-25E124C4631F}" = protocol=6 | dir=in | app=d:\games\dragon age origins\bin_ship\daorigins.exe | 
"{4282D74A-1D8D-477C-ABDC-29BC74A14C61}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dark souls ii\game\darksoulsii.exe | 
"{46AC4737-74F7-42FC-B99F-DCED8BB2E797}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{48703595-C97A-41DC-8CB8-1A3D94D26162}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{51409893-C7AA-47C6-8C73-5F060079C857}" = protocol=17 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4xdedicatedserver.exe | 
"{532A0F89-2963-4600-AAED-B88FC4B0E659}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{579DA965-7D31-4F4A-96C6-7605E1F408BE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{59880E02-14AE-4F87-A659-9AC0E7351AF5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{5C71DBAC-A4D2-493A-AB09-83435861C390}" = protocol=17 | dir=in | app=d:\games\splinter cell blacklist\blacklist_launcher.exe | 
"{5FC2DD10-3249-4C52-9BE8-C021FD336589}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fear ultimate shooter edition\fearxp\fearxp.exe | 
"{64CDF2B9-C856-4BEC-8AEC-F6F80E2E34C0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{65349E81-494F-4377-ADA0-0E169CD67405}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | 
"{65C4AD80-DC43-4F43-879E-8ED5DE9FFBF8}" = protocol=17 | dir=in | app=d:\games\dragon age origins\daoriginslauncher.exe | 
"{6DB46C43-CF23-4C4D-9427-A2CD9561B4A4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe | 
"{71AB45C3-9422-45EC-A90F-79AE7530EC03}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{75E0B0FC-F75F-4C84-B877-E6229971D769}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{781635F3-EF39-4082-A578-5E38B0C28E1D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2.exe | 
"{78848987-99FC-4F9D-B523-BE55E6C42EE7}" = protocol=17 | dir=in | app=d:\games\vindictus eu\en-eu\nmservice.exe | 
"{793B7831-EB79-4206-924D-60D04D76715E}" = protocol=17 | dir=in | app=c:\users\zeyn\appdata\roaming\bittorrent\bittorrent.exe | 
"{7C1B1019-C615-4726-9785-F5A82F41896B}" = protocol=6 | dir=in | app=d:\games\splinter cell blacklist\blacklist_launcher.exe | 
"{7D53B890-C386-4DED-9F30-9CD25DC631E7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fear ultimate shooter edition\fearxp2\fearxp2.exe | 
"{7E51A314-7EA3-42A2-8D6C-05898CE5408E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{7F406915-C6FB-4265-A946-D3FCBC9C30DC}" = protocol=17 | dir=in | app=c:\program files\luxrender\luxconsole.exe | 
"{84DFC40E-3ACE-49F4-8FD2-D1A25E7FFAF6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{85672655-7F1E-4D31-A07D-2409BB5919EA}" = protocol=6 | dir=in | app=d:\games\splinter cell blacklist\src\system\gu.exe | 
"{85F38811-D7C2-4DDE-8954-F2073EAFCF87}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe | 
"{887DC90B-D85A-4D1E-903C-4E4189134202}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{8AFA9C1C-3B4B-480C-B789-EF49EEDDDD19}" = protocol=6 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4xdedicatedserver.exe | 
"{8BBE10F1-D035-4126-9106-6959912B64B8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{8D56A7F3-58DA-4E49-9EE3-FEE6F5BBF132}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird.exe | 
"{9126D234-6ED9-44CF-8BCA-836231004EB6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dark souls ii\game\darksoulsii.exe | 
"{9B12B9B0-A064-4015-B2B9-F165341CA1CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the last remnant\binaries\tlr.exe | 
"{9C7E23F0-459E-4EFD-BF08-EA03FBB89617}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{9D2FE079-2DB3-4E46-8A00-1FE933129442}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham city goty\runlauncher.bat | 
"{9DA23477-85CA-490E-BAF5-FE1BAEA79FED}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fear ultimate shooter edition\fearxp\fearxp.exe | 
"{A21497B7-6AD6-4531-A59A-46A74B33E07E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fear ultimate shooter edition\fear.exe | 
"{A3BC2C62-CB4B-408C-B220-36065B83A456}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 2\launcher.exe | 
"{A43925DD-1E94-4FEA-B8EC-282328956799}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alan wake\alanwake.exe | 
"{A43B28B5-F7D7-4CFB-B1E8-9C51E928BB24}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A47A8247-9DFC-40B4-A009-9A7D8224B3D9}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{A7A35356-82D6-4B19-A54E-42F6B8330E9B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{AA7CCB59-B1A3-4672-BC98-4229ACBD83E5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fear ultimate shooter edition\fearxp2\fearxp2.exe | 
"{AC515991-0094-41D0-9ADE-5DE8C0666C26}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{AD7D8163-D980-4CEF-B2E8-86DFF1414CC3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{ADBF4B59-D530-4A77-8029-0AA4A725859C}" = protocol=6 | dir=in | app=d:\games\vindictus eu\en-eu\nmservice.exe | 
"{AECF6456-3891-4B56-A097-D52D638E8B4B}" = protocol=6 | dir=in | app=d:\games\dragon age origins\daoriginslauncher.exe | 
"{B55D4296-1A40-43F0-B009-BED45CA9B025}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe | 
"{B7684858-11E9-4B30-8AC3-01266AF1A597}" = protocol=17 | dir=in | app=d:\games\splinter cell blacklist\src\system\blacklist_game.exe | 
"{B962FA87-3DED-43AB-A408-0CFB3B7FB6DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{BDA7B957-7B8D-494E-A710-C9D44FAD8C2A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex human revolution director's cut\dxhrdc.exe | 
"{C176224A-927B-4600-B210-2BFC45E96314}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fear ultimate shooter edition\fear.exe | 
"{C2632E37-A7C0-4DD5-8734-6756EF0DE050}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{C2EDE737-1640-41F2-8190-92E14948AFA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{C36ACC64-8660-419B-B7EA-515827FE105A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{CCC8DCB4-949A-4AD9-BDAE-56E23A3ACF0E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\payday 2\payday2_win32_release.exe | 
"{CED2B752-1C51-4A82-91FD-55AD5B2B16EA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\saintsrowthethird_dx11.exe | 
"{CF2331AF-D664-4CFE-8063-35A7B848DAE9}" = protocol=6 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4x.exe | 
"{CF8404AF-7184-440B-BEA5-93189AB4C5EE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham origins\singleplayer\binaries\win32\batmanorigins.exe | 
"{D22BD170-077D-4D29-8F5E-131B9C03A222}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\team fortress 2\hl2.exe | 
"{D2363399-A4D0-4736-A7A5-2E90656811BD}" = protocol=17 | dir=in | app=d:\games\dragon age origins\bin_ship\daorigins.exe | 
"{D3CCA65B-B247-410E-9C0C-0ECCB658CBF9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\bmlauncher.exe | 
"{D56377CF-4C0C-4FB7-970E-78AB53D5FAB9}" = protocol=17 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{DCC4F733-1B85-42F0-B7B0-4B656BB0DF56}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe | 
"{DF10FA0A-1AA7-40BE-81BB-5348EEDD9B62}" = protocol=6 | dir=in | app=d:\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe | 
"{E297F6EB-0B34-424C-906D-A755DE31FD5A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\two worlds ii\twoworlds2_dx10.exe | 
"{E64B8A20-E63A-4570-B384-61E9B466267B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{E7C8B4CE-BF33-4982-9EF1-91C3328CFB0D}" = protocol=17 | dir=in | app=d:\games\driver san francisco\driver.exe | 
"{E889EDAF-5C13-47D5-9565-4FE77194DB1F}" = protocol=17 | dir=in | app=d:\games\splinter cell blacklist\src\system\blacklist_dx11_game.exe | 
"{E939DE1F-789F-4668-815E-A2D1630E1EAF}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{F3B7493D-054E-44D5-B375-8F018A59172F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{F4C0E28A-13C6-4278-89C1-7F5B4F2C9D81}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{F71CBFB5-3516-4AFD-A749-DF2B9B28311B}" = protocol=6 | dir=in | app=d:\games\star wars-the old republic\launcher.exe | 
"{F88B9BE7-1405-4A04-9E7C-5EBA9373B67C}" = protocol=17 | dir=in | app=d:\games\swat 4\contentexpansion\system\swat4x.exe | 
"{F904D1A9-824C-444F-AA2E-63DA98E077A8}" = protocol=6 | dir=in | app=c:\users\zeyn\appdata\roaming\bittorrent\bittorrent.exe | 
"{F9AF28A0-610F-4C3A-935B-E1BED658CE0A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{FB7DBDC9-A0A1-467B-855C-18477CFCAF88}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham origins\online\binaries\win32\batmanoriginsonline.exe | 
"{FE96652F-4F04-4A59-85E2-EE2E571C683B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\saints row the third\game_launcher.exe | 
"TCP Query User{01E3DC99-0570-42D2-B779-7E5451E83CF3}D:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"TCP Query User{084516AD-D0A5-44D8-A7AE-CF2733781210}D:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"TCP Query User{0B428D90-2E32-44BF-AB60-DBBF5A209636}D:\games\dragon age origins\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\games\dragon age origins\bin_ship\daorigins.exe | 
"TCP Query User{0C760092-184B-4465-AD38-ADEFDE415C1D}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe | 
"TCP Query User{157C4927-90D7-4EE4-8DA1-53CFDFB27A6E}D:\games\resident evil 6\bh6.exe" = protocol=6 | dir=in | app=d:\games\resident evil 6\bh6.exe | 
"TCP Query User{265D3018-598E-4E96-B100-58D9C3B526DA}D:\games\fable iii\fable3.exe" = protocol=6 | dir=in | app=d:\games\fable iii\fable3.exe | 
"TCP Query User{2745890C-91CC-4E63-A362-C13D99B68CDF}D:\games\wolfenstein the new order\wolfneworder_x64.exe" = protocol=6 | dir=in | app=d:\games\wolfenstein the new order\wolfneworder_x64.exe | 
"TCP Query User{644DD1CB-1C7A-4849-A0DB-3F6CC839A0EE}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\champions online\champions online\live\gameclient.exe | 
"TCP Query User{6DFACE2C-6519-44F8-B135-14145C20A2B2}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"TCP Query User{6EDF697D-BD74-4309-A00B-9B8227C83FAE}D:\steam\steamapps\common\operation flashpoint red river\redriver.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\operation flashpoint red river\redriver.exe | 
"TCP Query User{99ED485E-96CF-4CBD-BE2F-B3E4B814C1DF}D:\games\company of heroes 2\reliccoh2.exe" = protocol=6 | dir=in | app=d:\games\company of heroes 2\reliccoh2.exe | 
"TCP Query User{A198B8F0-B342-4AE5-9B32-F51C849227B1}D:\games\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=d:\games\dishonored\binaries\win32\dishonored.exe | 
"TCP Query User{B0119463-5A2A-44BC-AA3E-17445D409DD1}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"TCP Query User{BC756441-E0C0-45D8-A7EA-54768A8BD0D7}D:\games\divinity original sin\shipping\eocapp.exe" = protocol=6 | dir=in | app=d:\games\divinity original sin\shipping\eocapp.exe | 
"TCP Query User{BD3A6F1F-8F0F-4041-A9C4-3ED161C86C91}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{BFE12427-C466-460A-8FBD-316CCA004A2E}D:\games\outlast\binaries\win64\olgame.exe" = protocol=6 | dir=in | app=d:\games\outlast\binaries\win64\olgame.exe | 
"TCP Query User{D673D930-D3CA-4FEE-8DEA-B65ECF8E7E80}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"TCP Query User{DAF69D85-C9C7-4D8F-9463-564D455090B0}D:\games\dark souls prepare to die edition\data.exe" = protocol=6 | dir=in | app=d:\games\dark souls prepare to die edition\data.exe | 
"TCP Query User{F91B2D98-4EC9-4530-BF72-0696846E35E9}C:\users\zeyn\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\zeyn\appdata\local\temp\gw2.exe | 
"TCP Query User{FF3FAC22-A621-4121-9132-15A5DBCCE8FF}D:\games\assassins creed iv black flag\ac4bfmp.exe" = protocol=6 | dir=in | app=d:\games\assassins creed iv black flag\ac4bfmp.exe | 
"TCP Query User{FFBF7BCF-A9D9-4BBA-A6F4-05BC107C8520}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe | 
"UDP Query User{0EAA283F-F466-4A22-8139-8BCB63C6D261}D:\games\company of heroes 2\reliccoh2.exe" = protocol=17 | dir=in | app=d:\games\company of heroes 2\reliccoh2.exe | 
"UDP Query User{192BD8CF-D754-4D60-AD1F-37A84A2F3026}D:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\batman arkham asylum goty\binaries\shippingpc-bmgame.exe | 
"UDP Query User{278EAFCB-6DBB-4463-BBEF-1655957E07BF}D:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\grand theft auto iv\gtaiv\gtaiv.exe | 
"UDP Query User{3378D435-118D-47BB-AF5E-A8D400DABB27}D:\games\divinity original sin\shipping\eocapp.exe" = protocol=17 | dir=in | app=d:\games\divinity original sin\shipping\eocapp.exe | 
"UDP Query User{46C81C1A-2B98-4307-9206-39263116EE10}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{470DE7A7-8B0C-4E7D-B9D3-73EC0B731D3C}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe | 
"UDP Query User{5F11CC81-82D2-49B9-AB4B-C6FB57B43892}D:\steam\steamapps\common\champions online\champions online\live\gameclient.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\champions online\champions online\live\gameclient.exe | 
"UDP Query User{6B9BD016-1226-480E-8B6E-3CBA63A2E41C}D:\games\dragon age origins\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\games\dragon age origins\bin_ship\daorigins.exe | 
"UDP Query User{92F3DA41-62CE-49CE-9C5B-A400DBFEAB52}D:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the witcher 2\bin\witcher2.exe | 
"UDP Query User{98956AC3-F4F2-4D39-8FBC-E43BE4B73AB8}D:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\games\guild wars 2\gw2.exe | 
"UDP Query User{99502C27-E950-4C34-8194-C5412CBFD91F}C:\users\zeyn\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\zeyn\appdata\local\temp\gw2.exe | 
"UDP Query User{B511B62A-F3FF-493C-BC53-488B150FEEDC}D:\games\resident evil 6\bh6.exe" = protocol=17 | dir=in | app=d:\games\resident evil 6\bh6.exe | 
"UDP Query User{BACC5433-FFD4-462F-BD50-3736A6E4965A}D:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe | 
"UDP Query User{BC820D1D-D8BD-4629-9A01-74C9D3D46B16}D:\games\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=d:\games\dishonored\binaries\win32\dishonored.exe | 
"UDP Query User{BD9B600F-DCAB-4D4E-90B4-9A0C8E554314}D:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\max payne 3\max payne 3\maxpayne3.exe | 
"UDP Query User{C6CC952B-191F-4D00-AF32-A7D46CB69FAC}D:\games\wolfenstein the new order\wolfneworder_x64.exe" = protocol=17 | dir=in | app=d:\games\wolfenstein the new order\wolfneworder_x64.exe | 
"UDP Query User{D31A22B3-C49F-46A0-848D-20EEF3754A83}D:\games\outlast\binaries\win64\olgame.exe" = protocol=17 | dir=in | app=d:\games\outlast\binaries\win64\olgame.exe | 
"UDP Query User{D3D57962-23B4-4F38-8158-E3DC7C1A1EF2}D:\games\assassins creed iv black flag\ac4bfmp.exe" = protocol=17 | dir=in | app=d:\games\assassins creed iv black flag\ac4bfmp.exe | 
"UDP Query User{D6416531-69AF-4494-B935-807DCB5E4F10}D:\games\dark souls prepare to die edition\data.exe" = protocol=17 | dir=in | app=d:\games\dark souls prepare to die edition\data.exe | 
"UDP Query User{DE25C48A-67D2-4DDB-A8AA-2D63FB96C18E}D:\games\fable iii\fable3.exe" = protocol=17 | dir=in | app=d:\games\fable iii\fable3.exe | 
"UDP Query User{FE588B10-CEBA-4F3A-B981-5D12E1B0A2B4}D:\steam\steamapps\common\operation flashpoint red river\redriver.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\operation flashpoint red river\redriver.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1CC291E4-9288-4189-B02D-8E5A7E8CB550}" = Hex Workshop v6.7
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.7
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel® Rapid Storage Technology
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 340.52
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.1.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 340.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 15.3.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 15.3.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.23
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C289183E-1DD8-42FA-8DFE-94F61ED1CFA3}_is1" = LuxRender 1.3.1 x64 OpenCL
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"CCleaner" = CCleaner
"C-Media Oxygen HD Audio Driver" = ASUS Xonar DG Audio Driver
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.69.2
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.25
"Explorer Suite_is1" = Explorer Suite III
"HardlinkShellExt" = Link Shell Extension
"Microsoft Security Client" = Microsoft Security Essentials
"PROSet" = Intel® Network Connections Drivers
"utvideo_is1" = Ut Video Codec Suite
"WinRAR archiver" = WinRAR 5.01 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00257FA9-3622-45E4-8B4B-A792CC5169EB}" = SQLite ADO.NET 2.0/3.5 Provider
"{01db25f3-1b76-4d97-88c8-1c90634d88fb}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{037A965B-8341-4016-8A5A-8EBB5CC093EE}_is1" = uninstall
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{17528CE4-C333-48FB-A9E4-D841E795CDCE}" = Renesas Electronics USB 3.0 Host Controller Driver
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{28142407-ACAD-4ECD-A6B6-9FA8471F6062}" = Scarface: The World is Yours
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{317243C1-6580-4F43-AED7-37D4438C3DD5}" = Adobe After Effects CC
"{32939827-d8e5-470a-b126-870db3c69fdf}" = Python 2.7.1
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43430FA5-61A7-465F-82FB-BC1000048201}" = Street Fighter X Tekken
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{456A5815-604D-4D72-94DF-346D2B978A59}_is1" = GOG.com Downloader version 3.6.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018302}" = Fable III
"{4D53090A-CE35-42BD-B377-831000018303}" = Fable III
"{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False
"{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}" = NVIDIA Photoshop Plug-ins 64 bit
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}" = Microsoft Games for Windows Marketplace
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Mass Effect™ 3
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 False
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}" = Seagate DiscWizard
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92789900-80D0-4B61-B742-7897964A69AB}_is1" = FileMind QuickFix
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False
"{9B2506E3-9A3F-45B5-96BF-509CAD584650}" = The Sims™ 3 Katy Perry's Sweet Treats
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A0BBD6C7-B546-4048-B33A-F21F5C9F5B09}" = The Sims™ 3 Into the Future
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = The Godfather™ II
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False
"{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}" = Tom Clancy's Splinter Cell® Blacklist™
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}" = Adobe Flash Professional CS6
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{CD6166F9-B2A8-4D59-A2E0-9B4650A62CFB}" = Final Slam 2
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D0087539-3C57-44E0-BEE7-D779D546CBE1}" = The Sims™ 3 Movie Stuff
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DCB46B42-723F-350E-B18A-449BC6C21636}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False
"{E0112108-E4CA-4361-80F3-D337797F4F6A}" = Mod Updater for NRaas mods
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = The Sims™ 3 70s, 80s, & 90s Stuff
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 False
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0AB569C-99EF-4F4D-992D-2206E354C903}" = BOSS Userlist Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F5B6B2B1-7146-499A-9411-6B7AEEA8C20D}" = Calibrated{Q} XD Decode
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{F97B1D1B-F722-4F37-902E-9FB501FADD0E}_is1" = FOMM version 0.13.23
"{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}" = NVIDIA PhysX (Legacy)
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False
"{Stalker Complete 2009 v1.4.4}}_is1" = Stalker Complete 2009 v1.4.4
"3D Ripper DX_is1" = 3D Ripper DX v1.8.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Afterburner" = MSI Afterburner 3.0.0
"AltDrag" = AltDrag
"Angelo Hair 11916_1" = Angelo Hair
"Audacity_is1" = Audacity 2.0.5
"AviSynth" = AviSynth 2.5
"AVStoDVD" = AVStoDVD 2.7.4
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"BitRaider Web Client" = BitRaider Web Client
"Calibrated{Q} XD Decode 1.9.2" = Calibrated{Q} XD Decode
"Canon XF Utility" = Canon XF Utility
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"comtypes-py2.7" = Python 2.7 comtypes-0.6.2
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAZ Content Management Service 4.8.1.7" = DAZ Content Management Service
"DAZ Install Manager 1.1.0.21" = DAZ Install Manager
"DAZ Studio 4.6 (64bit) 4.6.3.50" = DAZ Studio 4.6 (64bit)
"Deadly Premonition: The Director's Cut_is1" = Deadly Premonition: The Director's Cut
"Dolphin" = Dolphin
"Driver San Francisco" = Driver San Francisco
"Dynamic Clothing Control DS4 (64bit) 1.2.2.40" = Dynamic Clothing Control DS4 (64bit)
"ffdshow_is1" = ffdshow v1.3.4500 [2013-01-06]
"Fraps" = Fraps (remove only)
"Full Combat Rebalance 2 Hotfix_is1" = Full Combat Rebalance 2 Hotfix version 1.1a
"Full Combat Rebalance 2_is1" = Full Combat Rebalance 2 version 1.2
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}" = Dark Souls Prepare to Die Edition
"GTA IV Vehicle Mod Installer v1.5_is1" = GTA IV Vehicle Mod Installer v1.5
"Guild Wars 2" = Guild Wars 2
"Gunner for David 5 1.0" = Gunner for David 5
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.9.1
"InstallShield_{28142407-ACAD-4ECD-A6B6-9FA8471F6062}" = Scarface: The World is Yours
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}" = SWAT 4
"InstallShield_{97E12F84-C033-4DA2-97D2-F540C3E292EA}" = SWAT 4 - The Stetchkov Syndicate
"IrfanView" = IrfanView (remove only)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME_is1" = LAME v3.99.3 (for Windows)
"LOOT" = LOOT
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Mozilla Firefox 31.0 (x86 en-GB)" = Mozilla Firefox 31.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NifSkope" = NifSkope (remove only)
"Nocturne Poses for V6 1.0" = Nocturne Poses for V6
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OctaneRender 1.20 64bit" = OctaneRender 1.20 64bit
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 23.0.1522.77" = Opera Stable 23.0.1522.77
"Origin" = Origin
"Outlast_R.G. Mechanics_is1" = Outlast
"pcsx2-r5875" = PCSX2 - Playstation 2 Emulator
"PrecisionX" = EVGA Precision X 4.2.1
"Psi-Ops - The Mindgate Conspiracy_R.G. Mechanics_is1" = Psi-Ops - The Mindgate Conspiracy
"PunkBusterSvc" = PunkBuster Services
"pywin32-py2.7" = Python 2.7 pywin32-216
"Reality" = Reality 2.5
"RGl2aW5pdHlPcmlnaW5hbFNpbg==_is1" = Divinity Original Sin Update v1.0.81
"RGlzaG9ub3JlZA==_is1" = Dishonored  Game of the Year Edition
"Risen 3 - Titan Lords_is1" = Risen 3 - Titan Lords
"Rockstar Games Social Club" = Rockstar Games Social Club
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"SeaTools for Windows" = SeaTools for Windows
"SpeedFan" = SpeedFan (remove only)
"Steam App 108710" = Alan Wake
"Steam App 12210" = Grand Theft Auto IV
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 204100" = Max Payne 3
"Steam App 209000" = Batman™: Arkham Origins
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 21090" = F.E.A.R.
"Steam App 21110" = F.E.A.R.: Extraction Point
"Steam App 21120" = F.E.A.R.: Perseus Mandate
"Steam App 215280" = The Secret World
"Steam App 218620" = PAYDAY 2
"Steam App 22380" = Fallout: New Vegas
"Steam App 23310" = The Last Remnant
"Steam App 236430" = DARK SOULS™ II
"Steam App 238010" = Deus Ex: Human Revolution - Director's Cut
"Steam App 2600" = Vampire: The Masquerade - Bloodlines
"Steam App 35140" = Batman: Arkham Asylum GOTY Edition
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55230" = Saints Row: The Third
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7520" = Two Worlds II
"Steam App 9480" = Saints Row 2
"swtor_swtor" = Star Wars The Old Republic
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"The Wolf Among Us Episode 5_is1" = The Wolf Among Us Episode 5
"U2FpbnRzUm93SVY=_is1" = Saints Row IV Update 7 incl. DLC
"Uplay" = Uplay
"V29sZmVuc3RlaW5UaGVOZXdPcmRlcg==_is1" = Wolfenstein: The New Order
"VGhlS2luZ29mRmlnaHRlcnNYSUlJ_is1" = The King of Fighters XIII Update v1.1c
"VGhlV2Fsa2luZ0RlYWQ=_is1" = The Walking Dead 400 Days
"VLC media player" = VLC media player 2.1.3
"WinMerge_is1" = WinMerge 2.14.0
"Wrye Bash" = Wrye Bash
"wxPython2.8-ansi-py27_is1" = wxPython 2.8.12.0 (ansi) for Python 2.7
"XnView_is1" = XnView 2.04
"Ysaris Hair DAZ Studio ps_ac2274_YsarisHairDS" = Ysaris Hair DAZ Studio
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"BitTorrent" = BitTorrent
"Dragon Age Awakening Redesigned" = Dragon Age Awakening Redesigned
"Dragon Age Awakening Velanna Redesigned©" = Dragon Age Awakening Velanna Redesigned©
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned- Leliana's Song" = Dragon Age Redesigned- Leliana's Song
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned©  Zevran" = Dragon Age Redesigned©  Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"Dragon Age Redesigned© Wynne" = Dragon Age Redesigned© Wynne
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/24/2014 8:01:19 AM | Computer Name = Zeyn-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 1.0.0.127.in-addr.arpa.
 PTR Zeyn-PC.local.
 
Error - 6/24/2014 8:02:15 AM | Computer Name = Zeyn-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/24/2014 8:11:24 AM | Computer Name = Zeyn-PC | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(30:10:e4:10:fc:6c@fe80::3210:e4ff:fe10:fc6c._apple-mobdev2._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 6/24/2014 10:00:08 AM | Computer Name = Zeyn-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   17 1.0.0.127.in-addr.arpa.
 PTR Zeyn-PC-2.local.
 
Error - 6/24/2014 10:00:08 AM | Computer Name = Zeyn-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 1.0.0.127.in-addr.arpa.
 PTR Zeyn-PC.local.
 
Error - 6/24/2014 10:01:04 AM | Computer Name = Zeyn-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/24/2014 1:47:20 PM | Computer Name = Zeyn-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "d:\Games\wolfenstein\MP\serverlauncher.exe".Error
 in manifest or policy file "" on line .  A component version required by the application
 conflicts with another component version already active.  Conflicting components 
are:.  Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 6/25/2014 6:27:34 AM | Computer Name = Zeyn-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   17 1.0.0.127.in-addr.arpa.
 PTR Zeyn-PC-2.local.
 
Error - 6/25/2014 6:27:34 AM | Computer Name = Zeyn-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   15 1.0.0.127.in-addr.arpa.
 PTR Zeyn-PC.local.
 
Error - 6/25/2014 6:28:29 AM | Computer Name = Zeyn-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 8/21/2014 7:20:09 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:20:09 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:22:17 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:22:17 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:22:51 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:22:51 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:23:01 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:23:01 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:27:17 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/21/2014 7:27:17 PM | Computer Name = Zeyn-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
 
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:49 AM

Posted 22 August 2014 - 08:02 AM

Hello Jax765,

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [CMD] => cmd.exe /c start <http://extendedunlimited.org> && exit <===== ATTENTION
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run the Farbar Recovery Scan Tool FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.




***

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***

Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.




***

Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

How the computer is running now?




***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jax765

Jax765
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 22 August 2014 - 09:24 AM

Problem seems to be resolved, no longer getting the pop up when I boot up the PC now. Thanks for the quick and effective response :) Here are the logs you asked for regardless.

 

 

 

fixlog.txt

 

 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2014
Ran by Zeyn at 2014-08-22 15:05:20 Run:1
Running from C:\Users\Zeyn\Desktop\BComp\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\...\Run: [CMD] => cmd.exe /c start <http://extendedunlimited.org> && exit <===== ATTENTION
end
*****************
 
HKU\S-1-5-21-4053379215-3236774985-3265066580-1001\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
 
==== End of Fixlog ====
 
 
 
 
AdwCleaner[S0].txt
 
 

# AdwCleaner v3.308 - Report created 22/08/2014 at 15:07:47
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Zeyn - ZEYN-PC
# Running from : C:\Users\Zeyn\Desktop\BComp\adwcleaner_3.308.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
 
-\\ Mozilla Firefox v31.0 (x86 en-GB)
 
[ File : C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\prefs.js ]
 
 
*************************
 
AdwCleaner[R0].txt - [1489 octets] - [22/08/2014 00:34:25]
AdwCleaner[R1].txt - [1555 octets] - [22/08/2014 15:06:40]
AdwCleaner[S0].txt - [1476 octets] - [22/08/2014 15:07:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1536 octets] ##########
 
 
 
 
 
jrt.txt
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Zeyn on 22/08/2014 at 15:11:16.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4053379215-3236774985-3265066580-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Zeyn\AppData\Roaming\mozilla\firefox\profiles\vlfp9u8s.default\minidumps [2 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/08/2014 at 15:13:34.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
otl.txt
 
 

OTL logfile created on: 8/22/2014 3:16:04 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Zeyn\Desktop\BComp\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17239)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
15.95 Gb Total Physical Memory | 13.10 Gb Available Physical Memory | 82.12% Memory free
16.95 Gb Paging File | 14.01 Gb Available in Paging File | 82.67% Paging File free
Paging file location(s): d:\pagefile.sys 1024 2048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118.75 Gb Total Space | 29.75 Gb Free Space | 25.05% Space Free | Partition Type: NTFS
Drive D: | 1863.02 Gb Total Space | 77.97 Gb Free Space | 4.19% Space Free | Partition Type: NTFS
 
Computer Name: ZEYN-PC | User Name: Zeyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Zeyn\Desktop\BComp\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\bin\steamwebhelper.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe (CMedia)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
PRC - C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
PRC - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverrider.exe ()
PRC - C:\Windows\SysWOW64\HsMgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Steam\video.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\libavcodec-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavutil-53.dll ()
MOD - C:\Program Files (x86)\Steam\libavformat-55.dll ()
MOD - C:\Program Files (x86)\Steam\libavresample-1.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\libswscale-2.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\ae18426916e4acf912f54aefb8cd00c7\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\04824fdbd5dce32530ba44ae012e4fb9\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files\ASUS Xonar DGX Audio\Customapp\VMixP8.dll ()
MOD - D:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\RTUI.dll ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverrider.exe ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\RTFC.dll ()
MOD - D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverriderHooks.dll ()
MOD - C:\Windows\SysWOW64\HsMgr.exe ()
MOD - C:\Program Files\LinkShellExtension\32\RockallDLL.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe (Intel® Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV:64bit: - (DAZContentManagementService) -- C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BRSptSvc) -- C:\ProgramData\BitRaider\BRSptSvc.exe (BitRaider, LLC)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Seagate Dashboard Services) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Ds3Service) -- D:\SCP-DS3-Driver-Package-1.0.0.103\ScpServer\bin\ScpService.exe (Scarlet.Crush Productions)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SgtSch2Svc) -- C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe (Seagate)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- D:\Games\Dragon Age Origins\bin_ship\daupdatersvc.service.exe (BioWare)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (NvStreamKms) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (vididr) -- C:\Windows\SysNative\drivers\vididr.sys (Acronis)
DRV:64bit: - (vidsflt53) -- C:\Windows\SysNative\drivers\vsflt53.sys (Acronis)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys (NVIDIA Corporation)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (ScpVBus) -- C:\Windows\SysNative\drivers\ScpVBus.sys (Scarlet.Crush Productions)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (e1dexpress) -- C:\Windows\SysNative\drivers\e1d62x64.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (rusb3xhc) -- C:\Windows\SysNative\drivers\rusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (rusb3hub) -- C:\Windows\SysNative\drivers\rusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (cmudaxp) -- C:\Windows\SysNative\drivers\cmudaxp.sys (C-Media Inc)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BRDriver64) -- C:\ProgramData\BitRaider\BRDriver64.sys (BitRaider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 D6 2F 72 95 BD CF 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.1
FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.23
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/05/29 13:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Extensions
[2014/08/18 21:31:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions
[2014/08/18 21:31:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2014/07/29 17:32:07 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2014/08/16 20:56:51 | 000,020,092 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2014/07/27 18:46:47 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/07/29 14:34:51 | 000,297,630 | ---- | M] () (No name found) -- C:\Users\Zeyn\AppData\Roaming\Mozilla\Firefox\Profiles\vlfp9u8s.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/08/19 17:12:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/08/19 17:13:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/08/21 23:54:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] D:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [D3DOverrider] D:\Mods & Backups\Graphics Tweaks\D3DOverrider\D3DOverriderWrapper.exe ()
O4 - HKLM..\Run: [DBAgent] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files (x86)\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [RUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C9C74A00-4C30-41A3-985A-A66DE0B0A8C3}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/22 15:11:15 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/22 13:02:12 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Desktop\BComp
[2014/08/22 00:41:16 | 000,000,000 | ---D | C] -- C:\FRST
[2014/08/22 00:33:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/22 00:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/08/21 23:56:13 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/21 23:51:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/08/21 23:51:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/08/21 23:51:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/08/21 23:48:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/08/21 23:48:38 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/08/20 21:37:12 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/08/20 15:38:05 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Lavasoft
[2014/08/20 15:31:41 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\LavasoftStatistics
[2014/08/20 15:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/08/20 15:28:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/08/19 17:12:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/08/19 14:42:42 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\Adobe
[2014/08/14 15:59:12 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\Risen3
[2014/08/14 11:53:17 | 000,000,000 | R--D | C] -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/08/14 03:00:33 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/14 03:00:33 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/14 03:00:33 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/14 03:00:33 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/14 03:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/14 03:00:32 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/14 03:00:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/14 03:00:25 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL
[2014/08/13 13:02:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL
[2014/08/13 13:02:35 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL
[2014/08/13 13:02:31 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/13 13:02:31 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/13 13:02:31 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/13 13:02:31 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/13 13:02:31 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/13 13:02:31 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/13 13:02:29 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32.dll
[2014/08/13 13:02:28 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/08/13 13:02:28 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/08/13 13:02:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/08/13 13:02:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/08/13 13:02:27 | 002,001,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/08/13 13:02:27 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/08/13 13:02:27 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/13 13:02:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/08/13 13:02:27 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/13 13:02:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/08/13 13:02:27 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/08/13 13:02:27 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/08/13 13:02:26 | 002,087,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/08/13 13:02:26 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/08/13 13:02:26 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/08/13 13:02:26 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/08/13 13:02:26 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/08/13 13:02:26 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/08/13 13:02:25 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/08/13 13:02:25 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/08/13 13:02:25 | 000,598,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/08/13 13:02:25 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/08/13 13:02:25 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/08/13 13:02:25 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/08/13 13:02:25 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/08/13 13:02:24 | 005,824,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/08/13 13:02:24 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/08/13 13:02:24 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/08/13 13:02:24 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/08/13 13:02:24 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/08/13 13:02:24 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/08/13 13:02:24 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/08/13 13:02:23 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/13 13:02:23 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/08/13 13:02:23 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/08/13 13:02:06 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/13 13:02:04 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/13 13:02:03 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/13 02:39:24 | 000,000,000 | ---D | C] -- C:\windows\pss
[2014/08/13 02:35:53 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\3DReaperDX
[2014/08/13 02:35:02 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Do not install
[2014/08/13 02:35:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3D Ripper DX
[2014/08/13 02:35:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\3DRipperDX
[2014/08/13 02:30:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Radical Games
[2014/08/12 23:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2014/08/12 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/12 17:41:37 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/12 13:45:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TimeGate Studios
[2014/08/11 16:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/08/11 16:59:22 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/08/11 16:59:21 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/08/11 16:59:21 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/08/11 16:59:21 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/11 16:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/08/10 21:44:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions
[2014/08/05 23:26:51 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890736297204
[2014/08/03 22:04:03 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\Freedom Fighters
[2014/08/03 22:03:35 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/08/03 21:30:47 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890735183092
[2014/08/03 21:29:56 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890735248628
[2014/08/03 21:25:29 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Local\119614890734724340
[2014/08/03 13:00:59 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/08/03 13:00:59 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/08/03 13:00:59 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2014/08/03 13:00:57 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/08/03 13:00:57 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/08/03 13:00:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/08/03 13:00:57 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2014/08/03 13:00:57 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2014/08/03 13:00:57 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2014/08/03 13:00:56 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/08/03 13:00:56 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/08/03 13:00:56 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/08/03 13:00:56 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/07/30 13:30:52 | 000,609,240 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvStreaming.exe
[2014/07/30 13:29:49 | 031,512,520 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglv64.dll
[2014/07/30 13:29:49 | 024,196,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglv32.dll
[2014/07/30 13:29:49 | 022,994,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcompiler.dll
[2014/07/30 13:29:49 | 017,555,104 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvd3dumx.dll
[2014/07/30 13:29:49 | 015,294,296 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcompiler.dll
[2014/07/30 13:29:49 | 013,922,752 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvopencl.dll
[2014/07/30 13:29:49 | 013,835,208 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuda.dll
[2014/07/30 13:29:49 | 011,283,344 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvopencl.dll
[2014/07/30 13:29:49 | 011,222,048 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuda.dll
[2014/07/30 13:29:49 | 004,247,000 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvcuvid.dll
[2014/07/30 13:29:49 | 003,989,960 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvcuvid.dll
[2014/07/30 13:29:49 | 001,890,080 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispco6434052.dll
[2014/07/30 13:29:49 | 001,539,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvdispgenco6434052.dll
[2014/07/30 13:29:49 | 000,944,928 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFR64.dll
[2014/07/30 13:29:49 | 000,907,096 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFR.dll
[2014/07/30 13:29:49 | 000,903,624 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvFBC64.dll
[2014/07/30 13:29:49 | 000,869,152 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvFBC.dll
[2014/07/30 13:29:49 | 000,846,832 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvumdshim.dll
[2014/07/30 13:29:49 | 000,502,232 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvEncodeAPI64.dll
[2014/07/30 13:29:49 | 000,418,760 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvEncodeAPI.dll
[2014/07/30 13:29:49 | 000,391,640 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\NvIFROpenGL.dll
[2014/07/30 13:29:49 | 000,354,016 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvoglshim64.dll
[2014/07/30 13:29:49 | 000,348,120 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\NvIFROpenGL.dll
[2014/07/30 13:29:49 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvoglshim32.dll
[2014/07/30 13:29:49 | 000,166,568 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysNative\nvinitx.dll
[2014/07/30 13:29:49 | 000,146,480 | ---- | C] (NVIDIA Corporation) -- C:\windows\SysWow64\nvinit.dll
[2014/07/26 19:10:58 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Psi-Ops - The Mindgate Conspiracy
[2014/07/26 04:39:40 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\Outlook Files
[2014/07/26 03:58:19 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\Documents\Larian Studios
[2014/07/25 17:10:39 | 000,000,000 | ---D | C] -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2014/07/25 17:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\temp
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\Studio4
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\shaders
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\Roaming
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\DAZ 3D
[2014/07/24 19:55:26 | 000,000,000 | ---D | C] -- C:\AppData
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/22 15:15:36 | 000,028,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/22 15:15:36 | 000,028,944 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/22 15:14:40 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/22 15:14:26 | 000,784,286 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/22 15:14:26 | 000,667,674 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/22 15:14:26 | 000,126,848 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/22 15:08:34 | 005,112,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/08/22 15:08:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/22 15:08:26 | 4270,284,799 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/22 13:40:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/21 23:58:27 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/08/21 23:54:59 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/08/20 18:36:23 | 000,007,600 | ---- | M] () -- C:\Users\Zeyn\AppData\Local\Resmon.ResmonCfg
[2014/08/19 12:59:24 | 000,699,568 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/08/19 12:59:24 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/08/12 23:27:52 | 000,000,637 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 1.2.1.lnk
[2014/08/11 16:59:19 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2014/08/11 16:59:18 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2014/08/11 16:59:18 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2014/08/11 16:59:18 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2014/08/09 01:22:16 | 001,291,280 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspbridge.dll
[2014/08/09 01:22:16 | 001,126,480 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysWow64\nvspcap.dll
[2014/08/09 01:22:05 | 001,715,224 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvspbridge64.dll
[2014/08/09 01:22:05 | 001,283,136 | ---- | M] (NVIDIA Corporation) -- C:\windows\SysNative\nvspcap64.dll
[2014/08/07 03:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/07 03:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/04 16:02:26 | 000,000,132 | ---- | M] () -- C:\Users\Zeyn\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/08/03 14:06:19 | 000,001,501 | ---- | M] () -- C:\Users\Zeyn\Desktop\translation.rtf
[2014/07/25 15:01:41 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/07/25 14:30:30 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/07/25 14:28:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/07/25 14:28:27 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/07/25 14:25:45 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MshtmlDac.dll
[2014/07/25 14:10:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/07/25 14:03:50 | 000,598,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/07/25 14:00:51 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/07/25 14:00:25 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/07/25 13:59:28 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/07/25 13:47:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/07/25 13:40:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/07/25 13:34:49 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/07/25 13:33:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/07/25 13:30:32 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MshtmlDac.dll
[2014/07/25 13:28:15 | 005,824,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/07/25 13:28:05 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/07/25 13:19:18 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/07/25 13:17:33 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/07/25 13:17:26 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2014/07/25 13:12:35 | 000,438,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/07/25 13:10:53 | 000,292,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/07/25 13:10:15 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/07/25 13:08:47 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/07/25 12:47:50 | 000,631,808 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/07/25 12:43:16 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/07/25 12:42:31 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/07/25 12:39:29 | 002,087,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/07/25 12:39:25 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2014/07/25 12:36:30 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/07/25 12:34:04 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2014/07/25 12:07:49 | 002,001,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/07/25 12:07:10 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2014/07/25 11:17:47 | 000,846,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/07/25 11:09:19 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[5 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/21 23:51:31 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/08/21 23:51:31 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/08/21 23:51:31 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/08/21 23:51:31 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/08/21 23:51:31 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/08/21 23:44:45 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/08/20 18:36:23 | 000,007,600 | ---- | C] () -- C:\Users\Zeyn\AppData\Local\Resmon.ResmonCfg
[2014/08/12 22:38:17 | 000,000,637 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 1.2.1.lnk
[2014/08/03 13:58:53 | 000,001,501 | ---- | C] () -- C:\Users\Zeyn\Desktop\translation.rtf
[2014/07/26 18:18:10 | 001,713,152 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xpadder [5.7].exe
[2014/07/25 15:32:21 | 000,001,397 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Origin.lnk
[2014/07/09 22:07:58 | 000,112,640 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2014/06/12 23:53:18 | 000,354,304 | ---- | C] () -- C:\windows\SysWow64\pythoncom27.dll
[2014/06/12 23:53:18 | 000,110,080 | ---- | C] () -- C:\windows\SysWow64\pywintypes27.dll
[2014/06/12 23:53:18 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\pythoncomloader27.dll
[2014/06/08 17:12:40 | 000,004,608 | ---- | C] () -- C:\Users\Zeyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/05/23 04:44:12 | 000,000,132 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Adobe GIF Format CS6 Prefs
[2014/05/12 00:26:08 | 000,280,856 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2014/05/12 00:26:07 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2014/05/10 22:44:07 | 000,000,000 | -HS- | C] () -- C:\Users\Zeyn\AppData\Local\LumaEmu
[2014/02/28 22:08:34 | 000,000,073 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\ScriptStudioLayout.ini
[2014/02/28 22:08:34 | 000,000,031 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\ScriptStudioBookmarks.ini
[2014/02/04 00:21:53 | 000,001,456 | ---- | C] () -- C:\Users\Zeyn\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/01/16 21:41:19 | 000,119,296 | ---- | C] () -- C:\windows\SysWow64\zlib.dll
[2014/01/16 21:41:19 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ADsSecurity.dll
[2014/01/16 21:41:19 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\dxinputdll.dll
[2013/12/07 01:49:29 | 000,000,132 | ---- | C] () -- C:\Users\Zeyn\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/12/02 21:28:48 | 000,188,416 | ---- | C] () -- C:\windows\SysWow64\utv_core.dll
[2013/12/02 21:28:48 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\utv_vcm.dll
[2013/11/18 04:44:12 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2013/11/02 02:19:34 | 000,000,001 | ---- | C] () -- C:\windows\SysWow64\SI.bin
[2013/10/28 22:26:49 | 000,151,552 | ---- | C] () -- C:\windows\SysWow64\nvRegDev.dll
[2013/10/28 22:26:32 | 000,061,440 | ---- | C] () -- C:\windows\SysWow64\nvPhotoshopUtil.dll
[2013/10/28 22:26:32 | 000,040,960 | ---- | C] () -- C:\windows\SysWow64\nvISWOW64.dll
[2013/10/22 11:46:46 | 000,200,704 | ---- | C] () -- C:\windows\SysWow64\HsMgr.exe
[2013/10/22 11:46:46 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\VmixP8.dll
[2013/10/22 11:46:46 | 000,044,950 | ---- | C] () -- C:\windows\Cmicnfgp.ini.cfl
[2013/10/22 11:46:46 | 000,000,049 | ---- | C] () -- C:\windows\SysWow64\cmasiop.ini
[2013/10/22 11:46:45 | 000,000,907 | ---- | C] () -- C:\windows\Cmicnfgp.ini.imi
[2013/10/22 11:46:44 | 000,005,066 | ---- | C] () -- C:\windows\Cmicnfgp.ini.cfg
[2013/10/22 11:46:44 | 000,000,594 | ---- | C] () -- C:\windows\cmudaxp.ini
[2013/10/22 11:22:44 | 000,768,152 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/10/22 11:08:00 | 000,000,051 | ---- | C] () -- C:\windows\smsts.ini
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 1018 bytes -> C:\Users\Zeyn\AppData\Local\SveiCmQhOax:Da6EqJMHdVEx382CQAbub7
 
< End of report >
 
 


#6 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:49 AM

Posted 22 August 2014 - 09:28 AM

Hi,

go on with ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:49 AM

Posted 24 August 2014 - 08:47 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jax765

Jax765
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:49 AM

Posted 24 August 2014 - 09:12 AM

No, as I said before, my problem's been completely resolved. The scan didn't turn up anything new, so I'd say this topic can be closed. Appreciate the help :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users