Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemLook

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemLook

Unread postby CrisG » February 22nd, 2014, 12:49 pm

Edit: Read the post that everyone is supposed to read before posting topic, after having already posted (feel kind of silly for not having seen it), so I'm adding the DDS and Attach files.

Hi,

Within the last day, Skype and several other programs stopped working properly and would freeze and crash. I originally thought it was Skype 6.14 causing the problem, as once it was removed Firefox and other programs started working again, but then the problem persisted when I attempted a Skype call on the newly installed 6.9.

I did a scan using MalwareBytes and it found PUP.bProtector in several files on my PC. I'm actually surprised the cause is a virus since this is the first known major virus that I have had in over 10 years.

Based on http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=62157#.UwjO-IV5FqP, I already went ahead and ran ERUNT, AdwCleaner, OTL, and SystemLook. I will post the results of the ADWCleaner log, OTL.txt, Extras.txt, and SystemLook.txt in separate posts after this one. I came to post since I don't really understand what went into deciding which files should be used in the Custom Scans/Fixes box of OTL.

One thing I wondered is, due to the fact that I have 5 hard drives (C = regular programs, A = normal files, B = steam and game programs, E = pictures, I = Backup for others), are AdwCleaner, OTL, and SystemLook scanning drives other than C?

I also wish I could find out what the source was for the virus, as I have mostly been going to my regular sites.

Thanks for your help.
_________________________________________
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by CRISTINA at 12:13:48 on 2014-02-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12255.9541 [GMT -5:00]
.
AV: COMODO Antivirus *Disabled/Updated* {458BB331-2324-0753-3D5F-1472EB102AC0}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\taskhost.exe
A:\Downloads\AdwCleaner.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
mWinlogon: Userinit = userinit.exe
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} -
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\CRISTINA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0D35918F-046F-42CC-A270-3EA5758CC45E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: 2014-01-07 21:52; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2014-01-07 21:52; {5C655500-E712-41e7-9349-CE462F844B19}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
FF - ExtSQL: 2014-01-07 21:52; autofillForms@blueimp.net; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\autofillForms@blueimp.net.xpi
FF - ExtSQL: 2014-01-14 12:54; {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
FF - ExtSQL: 2014-01-27 15:23; jid1-pFvSABavHgXrRQ@jetpack; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi
FF - ExtSQL: 2014-02-15 22:30; {7b1bf0b6-a1b9-42b0-b75d-252036438bdc}; C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-7 55856]
R1 ArcSec;archlp;C:\Windows\System32\drivers\ArcSec.sys [2012-4-7 312184]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2012-3-11 22736]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2012-3-11 584056]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-9-21 24608]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;C:\Windows\System32\drivers\ladfGSCamd64.sys [2013-4-24 410008]
R3 LADF_RenderOnly;LADF Render Filter Driver;C:\Windows\System32\drivers\ladfGSRamd64.sys [2013-4-24 102808]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-23 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-5-30 64280]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
R3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\System32\drivers\LVUVC64.sys [2012-1-18 4763680]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-2-3 115272]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-29 39200]
S2 bProtector;bProtector;C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe --> C:\ProgramData\bProtectorForWindows\2.6.1519.190\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-2-18 37344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-19 111616]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-4-8 19456]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-4-8 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-4-8 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VASDeviceDrm;Virtual Audio Streaming with Drm (WDM);C:\Windows\System32\drivers\vasdDev.sys [2012-5-17 1454896]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-7 1255736]
S4 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-3-26 49152]
S4 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-4-6 13592]
S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-4-6 133800]
S4 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-12 1593632]
S4 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-12 16939296]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-4-16 39056]
S4 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2013-10-18 16000]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-4-6 2656280]
.
=============== File Associations ===============
.
FileExt: .js: JSFile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5.5\Dreamweaver.exe","%1"
.
=============== Created Last 30 ================
.
2014-02-22 15:34:24 -------- d-----w- C:\AdwCleaner
2014-02-22 11:55:59 -------- d-----r- C:\Program Files (x86)\Skype
2014-02-22 10:20:32 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-19 02:16:24 -------- d-----w- C:\ProgramData\Damned
2014-02-19 02:16:00 -------- d-----w- C:\Python27
2014-02-15 04:03:08 225656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-02-09 08:52:42 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\Mp3tag
2014-02-09 08:52:15 -------- d-----w- C:\Program Files (x86)\Mp3tag
2014-02-08 20:49:11 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AEEF20F2-7FE8-4851-9C8F-3C33B674D688}\offreg.dll
2014-02-07 22:56:34 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\JRT Studio
2014-02-07 22:56:30 -------- d-----w- C:\Program Files (x86)\JRT Studio
2014-02-07 19:52:59 -------- d-----w- C:\Program Files\iPod
2014-02-07 19:52:58 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-07 19:52:58 -------- d-----w- C:\Program Files\iTunes
2014-02-07 19:52:58 -------- d-----w- C:\Program Files (x86)\iTunes
2014-01-29 10:59:13 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-29 10:59:13 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-29 03:12:04 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\uTorrent
2014-01-26 18:01:39 -------- d-----w- C:\Program Files (x86)\VideoLAN
2014-01-24 09:59:47 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\backbeat
2014-01-24 09:59:46 -------- d-----w- C:\Users\CRISTINA\AppData\Local\CrashRpt
2014-01-24 09:59:45 -------- d-----w- C:\Users\CRISTINA\AppData\Roaming\Ascension
.
==================== Find3M ====================
.
2014-02-22 10:19:06 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-22 10:19:06 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-22 13:52:10 206080 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2014-01-22 13:52:10 108800 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2014-01-21 02:53:40 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-19 07:33:29 270496 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 17:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-19 02:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-11 22:26:06 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\SETA17.tmp
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 12:15:13.30 ===============

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 4/6/2012 6:11:20 AM
System Uptime: 2/22/2014 9:55:46 AM (3 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P8Z68-V PRO GEN3
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz | LGA1155 | 1584/100mhz
.
==== Disk Partitions =========================
.
A: is FIXED (NTFS) - 932 GiB total, 235.679 GiB free.
B: is FIXED (NTFS) - 932 GiB total, 594.822 GiB free.
C: is FIXED (NTFS) - 119 GiB total, 25.38 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 932 GiB total, 444.027 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is FIXED (NTFS) - 3726 GiB total, 1312.014 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: High Definition Audio Device
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438410&REV_1003\4&2CB35CC7&0&0001
Manufacturer: Microsoft
Name: High Definition Audio Device
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10438410&REV_1003\4&2CB35CC7&0&0001
Service: HdAudAddService
.
==== System Restore Points ===================
.
RP401: 2/22/2014 3:07:32 AM - Installed Skype™ 6.9
RP402: 2/22/2014 3:17:44 AM - Removed Skype™ 6.9
RP403: 2/22/2014 3:23:57 AM - Installed Skype™ 6.9
RP404: 2/22/2014 3:36:19 AM - Restore Operation
RP405: 2/22/2014 3:43:46 AM - Removed Skype™ 6.11
RP406: 2/22/2014 3:46:00 AM - Installed Skype™ 6.9
RP407: 2/22/2014 4:05:41 AM - Restore Operation
RP408: 2/22/2014 4:56:32 AM - Removed Skype™ 6.11
RP409: 2/22/2014 5:17:07 AM - Installed Java 7 Update 51
RP410: 2/22/2014 5:41:52 AM - Installed Skype™ 6.9
RP411: 2/22/2014 6:09:56 AM - Removed Skype™ 6.9
RP412: 2/22/2014 6:55:48 AM - Installed Skype™ 6.9
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20 (x64 edition)
A Virus Named TOM
Ace of Spades
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe Creative Suite 5.5 Master Collection
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adventures of Shuggy
Age of Empires Online
And Yet It Moves
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Theatre 5
ARMA 2 Dedicated Server
Ascension: Deckbuilding Game
Asmedia ASM104x USB 3.0 Host Controller Driver
Atom Zombie Smasher
Audacity 2.0
Bastion
Batman: Arkham City™
Battle.net
BattlEye for OA Uninstall
BattlEye Uninstall
BIT.TRIP BEAT
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
BIT.TRIP RUNNER
BitTorrent
Botanicula
bProtector for Windows
CameraHelperMsi
Castle Crashers
Cave Story+
Cogs
Comodo Dragon
COMODO GeekBuddy
COMODO Internet Security
Counter-Strike: Source Beta
Crayon Physics Deluxe
DayZ Commander
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
Don't Starve
Dual-Core Optimizer
Dungeon Defenders
Dungeons of Dredmor
DVDFab 8.2.1.0 (07/09/2012) Qt
Electronic Super Joy
erLT
ERUNT 1.1j
Escape Goat
EVGA OC Scanner X 2.0.1
EVGA Precision 2.0.4
FINAL FANTASY XIV - A Realm Reborn
FTL: Faster Than Light
Garry's Mod
GeForce Experience NvStream Client Components
Google Chrome
Google Update Helper
Gratuitous Space Battles
Guacamelee! Gold Edition
Gyazo 2.0.2
Half-Life
Half-Life 2
Half-Life: Source
Hammerfight
HandBrake 0.9.6
Hearthstone
Hewlett-Packard ACLM.NET v1.1.0.0
HOARD
HP FWUpdateEDO2
HP Photosmart 6510 series Basic Device Software
HP Product Detection
HP Update
HPDiagnosticAlert
iCloud
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Network Connections 15.6.25.0
Intel(R) Rapid Storage Technology
iSyncr
iTunes
Jamestown
Java 7 Update 51
Java Auto Updater
JMicron JMB36X Driver
Jolly Rover
Killing Floor
LAME v3.99.3 (for Windows)
Left 4 Dead 2
LIMBO
Logitech Gaming Software
Logitech Gaming Software 8.51
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Machinarium
MagicDisc 2.7.106
Magicka
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Microsoft WSE 3.0 Runtime
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0 Refresh
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Monaco
MotioninJoy Gamepad tool 0.7.0000
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.58
Mumble 1.2.4
NightSky
NVIDIA 3D Vision Controller Driver 332.21
NVIDIA 3D Vision Driver 332.21
NVIDIA Control Panel 332.21
NVIDIA GeForce Experience 1.8.2
NVIDIA Graphics Driver 332.21
NVIDIA HD Audio Driver 1.3.30.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA ShadowPlay 11.10.11
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 11.10.11
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.20
NyxQuest
OpenAL
Orcs Must Die!
Origin
Osmos
osu!
Papers, Please
Papo & Yo
PDF Settings CS5
PixelJunk Eden
Plants vs. Zombies: Game of the Year
Play withSIX
Poker Night at the Inventory
Portal
Portal 2
Psychonauts
PxMergeModule
Q.U.B.E.
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revenge of the Titans
Rosetta Stone Version 3
Sam & Max 101: Culture Shock
Sam & Max 102: Situation: Comedy
Sam & Max 103: The Mole, the Mob and the Meatball
Sam & Max 104: Abe Lincoln Must Die!
Sam & Max 105: Reality 2.0
Sam & Max 106: Bright Side of the Moon
Sam & Max 201: Ice Station Santa
Samorost 2
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard 2.0
Sequence
Shank
SHIELD Streaming
Shroud of the Avatar
Sid Meier's Civilization V
SimCity™
Skype™ 6.9
Small World 2
Software Version Updater
Source SDK
Source SDK Base 2006
Source SDK Base 2007
Source SDK Base 2013 Multiplayer
Source SDK Base 2013 Singleplayer
SpaceChem
Steam
Steel Storm: Burning Retribution
Super Meat Boy
Surgeon Simulator 2013
swMSM
Swords and Soldiers HD
System Shock 2
Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
Team Fortress 2
The Binding Of Isaac
The Clockwork Man
The Clockwork Man: The Hidden World
The Secret of Monkey Island: Special Edition
The Sims™ 3
The Sims™ 3 70s, 80s, & 90s Stuff
The Sims™ 3 Ambitions
The Sims™ 3 Diesel Stuff
The Sims™ 3 Fast Lane Stuff
The Sims™ 3 Generations
The Sims™ 3 High-End Loft Stuff
The Sims™ 3 Late Night
The Sims™ 3 Master Suite Stuff
The Sims™ 3 Outdoor Living Stuff
The Sims™ 3 Pets
The Sims™ 3 Seasons
The Sims™ 3 Showtime
The Sims™ 3 Supernatural
The Sims™ 3 Town Life Stuff
The Sims™ 3 University Life
The Sims™ 3 World Adventures
The Walking Dead
Ticket to Ride
Tomb Raider
Torchlight II
TRAUMA
Trials Evolution Gold Edition
Trine
Trine 2
Tropic Euro
Unstoppable Gorg
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Uplay
VC80CRTRedist - 8.0.50727.6195
Vertex Dispenser
VLC media player 2.1.3
VVVVVV
Warlock - Master of the Arcane
WARP
Windows Live ID Sign-in Assistant
WinRAR 4.20 (32-bit)
Wizorb
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
2/22/2014 9:55:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv91xx
2/22/2014 10:15:00 AM, Error: Service Control Manager [7000] - The bProtector service failed to start due to the following error: The system cannot find the file specified.
2/20/2014 12:03:22 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
2/19/2014 11:39:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.
.
==== End Of File ===========================
Last edited by CrisG on February 22nd, 2014, 1:22 pm, edited 1 time in total.
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm
Advertisement
Register to Remove

Re: Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemL

Unread postby CrisG » February 22nd, 2014, 12:50 pm

# AdwCleaner v3.019 - Report created 22/02/2014 at 10:52:23
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : CRISTINA - CRISTINA-PC
# Running from : A:\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : bProtector

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\System32\Tasks\bProtector
File Found : C:\Windows\Tasks\AmiUpdXp.job
Folder Found : C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\file scout
Folder Found C:\Program Files (x86)\myfree codec
Folder Found C:\ProgramData\bProtectorForWindows
Folder Found C:\ProgramData\IBUpdaterService
Folder Found C:\Users\CRISTINA\AppData\Local\Conduit
Folder Found C:\Users\CRISTINA\AppData\Local\PackageAware
Folder Found C:\Users\CRISTINA\AppData\Local\SwvUpdater
Folder Found C:\Users\CRISTINA\AppData\LocalLow\Conduit
Folder Found C:\Users\CRISTINA\AppData\LocalLow\PriceGong
Folder Found C:\Users\CRISTINA\AppData\Roaming\BabSolution
Folder Found C:\Users\CRISTINA\AppData\Roaming\file scout
Folder Found C:\Users\CRISTINA\AppData\Roaming\Searchprotect
Folder Found C:\Windows\SysWOW64\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\5253ddd1e734ef12
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\caphyon
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\mysearchdial.com
Key Found : HKCU\Software\visualbee
Key Found : HKCU\Software\Zugo
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\caphyon
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\Iminent
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\mysearchdial.com
Key Found : [x64] HKCU\Software\visualbee
Key Found : [x64] HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\5253ddd1e734ef12
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\caphyon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InfoAtoms
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\Software\Updater By Sweetpacks
Key Found : HKLM\Software\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dn ... 162148&ir=

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\prefs.js ]


-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [15514 octets] - [22/02/2014 10:34:45]
AdwCleaner[R1].txt - [15193 octets] - [22/02/2014 10:52:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [15254 octets] ##########
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemL

Unread postby CrisG » February 22nd, 2014, 12:50 pm

OTL logfile created on: 2/22/2014 11:09:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = A:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.97 Gb Total Physical Memory | 7.92 Gb Available Physical Memory | 66.15% Memory free
12.97 Gb Paging File | 8.93 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): c:\pagefile.sys 1024 10240 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 25.39 Gb Free Space | 21.31% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 444.03 Gb Free Space | 47.67% Space Free | Partition Type: NTFS
Drive I: | 3726.01 Gb Total Space | 1312.01 Gb Free Space | 35.21% Space Free | Partition Type: NTFS

Computer Name: CRISTINA-PC | User Name: CRISTINA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/02/22 10:39:01 | 000,075,264 | ---- | M] () -- A:\Downloads\SystemLook.exe
PRC - [2014/02/22 10:35:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- A:\Downloads\OTL.exe
PRC - [2014/02/22 10:34:09 | 001,241,834 | ---- | M] () -- A:\Downloads\AdwCleaner.exe
PRC - [2014/02/12 19:36:25 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2014/02/22 10:39:01 | 000,075,264 | ---- | M] () -- A:\Downloads\SystemLook.exe
MOD - [2014/02/22 10:34:09 | 001,241,834 | ---- | M] () -- A:\Downloads\AdwCleaner.exe
MOD - [2014/02/12 19:36:40 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/01/20 21:55:35 | 016,939,296 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/11/26 04:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/07 18:37:39 | 002,828,408 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/11/23 05:27:10 | 001,267,000 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV:64bit: - [2010/08/12 14:00:20 | 000,133,800 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/01/20 21:55:50 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/19 12:20:16 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/12/03 21:51:18 | 000,569,768 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/18 22:36:28 | 000,016,000 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/06/18 09:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/13 17:24:08 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/04/23 17:28:00 | 004,784,312 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/03/26 01:16:45 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/02/22 11:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 11:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/01/22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/01/22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/12/27 13:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/11/28 08:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/05/30 11:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2013/04/24 16:56:50 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2013/04/24 16:56:50 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/07 18:37:57 | 000,022,736 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/09/21 14:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/09/21 14:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 14:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/25 10:26:34 | 000,115,272 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012/03/19 14:12:38 | 001,454,896 | ---- | M] (ShiningMorning Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vasdDev.sys -- (VASDeviceDrm)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/28 21:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/09/14 16:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 16:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/21 08:07:08 | 000,312,184 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ArcSec.sys -- (ArcSec)
DRV:64bit: - [2010/09/21 01:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/08/10 04:29:15 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/11/23 19:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/23 19:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/08/21 00:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2013/02/05 03:54:40 | 000,037,344 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dn ... 162148&ir=
IE - HKLM\..\SearchScopes,DefaultScope = {DF343BF4-A8D3-427C-B9CC-5A133435EF4C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={0BBE418D-8636-11E2-B65A-C8600032FF3B}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 B0 9A 10 B1 2F CF 01 [binary data]
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..\SearchScopes,DefaultScope = {78F487CD-E45C-4604-83D0-A608FEAD7D5C}
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..\SearchScopes\{78F487CD-E45C-4604-83D0-A608FEAD7D5C}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B5C655500-E712-41e7-9349-CE462F844B19%7D:1.0
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B7b1bf0b6-a1b9-42b0-b75d-252036438bdc%7D:7.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/01/16 02:26:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/05/26 13:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/05/26 13:45:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/02/14 23:03:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension

[2012/04/07 03:51:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Extensions
[2014/02/15 22:30:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions
[2014/01/07 21:52:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/01/07 21:52:15 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\autofillForms@blueimp.net.xpi
[2013/12/19 09:15:25 | 000,002,060 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\exportcookies@aag.xpi
[2014/01/27 15:23:19 | 000,384,199 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\jid1-pFvSABavHgXrRQ@jetpack.xpi
[2014/01/07 21:52:15 | 000,151,038 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
[2014/02/15 22:30:19 | 000,061,649 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi
[2013/12/19 09:14:12 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
[2014/01/14 12:54:17 | 000,019,530 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi
[2013/12/22 05:03:55 | 002,966,066 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{c7b3cf78-9cbc-47b9-ba47-bb84a56069dd}.xpi
[2014/01/16 18:18:37 | 000,940,775 | ---- | M] () (No name found) -- C:\Users\CRISTINA\AppData\Roaming\Mozilla\Firefox\Profiles\lfmy7272.default-1386890980920\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/22 05:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/22 05:20:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Google Docs = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google Search = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: *Click2Clear History* = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\dckmogldcieahpaljopelnchhidcfhac\0.0.17_0\
CHR - Extension: Delta Toolbar = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.5.1_0\
CHR - Extension: RealDownloader = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0\
CHR - Extension: Skype Click to Call = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Wallet = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: AT_Yulia = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\onomgjhiigbnmhkghhpgdojopdlhddbe\2_0\
CHR - Extension: Gmail = C:\Users\CRISTINA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/12/05 01:53:50 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3706433607-4152841657-1845436021-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D35918F-046F-42CC-A270-3EA5758CC45E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261519~1.190\{eab34~1\protec~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/16 17:33:30 | 000,000,040 | -H-- | M] () - I:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{67e88340-7fe9-11e1-81ef-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{67e88340-7fe9-11e1-81ef-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/22 10:34:24 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/22 10:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2014/02/22 10:31:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2014/02/22 06:56:04 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\Skype
[2014/02/22 06:55:59 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014/02/22 06:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/02/22 06:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2014/02/22 06:05:31 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\Documents\lizenrae
[2014/02/22 05:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/02/22 05:14:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/02/22 03:17:01 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\Desktop\lizenrae
[2014/02/22 03:16:54 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\Desktop\Pictures
[2014/02/18 21:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Damned
[2014/02/18 21:16:00 | 000,000,000 | ---D | C] -- C:\Python27
[2014/02/14 23:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/09 03:52:42 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\Mp3tag
[2014/02/09 03:52:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
[2014/02/09 03:52:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mp3tag
[2014/02/07 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\Documents\JRT Studio
[2014/02/07 17:56:34 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\JRT Studio
[2014/02/07 17:56:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRT Studio
[2014/02/07 17:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JRT Studio
[2014/02/07 14:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/02/07 14:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/02/07 14:52:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/02/07 14:52:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/02/07 14:52:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/01/29 05:59:13 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/01/29 05:59:13 | 000,033,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/01/28 22:12:04 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\uTorrent
[2014/01/26 13:06:45 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\vlc
[2014/01/26 13:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/01/26 13:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2014/01/24 04:59:47 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\backbeat
[2014/01/24 04:59:46 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Local\CrashRpt
[2014/01/24 04:59:45 | 000,000,000 | ---D | C] -- C:\Users\CRISTINA\AppData\Roaming\Ascension
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/22 11:05:49 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2014/02/22 10:52:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/22 10:31:09 | 000,001,108 | ---- | M] () -- C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/02/22 10:31:03 | 000,000,909 | ---- | M] () -- C:\Users\CRISTINA\Desktop\ERUNT.lnk
[2014/02/22 10:01:11 | 000,035,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 10:01:11 | 000,035,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/22 10:00:10 | 000,819,494 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/22 10:00:10 | 000,687,972 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/22 10:00:10 | 000,132,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/22 09:56:11 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2014/02/22 09:56:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/22 09:56:05 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2014/02/22 09:55:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/22 08:51:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000UA.job
[2014/02/22 06:55:59 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/22 05:19:06 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/22 05:19:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/22 04:47:28 | 000,277,346 | ---- | M] () -- C:\Users\CRISTINA\Desktop\bookmarks.html
[2014/02/22 04:47:21 | 000,188,710 | ---- | M] () -- C:\Users\CRISTINA\Desktop\bookmarks-2014-02-22.json
[2014/02/20 00:03:41 | 000,023,071 | ---- | M] () -- C:\Users\CRISTINA\Documents\tangled.pdf
[2014/02/14 14:51:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3706433607-4152841657-1845436021-1000Core.job
[2014/02/07 18:23:05 | 000,184,150 | ---- | M] () -- C:\Users\CRISTINA\Desktop\bookmarks-2014-02-07.json
[2014/02/07 16:54:17 | 000,189,148 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/07 14:53:15 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/06 15:29:58 | 000,031,947 | ---- | M] () -- C:\Users\CRISTINA\Documents\L.class.gif
[2014/02/03 15:20:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/01/26 12:32:46 | 000,000,857 | ---- | M] () -- C:\Users\CRISTINA\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/22 10:31:09 | 000,001,108 | ---- | C] () -- C:\Users\CRISTINA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/02/22 10:31:03 | 000,000,909 | ---- | C] () -- C:\Users\CRISTINA\Desktop\ERUNT.lnk
[2014/02/22 06:55:59 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/02/22 05:14:03 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/22 04:47:27 | 000,277,346 | ---- | C] () -- C:\Users\CRISTINA\Desktop\bookmarks.html
[2014/02/22 04:47:20 | 000,188,710 | ---- | C] () -- C:\Users\CRISTINA\Desktop\bookmarks-2014-02-22.json
[2014/02/20 00:03:41 | 000,023,071 | ---- | C] () -- C:\Users\CRISTINA\Documents\tangled.pdf
[2014/02/07 18:23:05 | 000,184,150 | ---- | C] () -- C:\Users\CRISTINA\Desktop\bookmarks-2014-02-07.json
[2014/02/07 16:54:17 | 000,189,148 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2014/02/07 14:53:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/02/06 15:29:58 | 000,031,947 | ---- | C] () -- C:\Users\CRISTINA\Documents\L.class.gif
[2014/01/07 21:51:14 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2013/12/19 07:15:13 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2013/03/07 19:04:20 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2013/02/18 11:41:16 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/02/18 11:41:16 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/10/28 14:56:36 | 000,001,456 | ---- | C] () -- C:\Users\CRISTINA\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/10/28 14:41:53 | 000,000,132 | ---- | C] () -- C:\Users\CRISTINA\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/09/21 20:25:13 | 000,009,294 | ---- | C] () -- C:\Users\CRISTINA\AppData\Roaming\Microsoft Access 97-2003.EML
[2012/09/21 20:14:48 | 000,038,412 | ---- | C] () -- C:\Users\CRISTINA\AppData\Roaming\Comma Separated Values (Windows).ADR
[2012/09/21 17:06:47 | 000,011,264 | ---- | C] () -- C:\Users\CRISTINA\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/21 14:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 14:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 14:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012/08/28 09:04:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/08/28 09:04:34 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/08/28 09:04:34 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/08/28 09:04:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/04/22 00:01:12 | 000,007,601 | ---- | C] () -- C:\Users\CRISTINA\AppData\Local\Resmon.ResmonCfg
[2012/04/21 15:13:59 | 000,000,132 | ---- | C] () -- C:\Users\CRISTINA\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/04/10 17:33:47 | 000,000,096 | ---- | C] () -- C:\Users\CRISTINA\AppData\Local\fusioncache.dat
[2012/04/07 05:46:20 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/04/07 05:25:29 | 000,811,616 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/06 05:30:48 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/06 05:30:42 | 000,030,672 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/07 07:15:05 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\.keys
[2013/02/13 17:32:23 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\.minecraft
[2014/01/23 09:20:28 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\.mono
[2013/12/01 06:26:34 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\3909
[2014/01/24 04:59:48 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Ascension
[2013/01/25 04:22:28 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\AtomZombieData
[2014/02/10 15:45:29 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Audacity
[2013/05/26 19:40:01 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\BabSolution
[2014/01/24 04:59:47 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\backbeat
[2013/11/28 07:55:37 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Battle.net
[2014/01/28 22:14:55 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\BitTorrent
[2013/12/11 03:11:58 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Braid
[2012/04/22 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Brawsome
[2012/04/18 02:48:05 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Broken Rules
[2013/12/19 09:06:47 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/04/07 04:15:36 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/04/18 03:19:08 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Crayon Physics Deluxe
[2013/03/06 03:15:26 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\DAEMON Tools Lite
[2012/04/07 06:41:47 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Digiarty
[2012/08/21 23:55:23 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Downloaded Installations
[2012/07/19 10:44:42 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Endless Fluff Games
[2013/03/04 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\File Scout
[2012/04/07 07:15:23 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\FreeSmith
[2013/10/18 11:16:39 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Guild Wars 2
[2013/12/20 02:15:10 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Gyazo
[2013/02/13 15:00:02 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\HandBrake
[2014/02/10 17:34:43 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\JRT Studio
[2012/04/18 04:08:25 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Lazy 8 Studios
[2013/12/07 21:51:46 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Leadertech
[2012/05/11 00:23:27 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\LolClient
[2013/12/04 13:21:38 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\LucasArts
[2013/02/23 16:00:09 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Media Mushroom Limited
[2013/02/03 02:12:16 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\MotioninJoy
[2014/02/10 17:23:13 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Mp3tag
[2014/02/09 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Mumble
[2012/04/18 00:00:12 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Nicalis
[2013/07/10 16:38:24 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Oracle
[2013/06/12 03:47:35 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Origin
[2012/06/13 23:14:47 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\PACE Anti-Piracy
[2012/11/23 07:05:24 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Play withSIX
[2013/12/11 04:02:55 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Samsung
[2013/12/16 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Seagate
[2013/04/18 18:51:02 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\SearchProtect
[2013/05/08 02:38:45 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\SplitMediaLabs
[2012/12/28 18:23:23 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/07/15 21:53:47 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Stardock
[2012/05/19 20:27:10 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Total Eclipse
[2012/10/06 21:36:15 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\Trine2
[2014/01/29 05:57:20 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\uTorrent
[2013/01/25 09:00:31 | 000,000,000 | ---D | M] -- C:\Users\CRISTINA\AppData\Roaming\VertexDispenser

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\Users\CRISTINA\AppData\Roaming\Microsoft Access 97-2003.EML:OECustomProperty
@Alternate Data Stream - 1270 bytes -> C:\Users\CRISTINA\AppData\Local\Temp:VESB8DjtstUM97dt89NnrWA
@Alternate Data Stream - 1199 bytes -> C:\Users\CRISTINA\AppData\Local\Temp:SY0xj4YJ7cRVCzQZfVGIdFLt93

< End of report >
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemL

Unread postby CrisG » February 22nd, 2014, 12:51 pm

OTL Extras logfile created on: 2/22/2014 11:09:29 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = A:\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.97 Gb Total Physical Memory | 7.92 Gb Available Physical Memory | 66.15% Memory free
12.97 Gb Paging File | 8.93 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): c:\pagefile.sys 1024 10240 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 25.39 Gb Free Space | 21.31% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 444.03 Gb Free Space | 47.67% Space Free | Partition Type: NTFS
Drive I: | 3726.01 Gb Total Space | 1312.01 Gb Free Space | 35.21% Space Free | Partition Type: NTFS

Computer Name: CRISTINA-PC | User Name: CRISTINA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\CRISTINA\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\CRISTINA\AppData\Roaming\File Scout\filescout.exe" /open "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E26A8-FA9B-4D9E-AD28-9696CE7178AF}" = rport=139 | protocol=6 | dir=out | app=system |
"{0366878D-F05A-472D-B32B-B65F96D1B04E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{067D0133-D4DD-488E-80D1-4EB4E0413AF8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{0692E24B-C3FC-4891-B9BA-C4A68D8DDA12}" = lport=445 | protocol=6 | dir=in | app=system |
"{06F13BA7-4301-4729-BB41-89826F5CB59E}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{0E35BBF1-2F4D-4E30-B00E-5E3C51FD4C4D}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{106B5169-55C8-4D5D-A075-E1EBDA7966E1}" = rport=138 | protocol=17 | dir=out | app=system |
"{117133C1-924E-4009-9530-0FD79B64D2B8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{188E9BB0-E6F4-41CB-B539-364213B41922}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{1977857A-B334-4305-82FB-3FFA9CC35998}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1A9FB79A-6978-412F-9370-A651C9E8CA40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1ED2A1D4-3D0F-4036-B981-D4ED3800456D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2110D9DE-2FE4-4080-A75C-07846FACB02F}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{256EB21A-2825-4BD0-8BD8-38E562F7735A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{281E0075-5E3E-40F7-AEF5-E8FD58C7FA42}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3750469B-86D3-4A9C-AC56-E5BD634FA8AE}" = lport=137 | protocol=17 | dir=in | app=system |
"{39F9AC37-CFA5-4211-AFBD-B4F1A93E4D75}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{3B752D68-D243-4C76-9116-C1CD5045BBE9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{3D715448-475D-4D82-ADD7-E062AA17EBE9}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{3F379D64-B3FA-4EAE-A276-1AA3301A501E}" = lport=7935 | protocol=6 | dir=in | name=adobe flash builder 4.5 |
"{3F4C3138-0373-4C05-BC5E-26012E73ECD6}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{44D264BC-2A92-42DB-BCDE-434A3B6AC27F}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{5235F2E9-C08B-4E3A-953A-1BF7D4F39F6B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5A22F0B1-316D-468A-928B-244C0FF081DC}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{5F08E568-AFF5-4D61-B74A-8B6CA7E2460E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{613EC027-7DDB-48DE-A9B2-4059C36DDFCA}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{65AFD01D-B1DC-40D9-88ED-4B9C1C185B09}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7A64E8CA-E096-4454-88A1-5445D777E7E4}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7C737FE9-E1AC-491C-BCAB-D3CE982C90B6}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{8561DF7C-7A42-42BB-8FBE-243DD1F899CD}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{98A3C548-B8E2-42EB-B27D-CCFD306DE3B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A42B55C-962F-401E-A766-EB310552468F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9CAEA798-54B2-4222-AC84-A40881ED6D81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FF9479A-3658-45B6-B3A4-98B4E2A586E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A7033BAB-574F-4632-8D19-14806E0FF242}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BB00EC20-4E21-4081-BE63-093CE7A8E756}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BB3113B5-13B8-40D6-A336-C4640E3DC8FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{C1085952-67AE-47BD-90A5-B8362657B770}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C3F8E33E-0E7A-4D1D-91A6-706DC062AD22}" = rport=445 | protocol=6 | dir=out | app=system |
"{CA54EBD6-CF6B-48F5-A0CA-0B14A0E0C72D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D56E5747-412E-445C-8088-91F7E9DB1741}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{D89A97C9-E9C8-49FE-97B7-359DFB767154}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{D8A99E55-802C-4CF7-8696-0749D8BC88C4}" = lport=138 | protocol=17 | dir=in | app=system |
"{DBBDDE71-05AE-49F6-8948-6C2C2A9C7B54}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{DFE0DA9C-51A9-42BC-A95E-5BA3D5B4D24C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E0A424E4-3222-434A-935B-0654B3F4286C}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{E5C24FCA-821D-466C-9A56-E3E111D84402}" = rport=137 | protocol=17 | dir=out | app=system |
"{F60B1C97-1743-4E2A-8273-4E4F7C06F835}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F63D26E1-E03F-4FC1-939F-1C4D32AAE839}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F6930381-CB0B-4823-92F1-88CDEDC42B39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016382E1-E3F5-4005-AC0A-17298EE09868}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{01886FA9-24AA-467F-B237-2BD81C122171}" = protocol=6 | dir=in | app=c:\users\cristina\appdata\roaming\bittorrent\bittorrent.exe |
"{01C5F131-9D75-46FF-A43D-C7CBA68C9A37}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\source sdk base 2013 multiplayer\hl2.exe |
"{02C9A2F7-AE30-4C24-A91E-ABD12DBC9D79}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{0408F4D1-17EA-40C4-8A81-63E5BB1FB0D4}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{043F6D88-D0E9-4553-BE5F-89B753DDE58B}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{056A40D4-CA4F-4F43-861C-9499D8E5153B}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\the clockwork man 2\the clockwork man - the hidden world.exe |
"{0618F0DA-DDDF-4B5C-ABD2-8C6D66118A1E}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{0717EDD4-3D90-4EEC-86A4-B5A9F1D69D48}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{0718B0A2-05AA-451B-B1CA-C82A2CD835C0}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\machinarium\machinarium.exe |
"{0ADB4F46-7314-47FE-A872-7F4A46F48DA7}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe |
"{0ADB953B-5A1A-4A6E-A1F3-78844CCC27B7}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sourcesdk\bin\sdklauncher.exe |
"{0C822E32-511F-40E5-B232-2C292B9972C8}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{0E008DDB-0947-4F43-BCF8-3773056086C7}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\cave story+\cavestory+.exe |
"{1010FBB6-589D-4048-9EEA-B837828DBB6D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{11517FC2-965C-4905-98B2-E131B8985C6D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\damned\damned.exe |
"{11539564-F39E-4185-80E7-00A0C1DFD665}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{13E16228-8B6D-4C60-9CA5-3CBC0F4E8083}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{151AFA99-0A79-48AB-BDDE-F86E21417F6F}" = protocol=17 | dir=in | app=b:\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{159A2575-0869-4A83-B418-76D3A33B4DC2}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\trauma\trauma.exe |
"{16C59FC9-B29D-41D3-BB0D-F65811904748}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\osmos\osmos.exe |
"{170FD040-EFD7-4477-B27B-B1B70A8628D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{1711D762-ECC3-4453-95BA-AB23F4960BAB}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{17745F22-D734-4616-A428-8C4B82BDD8DB}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\bittriprunner2\runner2.exe |
"{18F85217-9DF6-4C55-9F62-37ED657D6269}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\age of empires online\aoeonline.exe |
"{192F6FA4-FABF-4181-9B2A-011C35788277}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{19BECFB8-42FD-4926-8A55-AF03BFC9D6DF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\castlecrashers\castle.exe |
"{1AF53BF4-A4FB-4667-BD2D-DEE00AF25BAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1B31EE11-D261-4455-B115-E94C85E931F8}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\hoard\win32\reuben.exe |
"{1B320E79-2F98-4A4F-812B-B1C34576D72D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{1C34E278-B776-44DC-8912-927339D79159}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\jamestown\jamestown.exe |
"{1C54E7A2-4373-407A-8661-B7813D322F4C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{1CB433F8-C8F9-4F85-BB5C-5C6948E975CD}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{1D46C377-00D2-4BCE-8339-8150044FFEE6}" = dir=out | app=a:\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{1DB517CC-CB47-4F89-956F-22547AC8FF40}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\samorost 2\samorost2.exe |
"{1DB6AA3F-91D2-403F-A2CA-BF318E5FFEAE}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\bit.trip beat\beat.exe |
"{1DF20596-3B99-4B05-B171-D7E8E9ACD07B}" = protocol=17 | dir=in | app=b:\origin games\simcity\simcity\simcity.exe |
"{206BB5C6-3424-4466-AA9E-92EC6C86F95B}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max episode 3\sammax103.exe |
"{23F409A3-5DE9-442C-A10F-46C388D77739}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2492674A-C64C-4567-8644-6D69A0D144DF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\garrysmod\hl2.exe |
"{2590508C-1349-42B4-85DA-27537915BF4F}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\guacamelee\guac.exe |
"{26A7255A-329E-492A-BD4C-BC9B1899A227}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{26F312A9-8C91-4397-B0F0-DA99C3EB0021}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\garrysmod\hl2.exe |
"{27B1DCEF-8A1B-42F6-928A-A0A87975D0AF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\botanicula\botanicula.exe |
"{2A8E1F5A-236C-481C-86B8-3FDC35750675}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe |
"{2C38DD3E-82A0-49A5-A353-D7231140C733}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max episode 4\sammax104.exe |
"{2E844B22-3F22-405E-ADCD-4475DA38BAD9}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2EA7DAC7-2B39-44CE-9097-EE1FD2E300AC}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\shank\bin\shank.exe |
"{2F0A9DFD-F7C4-46FD-B836-4C1A559E538F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{306841A3-61E7-47AF-8CDF-D8DE8E2618DB}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{3133CD17-855C-498A-B78D-8E3A930D0622}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31BD2620-03CE-41B8-91BF-83A4C9A423EA}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe |
"{324CC70F-2F4A-4209-86B6-A7DFE4FFF1FD}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\damned\damned.exe |
"{32D67427-A5E7-49DB-9122-04DA761F24B5}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max season 2 episode 1\sammax201.exe |
"{34C98FE9-0426-443D-9B14-2CABC2D1BBBB}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{34DFB40B-C7DC-4102-B4B8-58D0CD388E9E}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max episode 5\sammax105.exe |
"{34E0CAA0-7CBC-43D2-8A22-29970A8D53EE}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{3523687E-8A67-4CFF-9279-75F9BBC6BCCA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{36297D47-9774-4ED0-91EB-AA193121642E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{37217C5C-34E1-43FF-94AB-D774723167D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38B15472-84A0-43D6-ADA2-8CB61043A20B}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |
"{396DA1EA-99DA-4440-95B7-14BF2476352B}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{39F33FBC-9863-49BB-A772-3630F1103A3D}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{3BD542BF-0BEB-47C8-94AB-B7A5022792B0}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\psychonauts\psychonauts.exe |
"{3BEBD3D4-D256-4647-9E6D-1C4202C1E510}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{3CB9A66B-9341-4369-825A-0A0CF1267FD5}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{3D7C80E6-E40B-4B85-9E06-79C94C951C4A}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{3E039F3F-DBDD-4DD6-B551-98539EE01705}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{3E58555F-2956-431F-803B-AB5730AE561A}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\source sdk base\hl2.exe |
"{3FEEE261-0F34-4327-9524-840D649DF5C9}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\hammerfight\hammerfight.exe |
"{41360175-05BC-4A15-9AA0-240BFF669901}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{419E3182-F587-4E63-8C0E-CD22D5DD87B5}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{42E9DD58-4C19-49A6-834B-23128607490A}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\wizorb\wizorb.exe |
"{433DEDFF-8C9C-4695-A5F4-D0E0B80E60A2}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\pixeljunkeden\eden.exe |
"{443A882B-9D69-4451-9442-2EE61C87E80B}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max episode 3\sammax103.exe |
"{46CB1AB2-6164-49CA-8D7B-BA87AF87874E}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{46DDD217-ECD5-402B-A638-2E1881BCBE62}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{49569DDC-3131-4A55-8485-EFFAFD6372BC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49F2C6A0-270C-456C-B1D9-1FBD4580DE67}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{4B35C2C3-DC8C-4371-A7AB-29052C54FFB3}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\unstoppable gorg\unstoppable_gorg.exe |
"{4CCC2DF7-596F-4272-B4BC-475A8E3929EF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4F2F6219-9677-4B68-9B87-4EE194B18A01}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2391\agent.exe |
"{506A7B47-7576-426F-9B94-0DB86FD0A86F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\qube\binaries\win32\qube.exe |
"{5090BEA6-CF54-4997-B6E6-0A8C0E3351C1}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{50E97252-02BC-453C-AA48-A023B2938884}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{51556F52-205B-4DF7-9BC9-64EBE5BE647E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\warp\binaries\win32\warp.exe |
"{51AE3CE4-906E-414E-AE41-C38FC9781DB7}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\smallworld2\sw2executable.app\contents\win32\sw2executable.exe |
"{52F9A9D6-B4D7-45B4-9569-1AAA16EBB9D7}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{53B7BB1A-7780-44BD-B617-8FFB40332782}" = protocol=6 | dir=in | app=b:\origin games\simcity\simcity\simcity.exe |
"{54CAB34B-6D83-46A7-9C28-688B8F4E8464}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\cogs\cogs.exe |
"{5543C561-E953-47E7-8C24-F8FB374C338F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\the clockwork man\the clockwork man.exe |
"{560A48F8-C9FF-4813-9E3E-CCF086282D52}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\half-life\hl.exe |
"{56C28E43-9DBB-488D-9372-ED8935C2F166}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{56D27D46-D23D-4D09-8390-80400451874D}" = dir=in | app=a:\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{572F78A0-8873-4605-95F4-ED49BF2051AF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\support\ino_co_com.url |
"{57CB621E-B00E-427F-BBB0-1C6649C8B51F}" = protocol=17 | dir=in | app=c:\users\cristina\appdata\roaming\bittorrent\bittorrent.exe |
"{57FA036F-ED07-4E28-8593-0D3382331F8E}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\source sdk base 2013 singleplayer\hl2.exe |
"{582C41B5-4121-46B6-A872-DC575D20B42E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\jamestown\jamestown.exe |
"{588F1346-895A-481A-B6DA-5449422238F8}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{594383A3-ACCF-4F21-B249-B3941B22E2BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{59981144-D138-4D7E-83DF-87E80D542806}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{5B0C37AD-7595-44D9-A53E-F0FE01EAE1FD}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sequence\sequence.exe |
"{5BAFA234-C9A7-4618-966E-5E4E7FD27B18}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\papersplease\papersplease.exe |
"{5BC5639A-5CDC-47AB-BC69-F0AECB9C03F5}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\vvvvvv\vvvvvv.exe |
"{5C3EE72F-20E8-4E4B-90E0-15F60E357018}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\trauma\trauma.exe |
"{5C53F514-DF2B-4A05-8639-72BDA2858C93}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\nyxquest kindred spirits\nyxquest.exe |
"{5CC0A8E4-D8B3-44E7-9AF7-571C849FAD0C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\papersplease\papersplease.exe |
"{5CE1A0FC-45CE-48BB-837E-6387DC08B3F9}" = protocol=6 | dir=in | app=b:\battle.net\battle.net.exe |
"{5CF44E13-12EB-4F5A-AF89-1353A6DC7C82}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe flash builder 4.5\flashbuilder.exe |
"{5E521137-0776-4552-9E3C-B64DBA3EA624}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{5F0DDD52-4D5F-4856-B41F-ADC8DB39207B}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max episode 1\sammax101.exe |
"{60E1A946-8D4A-441C-B3AA-C0EF5523FE64}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\spacechem\spacechem.exe |
"{6481ADC2-FDE9-453A-9608-2067DCC512C9}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe |
"{67C36E05-DFED-42B3-8570-D10A5208566D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{67EBD678-9695-41CD-8128-3E64AA20EDC9}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\game.exe |
"{6939B5E5-330D-414D-9625-53B3CEB97F17}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
"{69EE5312-F656-464F-A9D0-C8C660791F62}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{6AE8ED49-D6EF-42EA-9D82-744818FEBE7A}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{6B9473E2-FFA5-4FCD-A4EE-92AC0F935FC7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B9A0FD0-ACAF-46EA-9205-D67A9E94B476}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\trine 2\trine2_launcher.exe |
"{6D1AC942-75D1-4C37-8179-9E014E3013BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6DBCF823-B21F-405B-9C47-2E7587BA76EA}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{6E53DD51-F3A1-4CB0-8D79-DE10F041BDD0}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe |
"{6F263FA3-0394-48C3-B08B-ABAADBC058C1}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\the binding of isaac\isaac.exe |
"{6F32D7E1-B422-410B-A50C-7A7EC23803F5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6FA05EE8-15CF-4BE9-AB53-32C37977CAD7}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{6FE12F0E-9309-4413-B690-9910D561C949}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\source sdk base 2013 multiplayer\hl2.exe |
"{702A4B1B-42F9-4E7D-B8B9-28B2949039A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7069EB55-995F-4B14-BCE9-4B5239F33AAA}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\magicka\magicka.exe |
"{72832D74-1327-470D-82DC-66D5443ACD0D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max episode 4\sammax104.exe |
"{73F2DBFE-30C4-456E-8CF6-EA6A72DE95BC}" = protocol=17 | dir=in | app=b:\battle.net\battle.net.exe |
"{74B78D14-ED87-4DF1-BF37-32C61BA9D9E0}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{74E3BC78-D40D-4AE5-AACE-DBC700B9CE68}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\source sdk base\hl2.exe |
"{751864E1-E4D2-4F65-8CEB-72C6F204AF8E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{751A8F33-4735-406A-AF3A-D5262F3FF0A5}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\arma 2\arma2server.exe |
"{75ACD78E-13B3-42DB-806C-C3EFA173041E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\bit.trip runner\runner.exe |
"{7634F84C-15CC-4D3E-9B84-7F675177C973}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\steelstorm\steelstorm.exe |
"{76D95DE7-EA33-440E-A198-B09F87DDBB6F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\surgeon simulator 2013\ss2013.exe |
"{76EBD576-9D32-4447-83E0-B58522EDDCDD}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{76F48B3F-1450-451B-AC18-6AE4679ADC7F}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{770CA414-35C6-4771-A73B-0E9FB4D5F78B}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{770F7ABA-0DE9-474D-8DA3-2FE8542445AF}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\vertex dispenser\vertex dispenser.exe |
"{77214BF1-70AF-4230-87DF-37D428987E5D}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{77B6EB8F-2EDA-48E8-A1F0-54F5F58EC225}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\on the rain-slick precipice of darkness - episode one\rainslickep1.exe |
"{785DBB59-F03F-47AF-8806-D4044278DCD1}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{797034BB-A158-4880-9B25-981B81C29141}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{79CE3C73-E227-4EAA-A74B-1BF9E837B2FE}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{7AF50B11-4EC1-4C29-B8B1-548292D030F1}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\hoard\win32\reuben.exe |
"{7D04446D-849A-4DDD-B1F1-4338DF921025}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\half-life 2\hl2.exe |
"{7D969282-AD96-4B7C-9826-777F5D36933E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\nightsky\nightsky.exe |
"{7E98F2FB-3995-4D66-A09A-530EFB1A95C8}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\aceofspades\aos.exe |
"{7ED4CFB8-9752-403D-A75F-00A56C578673}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\bit.trip runner\runner.exe |
"{7F422FEC-33DA-4026-BB49-9D563D2E5C5D}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\the clockwork man 2\the clockwork man - the hidden world.exe |
"{8067052C-718E-42D5-8C55-C0E7D0334535}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\ftl faster than light\ftlgame.exe |
"{807522C5-07ED-4136-A871-83B7DDF64343}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\the clockwork man\the clockwork man.exe |
"{81D3908F-1754-41EC-81A8-BD865929EE6E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\orcs must die!\build\release\orcsmustdie.exe |
"{83129620-4F67-44BE-A4AA-FA4E3368831C}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\nightsky\nightsky.exe |
"{83B9C0EE-5B73-47C7-8C0C-4565ED78ABA5}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\dungeons of dredmor\dungeons of dredmor.exe |
"{85D9A083-6BF9-43D8-A3FB-F1201853C61D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sequence\sequence.exe |
"{865FF314-59A0-4B1A-B994-D98B844A7848}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{8696B5C3-68E9-42B0-A963-2D58A851B741}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max episode 5\sammax105.exe |
"{8753A05A-1662-4480-B50B-43B4AAA4E8FF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{892B3248-3089-4BBB-B3B9-D81432528CBA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{8A1C7CE3-2DDD-4916-8F7D-A886BFBEAD59}" = protocol=6 | dir=in | app=b:\hearthstone\hearthstone.exe |
"{8A3BC873-7E01-469B-B9CB-4F0A3B95CE92}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\game.exe |
"{8A511DAD-A10D-4A2C-9541-90CE24D75D9B}" = protocol=6 | dir=in | app=b:\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{8AD0AAEE-FF73-4FB8-B8A3-D00FD63128A7}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\papoyo\binaries\win32\pygame-win32-shipping.exe |
"{8C6583E4-D487-4788-A448-F6185B3A0B8E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\garrysmod\hl2.exe |
"{8D1836BA-CAF3-4CD3-9EE8-A31BA8F67EFD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2391\agent.exe |
"{8EC1DC60-FCEA-4984-9010-AD3B8558A782}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\samorost 2\samorost2.exe |
"{8F9F9040-9226-4FB4-ACB4-3BA18B526AE7}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{9019F17A-4267-47D2-B7EB-BC539669C61A}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{9071F237-513C-423D-B867-F2266E0D5292}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\ascension\ascension.exe |
"{90C88D11-C7F3-4A4C-9519-DF8377B109DA}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max episode 6\sammax106.exe |
"{90ED8CD1-150F-427C-9CAC-0A42FB29F4C7}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\hpnetworkcommunicator.exe |
"{91F615C1-FB32-4A23-92BD-20191F15949D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{9329D1A9-51AB-4628-A7DB-6FC5A5FA0CE8}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\smallworld2\sw2executable.app\contents\win32\sw2executable.exe |
"{94E3F508-8FCA-459D-9EE2-02C1E3ADF387}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9561ACB7-3713-4FE7-90FA-67CE6A5F3F72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{972FF1BE-E24E-4D23-A914-A87B63FC5BD9}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\bastion\bastion.exe |
"{9877D38A-813F-42CD-A379-FD98E7BC8071}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\jollyrover\jolly_rover.exe |
"{992AE24E-C762-46B4-9A9B-96FAD5168B4C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{994AFBDC-FEE2-4755-B2A8-DA7C111BBCA1}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\a virus named tom\avnt.exe |
"{995E027B-D25B-4A48-A2E4-5209AAF48570}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99E81955-00E4-4209-B5EE-05CF1E2DD257}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{9A05BBAE-EE8E-4939-8564-F61EA18DF00C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\osmos\osmos.exe |
"{9B2D3F6E-0884-46D4-B070-DFAF6F20F2C5}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\alan wake\alanwake.exe |
"{9B4FC26F-729E-44A4-817A-D477DEBC88B4}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{9BFAED57-EA2F-49FB-B170-28E4A06CCD26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CA37331-2B08-4D18-863A-42437C96851B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D0991FC-C735-4B47-9DFE-209A3A558589}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{9D4669C7-D0AE-4CF9-A39D-3E54917A80A4}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{9E45D60D-0328-4BA8-87FA-3EE596E192CF}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{9E6EF15D-9B42-4B15-86E6-C9B91159EA1A}" = protocol=6 | dir=in | app=c:\users\cristina\appdata\roaming\utorrent\utorrent.exe |
"{9FD82D0A-116A-465F-8AA8-CB3556B416BA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A06DD1E2-597D-4774-8673-7A6CD675A8CA}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\trialspc\datapack\trialsfmx.exe |
"{A13FAEF1-D72E-4499-B8B2-499730578159}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\ticket to ride\ticket to ride.exe |
"{A20EAAA7-F3DA-4616-A324-9676EEE518D2}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{A30E4D72-C3C6-4363-9B0D-C37F7A6A2850}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{A37F3D0E-8692-4FD7-8931-452033DA9D6A}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{A3CE220B-503B-4ECF-A160-61D562430B07}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max episode 2\sammax102.exe |
"{A8286EF8-35B1-478C-9DE5-D86CF98A6A18}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A8E8B1F2-3881-4487-8C56-B37D5C5BC6FE}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\nyxquest kindred spirits\nyxquest.exe |
"{A978E72B-FD5B-45CD-95C4-8FB772BFBDA3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A9A2B98A-6F02-4E8F-8E93-913233A2B53D}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max episode 1\sammax101.exe |
"{AA178DF1-75CA-4C48-9181-780AA999C0BD}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{AC6FCA97-9C52-46F4-B1BE-6700F1281240}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\dont_starve\bin\dontstarve_steam.exe |
"{AD066391-03FC-46BE-94CF-750A8572AACC}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\ss2\shock2.exe |
"{ADF6F8F5-996A-4E87-99D3-9ECEACDFC337}" = protocol=6 | dir=out | app=a:\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{AF2BFC8F-C813-4201-B624-1058A1A94323}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{AF6D5C2F-49EC-4EB1-BB11-B3BF3E7A642D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{B286AE83-045B-4D26-8394-D0B4AD6B16DF}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\source sdk base 2013 singleplayer\hl2.exe |
"{B3614AD5-8161-415F-91A1-777090E5E20F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\sam and max season 2 episode 1\sammax201.exe |
"{B41573DF-5BF7-4870-A48C-431D4BF1928D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\garrysmod\hl2.exe |
"{B44871CB-FD03-4869-91E6-6AE2E2E5E741}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\qube\binaries\win32\qube.exe |
"{B47C8744-78F6-4539-9D08-38C039F51234}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\atomzombiesmasher\data\atomzombiesmasher.exe |
"{B4F640D0-416B-4C74-8882-E2D89D3C4F2F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\portal\hl2.exe |
"{B5069D32-44E1-4EB1-B191-E1F8309E8A0E}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\warp\binaries\win32\warp.exe |
"{B656D689-C152-4957-8413-001531F07018}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{B7427C90-CED2-4EF6-99CC-01DCFF5AB6B0}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\half-life 2\hl2.exe |
"{B84AEEC0-8143-418D-8446-1DD427F19FF9}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\cogs\cogs.exe |
"{B86C72E2-2163-42BA-AE11-2136E97F3088}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\support\game.url |
"{B954EC09-F89F-42E2-9DAE-E6100B5D5882}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B9DDE79A-3302-4EB9-8E19-30C6762D096F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\ss2\shock2.exe |
"{BA3C363F-C315-443B-B90B-C15523E265D8}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sourcesdk\bin\sdklauncher.exe |
"{BC020A45-1B92-443D-B80A-1D844AE7D94F}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\hammerfight\hammerfight.exe |
"{BCEBC331-12F8-4A66-852C-16E11723665A}" = dir=in | app=c:\program files\hp\hp photosmart 6510 series\bin\devicesetup.exe |
"{BCF31FA8-0907-4CE7-9012-9DF676BF7A36}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\machinarium\machinarium.exe |
"{BDB49C9A-5909-4040-B26C-4107F732E45C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\trialspc\datapack\trialsfmx.exe |
"{BE3703B9-204E-469E-9D27-77EE87A0C1EC}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\trine\trine_launcher.exe |
"{BEB207E1-07A7-46B9-8C10-2AF4A578043A}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\bastion\bastion.exe |
"{BF11AC13-210C-498E-82BB-92E9C1E11581}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\ticket to ride\ticket to ride.exe |
"{BF2B1A11-881A-4F73-BF06-F2E99845B054}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{BF803053-8E3F-4E11-B1F3-766DC35123D1}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\swords and soldiers\swords and soldiers launcher.exe |
"{C0618EC2-4A05-455B-8FC8-4A16CE769101}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\magicka\magicka.exe |
"{C23313E7-3BE8-4CB8-9A05-209D7A91E0A6}" = protocol=17 | dir=in | app=b:\steam\steam.exe |
"{C2959F22-3B69-49B0-938C-2B222BE6B601}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\source sdk base 2007\hl2.exe |
"{C2C22DEC-4434-4A68-AC51-44116146F4C1}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{C3C4CDE3-C223-4984-BADC-10943874731F}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max episode 2\sammax102.exe |
"{C4C830A5-DBDD-460D-84D7-FB49A230058D}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\unstoppable gorg\unstoppable_gorg.exe |
"{C553FD15-A8D9-4F0E-A39D-144FCC08DFC8}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\spacechem\spacechem.exe |
"{C6695A6C-E40B-4E67-8952-ADBDBF10B7AA}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{C68DCD0E-C80D-4BF4-8C97-AE2B704BF52F}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{C6A272C7-BB6F-47CF-8E5D-66E62B3DDAEF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\the binding of isaac\isaac.exe |
"{C7C96E16-A0A3-4058-A5C4-5A06EEFC6A92}" = protocol=6 | dir=in | app=b:\steam\steam.exe |
"{C838BA1B-4C0A-45B7-B9B4-2CDCDD706C45}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\pixeljunkeden\eden.exe |
"{C8B83121-FD33-464F-ADA5-6CF3F11279CC}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\trialspc\datapack\trialsfmx.exe |
"{CA7041A2-11DA-4AAF-894F-C5117C30CC1E}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\psychonauts\psychonauts.exe |
"{CB932E74-0274-40A7-9A3E-150367DE9B1A}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{CD6E420C-9056-471F-9852-E18E5FCC71AD}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\portal 2\portal2.exe |
"{CE560ED8-75E4-4AF9-A889-B17A33F14075}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\adventures of shuggy\shuggy.exe |
"{D4CA6832-F80D-4E32-9ED7-EC88A06B725F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\jollyrover\jolly_rover.exe |
"{D4CBFC1F-02E4-4495-A55E-EFD4194C543C}" = protocol=17 | dir=in | app=c:\users\cristina\appdata\roaming\utorrent\utorrent.exe |
"{D4E17DA2-B779-470F-8B15-D9CBE825FA30}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\cave story+\cavestory+.exe |
"{D620A52F-2FD7-42F1-8408-BA7C936DEC5F}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{D67E65EC-17AA-40FD-8A1D-E35D34EF35A1}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\ascension\ascension.exe |
"{D6D712EE-CFAD-4864-83F0-EA399BE29C14}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{D7BEFB0F-2CCE-4A66-B36A-F6D0F76AFDA5}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\papoyo\binaries\win32\pygame-win32-shipping.exe |
"{D7F61078-A103-4D50-84B8-D14A2A564A92}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{D8B46E54-33F9-4BC6-AB68-EA2EB798E497}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\guacamelee\guac.exe |
"{D8FF0133-E62A-4314-B2AD-E21735575BC6}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D93DE38E-036D-4F64-9A05-68DE161833C9}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\castlecrashers\castle.exe |
"{DB85D541-A19D-41D9-9668-D70FDEBBA630}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{DBC2E904-90EC-44CE-8CA4-02F2EA8CBAEC}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\tomb raider\tombraider.exe |
"{DBC5E3D2-97FB-4378-8EF8-7CBFF64AA6A3}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\alan wake\alanwake.exe |
"{DED03C9D-45DB-4071-B65F-3F48B277CD87}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\adventures of shuggy\shuggy.exe |
"{DED71973-B6EF-4BFA-80CE-DD85CB32A643}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\team fortress 2\hl2.exe |
"{DF5A8CBE-30E2-450C-8A09-5DD151564E82}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\portal 2\portal2.exe |
"{DFF5677E-216F-475A-B4A7-190BE8F0ED44}" = protocol=17 | dir=in | app=b:\hearthstone\hearthstone.exe |
"{E20958EA-96EC-4A32-A7E7-8DE37EF6A4FF}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\vertex dispenser\vertex dispenser.exe |
"{E247BDE9-1A00-493B-84A4-BCB604582190}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\steelstorm\netradiant_win32\radiant.exe |
"{E3507ECC-7145-4308-B331-187B65473997}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\arma 2\arma2server.exe |
"{E38C8158-EA99-4B36-B7CB-997C01979CA6}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\trine\trine_launcher.exe |
"{E3E01DA3-64CA-4D52-A4B4-AEA5C95CF286}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\wizorb\wizorb.exe |
"{E3FB7720-DA61-4775-BB6A-5E5E901EE975}" = protocol=6 | dir=out | app=a:\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{E55980AF-8D7F-4714-9415-334DE55EF8B8}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\penny arcade adventures on the rain-slick precipice of darkness episode 2\rainslickep2.exe |
"{E5680334-9860-4B4D-B704-FCC6E669E982}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\steelstorm\steelstorm.exe |
"{E5A73EC7-5234-4D2D-A854-30F6B6AC9ED4}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{E624FA34-DC6F-4F90-842F-172A487DAB5C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\trialspc\datapack\trialsfmx.exe |
"{E7766C84-C26A-4A30-9991-104AF6FFCDC9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E78531A5-7DF3-43BC-BC3E-417FF8478B0F}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\support\paradox.url |
"{E7B1BF2B-E940-4C0F-BCC9-80EDF871D0A1}" = dir=in | app=a:\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{E7C9D9C3-C2C4-4C6B-BB03-9338F62F33A7}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\tales of monkey island - chapter 1\monkeyisland101.exe |
"{E7DF07D5-C07A-40B7-A423-EA8703301EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7FB0E53-185A-4961-9374-E573E8396A46}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\botanicula\botanicula.exe |
"{EC156B6E-CFE1-4F2B-BCC9-D0C3E56D5C18}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\killingfloor\system\killingfloor.exe |
"{EC3D2618-9625-4FD4-B93F-883356E85595}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\support\game.url |
"{ECE75BD4-6639-4CF3-93B9-85E18E198E82}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\shank\bin\shank.exe |
"{EDA544A1-BF1C-40AB-A809-034962D10C58}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\source sdk base 2007\hl2.exe |
"{EEBA33B9-DA52-420B-B6C6-081267F4F6AC}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\poker night at the inventory\celebritypoker.exe |
"{EEE0E843-A7F4-4B34-B459-5C9B9C9E6731}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\a virus named tom\avnt.exe |
"{EF8EA492-DFA6-4AF3-A8E0-F4E27C801186}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{F0AB2624-EEE3-4CA0-B59D-7C83C4EE4FBE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F1550C3C-9EDE-49E6-895D-F7EA8595A926}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{F23CAA22-A89D-4592-A0D1-16D2BF0D679E}" = protocol=6 | dir=out | app=system |
"{F5F6EED8-D97C-4478-BDC9-AA971843B320}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\support\ino_co_com.url |
"{F686AF4A-CC74-41DC-BF7D-3D1D27080D7C}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{F6B7D80D-8B24-4E36-AF3B-4453E279DC38}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\aceofspades\aos.exe |
"{F727FC3F-3C94-4955-BBA8-11EEB2444EBE}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{F77C25BA-B9D4-4084-9860-6E108FB49888}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{F834AD57-B603-41F6-9210-8EB9BEE29F10}" = protocol=6 | dir=in | app=b:\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{F9959891-3D7F-4C2D-AAFB-2AAA16E8D9B4}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\bit.trip beat\beat.exe |
"{FAE3DD57-2C77-4504-A9F6-7F4C96980D21}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\half-life\hl.exe |
"{FAE990DE-7324-4287-8888-2DC467C46ACC}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\tomb raider\tombraider.exe |
"{FBD250BF-CAF6-45E3-94A0-30F1E4BC243C}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\bittriprunner2\runner2.exe |
"{FC41C824-6EBA-4BB8-AD13-61204152B4A5}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\warlock - master of the arcane\support\paradox.url |
"{FCA75016-29BD-4CC1-9967-11F0EE52ED88}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\portal\hl2.exe |
"{FD5CD239-5252-4982-8824-964BEBE37179}" = protocol=17 | dir=in | app=b:\steam\steamapps\common\age of empires online\aoeonline.exe |
"{FD8921E5-5127-444A-A092-4D5D04F6BE77}" = protocol=17 | dir=in | app=b:\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{FF2851C2-2F7C-48E5-B6D4-7B419DF4EA78}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\monaco\monaco.exe |
"{FF46F5A5-59EF-4CEC-99FA-B637E474B5ED}" = protocol=6 | dir=in | app=b:\steam\steamapps\common\sam and max episode 6\sammax106.exe |
"TCP Query User{017D721A-8047-4060-9C71-D9002D90C02B}B:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{0E16E9BA-6E07-479B-BE76-071842ABF9C7}B:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{10275164-B07D-4315-BDC0-86509E91EF20}B:\guild wars 2\gw2.tmp" = protocol=6 | dir=in | app=b:\guild wars 2\gw2.tmp |
"TCP Query User{1219CA73-638A-486B-83DA-F8C9B60E4AFF}B:\antichamber\binaries\win32\udk.exe" = protocol=6 | dir=in | app=b:\antichamber\binaries\win32\udk.exe |
"TCP Query User{2DF4A173-6292-41AE-B6B9-3FBBE33E31A7}B:\portalarium\shroud of the avatar\launcher.exe" = protocol=6 | dir=in | app=b:\portalarium\shroud of the avatar\launcher.exe |
"TCP Query User{2E74AF76-9108-42DD-8FDB-13A759338280}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jrt studio\isyncr\isyncr.exe |
"TCP Query User{3C37F12D-1E71-4A8B-A794-CBE983FB76EC}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{3C8F6CBA-E23E-423B-ACF2-4D50B74119EC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{4F0EE8FA-0351-4BF0-9365-4491CCB6585A}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"TCP Query User{522068D6-0358-4F12-93CC-25C8CA6D571B}B:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=b:\guild wars 2\gw2.exe |
"TCP Query User{576CF7BD-9276-4907-B393-40C49B43FEE6}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{63A18E99-5D90-414E-9575-A852300A354A}B:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{66CCDCEA-AA74-4DA2-8C65-98B0C4818788}B:\downloads\nw.1.20130309a.7.exe" = protocol=6 | dir=in | app=b:\downloads\nw.1.20130309a.7.exe |
"TCP Query User{71F74261-E079-421A-89F0-C27B476EB764}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"TCP Query User{76E946AE-DD3A-478E-8A26-29F7AD0F66F0}B:\steam\steam.exe" = protocol=6 | dir=in | app=b:\steam\steam.exe |
"TCP Query User{7DC59EA4-727C-4B40-8FAE-4D57A2490F7B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{869967A4-E9BF-4121-BF9D-E48D941B2239}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe |
"TCP Query User{91D1B602-0ED1-49DA-A80D-11E3E85A8451}B:\steam\steamapps\psn_lizenjini\source sdk base\hl2.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\psn_lizenjini\source sdk base\hl2.exe |
"TCP Query User{971E882C-5D40-462E-B730-61022B1848DD}A:\downloads\gw2.exe" = protocol=6 | dir=in | app=a:\downloads\gw2.exe |
"TCP Query User{97EE7E77-3455-46D2-94DB-052F463A2EF3}B:\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{99BD3063-A75C-4F56-9811-B6F84A627982}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{9B023B79-7526-4D54-B340-45A17096A9E6}B:\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=b:\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{A71AF7D4-B0F3-4383-90D7-9C473EB41CDE}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{A8447345-C7C2-43A9-A648-F32E41B7BAD3}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{B312D0B0-7F0C-4CF3-BCCA-2EAC9B0EB2A2}B:\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=b:\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{B82527AB-220A-42D7-B0F4-687736D9EE56}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{BA721B8E-A195-4F16-869E-E0BAE3BE3EEA}B:\steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\lord of the rings online\lotroclient.exe |
"TCP Query User{BC987878-8C71-4D8F-910D-CD0A706A4671}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe |
"TCP Query User{DA2C7719-4949-4F8C-96A4-3557380A72FC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DAFA45C5-EAC4-421F-8347-C216E1CAAE0E}B:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"TCP Query User{F52B72D5-0BC9-41D3-A091-0D0EA578EB1C}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{F8A416DA-8CE9-4904-8265-3D5229D5A075}B:\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=6 | dir=in | app=b:\steam\steamapps\common\trine 2\trine2_32bit.exe |
"UDP Query User{10D0A726-EE5C-4C45-8BBC-70A3C1D9A06F}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{11B65AF3-6263-4797-87B3-EFF2BD58833C}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe |
"UDP Query User{2BB1B630-EA62-4C24-A04B-CA675F287CC2}B:\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{2C5D95C9-5103-45FA-AA33-0DF4FA37EA15}B:\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{35023C8D-6ABB-4436-8DA0-C40B095CC4FC}C:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\utotalmediatheatre5.exe |
"UDP Query User{37198E3A-1D3E-4C4E-B37B-75759CAA9227}B:\downloads\nw.1.20130309a.7.exe" = protocol=17 | dir=in | app=b:\downloads\nw.1.20130309a.7.exe |
"UDP Query User{37581C4C-DD09-4A78-97AE-F3D1B9A023F8}C:\program files (x86)\jrt studio\isyncr\isyncr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jrt studio\isyncr\isyncr.exe |
"UDP Query User{45D823EF-F786-42B1-BABD-9391640EE983}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{464A082B-AD0F-400B-A2E7-16FB4DCC627F}B:\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=b:\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{56A6A52D-698E-40EE-905D-1643D0286C94}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{59699317-D417-48EA-A6D2-CFE10D29FD26}B:\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=b:\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{5E81A19C-5CC8-47F3-B2C3-9D87616E7B14}B:\steam\steamapps\psn_lizenjini\source sdk base\hl2.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\psn_lizenjini\source sdk base\hl2.exe |
"UDP Query User{6768D679-18A3-4C13-8360-A4009173DEF3}B:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{6F8C8D60-1D36-4DC8-A227-008C83987F2A}B:\guild wars 2\gw2.tmp" = protocol=17 | dir=in | app=b:\guild wars 2\gw2.tmp |
"UDP Query User{7329D46A-59FA-4A96-B1FF-0266E189E1A9}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{804045E5-09A3-4446-956D-AC95FB41662F}B:\portalarium\shroud of the avatar\launcher.exe" = protocol=17 | dir=in | app=b:\portalarium\shroud of the avatar\launcher.exe |
"UDP Query User{9AFD790E-4909-4E5A-AA51-3B50809A0734}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{A12B406D-887B-4857-B61C-67DE5FBF54AD}A:\downloads\gw2.exe" = protocol=17 | dir=in | app=a:\downloads\gw2.exe |
"UDP Query User{A2D47D71-C008-4079-8198-B29E882F23E3}B:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=b:\guild wars 2\gw2.exe |
"UDP Query User{A5C471D9-19E7-41B0-BFE6-801B19DE5043}B:\antichamber\binaries\win32\udk.exe" = protocol=17 | dir=in | app=b:\antichamber\binaries\win32\udk.exe |
"UDP Query User{AE21D250-84E0-434B-A0D1-0D5DE22308E8}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{AF23EE0E-2F10-45E7-B4A3-C9625592F742}B:\steam\steam.exe" = protocol=17 | dir=in | app=b:\steam\steam.exe |
"UDP Query User{BBAE03A7-2C4D-490F-8788-EE59DF55D9AD}B:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\orcs must die 2\build\game\orcsmustdie2.exe |
"UDP Query User{BBFB910E-22C4-4079-BF25-E6C5803F449B}B:\steam\steamapps\common\trine 2\trine2_32bit.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\trine 2\trine2_32bit.exe |
"UDP Query User{C0E0B4EA-250C-4811-B47A-9F11BAE171CD}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C10AD809-C0CF-48F7-B515-9F628BF9C521}B:\steam\steamapps\common\lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\lord of the rings online\lotroclient.exe |
"UDP Query User{C9F9CFA0-73A3-4E3D-8875-0C30BB9F535B}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{D0CC0419-B8EB-4923-8480-9AB05AD719B3}C:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia theatre 5\totalmedia server\tm server.exe |
"UDP Query User{D3640BCE-82FD-45CF-8C40-87DF27CB9B38}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{E80B7962-BAE9-48FF-8BBC-A1502C2E8B0B}C:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{E955D32B-1BAD-4E77-B5EC-E630516D5A18}B:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=b:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{F75A0302-A682-4ABB-BD8C-E57713EFF746}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.0000
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 332.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B53F9744-F0FB-44A6-9739-335CDAB4488A}" = HP Photosmart 6510 series Basic Device Software
"{BCCC97EE-E162-448C-8847-59718FF29B04}" = Intel(R) Network Connections 15.6.25.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support
"Logitech Gaming Software" = Logitech Gaming Software 8.51
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"PROSetDX" = Intel(R) Network Connections 15.6.25.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00302B66-5799-4957-933F-8240C50D3C5C}" = Escape Goat
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = The Sims™ 3 Master Suite Stuff
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = The Sims™ 3 Outdoor Living Stuff
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = The Sims™ 3 Diesel Stuff
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = The Sims™ 3 Showtime
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}" = RealDownloader
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.0.2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = The Sims™ 3 Town Life Stuff
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7f51bdb9-ee21-49ee-94d6-90afc321780e}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A922C4B7-50E0-4787-A94C-59DBF3C65DBE}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1" = EVGA OC Scanner X 2.0.1
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E0955568-4353-4C85-8988-285A8C0F5E87}" = Mumble 1.2.4
"{E1868CAE-E3B9-4099-8C18-AA8944D336FD}" = The Sims™ 3 70s, 80s, & 90s Stuff
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = The Sims™ 3 Generations
"{E77FE33E-DD32-4916-8728-F7757EEECB5F}" = Play withSIX
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E8334E02-EE1F-4DAF-960D-7AF5D8E829DF}" = Shroud of the Avatar
"{E91E51A3-57D2-411B-899F-5AB27E900FEF}" = DayZ Commander
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = The Sims™ 3 Fast Lane Stuff
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F26DE8EF-F2CF-40DC-8CDA-CC0D82D11B36}" = The Sims™ 3 University Life
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF4CBD74-F9CE-4F9B-A212-0E11812995B6}" = iSyncr
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Audacity_is1" = Audacity 2.0
"Battle.net" = Battle.net
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"DivX Setup" = DivX Setup
"Don't Starve_is1" = Don't Starve
"DVDFab 8 Qt_is1" = DVDFab 8.2.1.0 (07/09/2012) Qt
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.6
"Hearthstone" = Hearthstone
"InstallShield_{9A2CE5D4-0A1E-42EB-9CE0-ABD5DD79E94E}" = ArcSoft TotalMedia Theatre 5
"LAME_is1" = LAME v3.99.3 (for Windows)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.58
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Origin" = Origin
"Precision" = EVGA Precision 2.0.4
"RealPlayer 16.0" = RealPlayer
"Steam App 102400" = Vertex Dispenser
"Steam App 102600" = Orcs Must Die!
"Steam App 102850" = WARP
"Steam App 105430" = Age of Empires Online
"Steam App 105800" = PixelJunk Eden
"Steam App 107100" = Bastion
"Steam App 108200" = Ticket to Ride
"Steam App 111000" = The Clockwork Man
"Steam App 111010" = The Clockwork Man: The Hidden World
"Steam App 113020" = Monaco
"Steam App 113200" = The Binding Of Isaac
"Steam App 1250" = Killing Floor
"Steam App 18120" = Unstoppable Gorg
"Steam App 18700" = And Yet It Moves
"Steam App 200710" = Torchlight II
"Steam App 200900" = Cave Story+
"Steam App 200910" = Sequence
"Steam App 203160" = Tomb Raider
"Steam App 203630" = Warlock - Master of the Arcane
"Steam App 203730" = Q.U.B.E.
"Steam App 204360" = Castle Crashers
"Steam App 207420" = Wizorb
"Steam App 207610" = The Walking Dead
"Steam App 207650" = A Virus Named TOM
"Steam App 207690" = Botanicula
"Steam App 211" = Source SDK
"Steam App 211440" = Adventures of Shuggy
"Steam App 212680" = FTL: Faster Than Light
"Steam App 214770" = Guacamelee! Gold Edition
"Steam App 215" = Source SDK Base 2006
"Steam App 218" = Source SDK Base 2007
"Steam App 218060" = BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien
"Steam App 219740" = Don't Starve
"Steam App 220" = Half-Life 2
"Steam App 22000" = World of Goo
"Steam App 220160" = Trials Evolution Gold Edition
"Steam App 224540" = Ace of Spades
"Steam App 227080" = Papo & Yo
"Steam App 233720" = Surgeon Simulator 2013
"Steam App 235620" = Small World 2
"Steam App 238210" = System Shock 2
"Steam App 239030" = Papers, Please
"Steam App 243730" = Source SDK Base 2013 Singleplayer
"Steam App 243750" = Source SDK Base 2013 Multiplayer
"Steam App 244870" = Electronic Super Joy
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 261860" = Ascension: Deckbuilding Game
"Steam App 26500" = Cogs
"Steam App 26900" = Crayon Physics Deluxe
"Steam App 280" = Half-Life: Source
"Steam App 29180" = Osmos
"Steam App 31170" = Tales of Monkey Island: Chapter 1 - Launch of the Screaming Narwhal
"Steam App 31280" = Poker Night at the Inventory
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 33905" = ARMA 2 Dedicated Server
"Steam App 35700" = Trine
"Steam App 35720" = Trine 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 3830" = Psychonauts
"Steam App 400" = Portal
"Steam App 4000" = Garry's Mod
"Steam App 40700" = Machinarium
"Steam App 40720" = Samorost 2
"Steam App 40800" = Super Meat Boy
"Steam App 41100" = Hammerfight
"Steam App 41800" = Gratuitous Space Battles
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 48000" = LIMBO
"Steam App 550" = Left 4 Dead 2
"Steam App 55040" = Atom Zombie Smasher
"Steam App 57000" = NyxQuest
"Steam App 58200" = Jolly Rover
"Steam App 6120" = Shank
"Steam App 620" = Portal 2
"Steam App 63000" = HOARD
"Steam App 63500" = Swords and Soldiers HD
"Steam App 63700" = BIT.TRIP BEAT
"Steam App 63710" = BIT.TRIP RUNNER
"Steam App 65800" = Dungeon Defenders
"Steam App 70" = Half-Life
"Steam App 70300" = VVVVVV
"Steam App 8200" = Sam & Max 101: Culture Shock
"Steam App 8210" = Sam & Max 102: Situation: Comedy
"Steam App 8220" = Sam & Max 103: The Mole, the Mob and the Meatball
"Steam App 8230" = Sam & Max 104: Abe Lincoln Must Die!
"Steam App 8240" = Sam & Max 105: Reality 2.0
"Steam App 8250" = Sam & Max 106: Bright Side of the Moon
"Steam App 8260" = Sam & Max 201: Ice Station Santa
"Steam App 8930" = Sid Meier's Civilization V
"Steam App 92800" = SpaceChem
"Steam App 93200" = Revenge of the Titans
"Steam App 94200" = Jamestown
"Steam App 96200" = Steel Storm: Burning Retribution
"Steam App 98100" = TRAUMA
"Steam App 98800" = Dungeons of Dredmor
"Steam App 99700" = NightSky
"Uplay" = Uplay
"VLC media player" = VLC media player 2.1.3
"WinRAR archiver" = WinRAR 4.20 (32-bit)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Tropic Euro" = Tropic Euro
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/8/2013 6:44:42 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/8/2013 6:44:43 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/8/2013 6:44:43 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/8/2013 6:44:43 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/8/2013 6:44:44 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/8/2013 6:44:44 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/8/2013 6:44:44 PM | Computer Name = CRISTINA-PC | Source = Bonjour Service | ID = 100
Description =

Error - 3/9/2013 11:50:02 PM | Computer Name = CRISTINA-PC | Source = WinMgmt | ID = 10
Description =

Error - 3/10/2013 6:03:09 AM | Computer Name = CRISTINA-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27208 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1010 Start
Time: 01ce1d4876a76207 Termination Time: 6 Application Path: C:\Program Files (x86)\BitTorrent\BitTorrent.exe

Report
Id: b35a367e-8969-11e2-8697-c8600032ff3b

Error - 3/10/2013 7:04:04 AM | Computer Name = CRISTINA-PC | Source = Application Hang | ID = 1002
Description = The program BitTorrent.exe version 7.6.1.27208 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 268c Start
Time: 01ce1d767d302c8a Termination Time: 2 Application Path: C:\Program Files (x86)\BitTorrent\BitTorrent.exe

Report
Id: 332b9c6d-8972-11e2-8697-c8600032ff3b

[ System Events ]
Error - 2/22/2014 11:07:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:07:36 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:08:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:09:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:10:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:11:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:12:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:13:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:14:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2

Error - 2/22/2014 11:15:00 AM | Computer Name = CRISTINA-PC | Source = Service Control Manager | ID = 7000
Description = The bProtector service failed to start due to the following error:
%%2


< End of report >
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemL

Unread postby CrisG » February 22nd, 2014, 12:52 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 10:41 on 22/02/2014 by CRISTINA
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\MZRYSB0U\www.whitesmoke[1].xml --a---- 13 bytes [21:23 10/07/2013] [21:23 10/07/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Users\CRISTINA\Documents\My Games\Sid Meier's Civilization 5\cache\Localization-Babylon.db --a---- 559104 bytes [07:32 17/07/2013] [07:32 17/07/2013] D47E2DC99106E5A817030940999F3D80

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1323336 bytes [07:32 07/01/2014] [07:32 07/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22E
C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\ConduitInstaller_veoh.exe --a---- 73080 bytes [09:15 10/11/2011] [09:15 10/11/2011] 9A5E999C90861CE9B7906DBF429D4238
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\search.conduit[1].xml --a---- 87 bytes [21:23 10/07/2013] [21:23 10/07/2013] C2ABCD930C69B2C8C9B8D24AA073BAF5
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\78W25NTB\storage.conduit[1].xml --a---- 13 bytes [23:01 15/05/2013] [23:01 15/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\PQW9Y62A\facebook.conduitapps[1].xml --a---- 13 bytes [23:01 15/05/2013] [23:01 15/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\CRISTINA\AppData\Local\Microsoft\Internet Explorer\DOMStore\XT85R5BZ\app.mam.conduit[1].xml --a---- 13 bytes [23:01 15/05/2013] [23:01 15/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Users\CRISTINA\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1774897_1765438_US.xml --a---- 193 bytes [23:02 15/05/2013] [21:23 10/07/2013] 405DD1D7D36C626FAFD9AC9650D3CD76

Searching for "*BabSolution*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
C:\Program Files (x86)\Conduit d------ [23:51 18/04/2013]
C:\Users\CRISTINA\AppData\Local\Conduit d------ [23:51 18/04/2013]
C:\Users\CRISTINA\AppData\LocalLow\Conduit d------ [23:51 18/04/2013]

Searching for "*BabSolution*"
C:\Users\CRISTINA\AppData\Roaming\BabSolution d------ [00:40 27/05/2013]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\DataMngr]
[HKEY_CURRENT_USER\Software\DataMngr_Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_USERS\.DEFAULT\Software\DataMngr]
[HKEY_USERS\.DEFAULT\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\DataMngr_Toolbar]
[HKEY_USERS\S-1-5-18\Software\DataMngr]
[HKEY_USERS\S-1-5-18\Software\DataMngr_Toolbar]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterface:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QIconEngineFactoryInterfaceV2:]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon]
[HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98889811-442D-49dd-99D7-DC866BE87DBC}"="Babylon Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\MyBabylonTB_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\VBMZ]
"P1"="babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\HomePage]
"{739df940-c5ee-4bab-9d7e-270894ae687a}"="http://search.conduit.com?SearchSource=10&CUI=UN15651001132700175&UM=2&ctid=CT3289847"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\Conduit]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\AppDataLow\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\Conduit]

Searching for "BabSolution"
[HKEY_CURRENT_USER\Software\BabSolution]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde]
"path"="C:\Users\CRISTINA\AppData\Roaming\BabSolution\CR\Delta.crx"
[HKEY_USERS\S-1-5-21-3706433607-4152841657-1845436021-1000\Software\BabSolution]

-= EOF =-
CrisG
Regular Member
 
Posts: 24
Joined: February 22nd, 2014, 12:20 pm

Re: Infected with PUP.bProtector, ran AdwCleaner/OTL/SystemL

Unread postby Cypher » February 23rd, 2014, 11:56 am

Duplicate topic
This topic is a duplicate of the original post...the original topic, will be left open.


viewtopic.php?f=11&t=62599#.UwoaC4Ve27A

This topic has been closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware