Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Windows 7 Windows 7
Search Search
Search for:
Tech Support Guy > > >

Event id 7026 help please


(!)

markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
16-Apr-2013, 10:00 AM #16
heres the second

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 21/01/2013 11:35:34
System Uptime: 16/04/2013 14:50:53 (0 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | SABERTOOTH 990FX R2.0
Processor: AMD FX(tm)-8350 Eight-Core Processor | Socket 942 | 4013/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 293.415 GiB free.
D: is FIXED (NTFS) - 931 GiB total, 637.059 GiB free.
E: is FIXED (NTFS) - 1397 GiB total, 640.076 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Ralink RT61 Turbo Wireless LAN Card
Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&2B4059EA&0&28A4
Manufacturer: Ralink Technology Corp.
Name: Ralink RT61 Turbo Wireless LAN Card
PNP Device ID: PCI\VEN_1814&DEV_0301&SUBSYS_25611814&REV_00\4&2B4059EA&0&28A4
Service: rt61x64
.
==== System Restore Points ===================
.
RP95: 09/04/2013 13:21:39 - Windows Live Essentials
RP96: 09/04/2013 13:21:46 - WLSetup
RP97: 09/04/2013 13:39:00 - Removed Skype™ 6.3
RP98: 10/04/2013 08:13:33 - Windows Update
RP99: 15/04/2013 08:43:08 - Installed Bluesoleil2.6.0.8 Release 070517
RP100: 15/04/2013 08:47:06 - Removed Bluesoleil2.6.0.8 Release 070517
RP101: 16/04/2013 13:01:39 - Installed Bluesoleil2.6.0.8 Release 070517
RP102: 16/04/2013 13:02:40 - Installed Bluesoleil2.6.0.8 Release 070517
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
Aliens: Colonial Marines
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD Steady Video Plug-In
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Profiles
applicationupdater
Asmedia ASM104x USB 3.0 Host Controller Driver
Asmedia ASM106x SATA Host Controller Driver
Assassin's Creed(R) III v1.03
Avira Antivirus Premium
Batman: Arkham City™
BioShock Infinite
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CPUID CPU-Z 1.63.0
CPUID HWMonitor 1.21
Crysis®3
CrystalDiskInfo 5.4.2 Shizuku Edition
CyberLink Blu-ray Disc Suite
CyberLink LG Burning Tool
CyberLink PowerDVD 9
D3DX10
Dead Space™ 3
DEFIANCE
Defraggler
DmC Devil May Cry
Far Cry 3
FileHippo.com Update Checker
Fraps
GIMP 2.8.4
Google Chrome
Google Update Helper
Guild Wars 2
iTunes
Java 7 Update 17
Java 7 Update 17 (64-bit)
Java Auto Updater
Junk Mail filter update
LG Tool Kit
Malwarebytes Anti-Malware version 1.75.0.1300
Mass Effect™ 3
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Mouse and Keyboard Center
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Xbox 360 Accessories 1.2
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NVIDIA PhysX
OpenOffice.org 3.4.1
Origin
Photo Common
PlanetSide 2
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Star Wars: The Old Republic
swMSM
The Secret World
The Witcher 2
Tomb Raider
Transformers: Fall of Cybertron
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Uplay
VLC media player 2.0.6
Vuze
Warframe
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
16/04/2013 14:51:12, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BTHidMgr
.
==== End Of File ===========================
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
16-Apr-2013, 10:08 AM #17
did you get it ok?

can we please delete these logs once you have seen them i think they hold information about my pc thats shouldn`t be made public.
Mark1956's Avatar
Malware Removal Specialist with 14,079 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
16-Apr-2013, 10:15 AM #18
The error message showing above indicates there is a service installed for the bluetooth software, please click on Start and type services into the search box and hit the Enter key, look down through the list of services and see if you can find the service relating to the software.

We can also do a search for the name of the software.

Run SystemLook again and copy the contents of the code box into it and hit Search, post the log when done.

Code:
:filefind
*Bluesoleil*
:folderfind
*Bluesoleil*
:reg
Bluesoleil
__________________
Please Copy & Paste scan results into your replies, DO NOT send them as attachments or in Code or Quote boxes unless asked to.
Mark1956's Avatar
Malware Removal Specialist with 14,079 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
16-Apr-2013, 10:16 AM #19
There is nothing showing in those logs that could possibly compromise your security.
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
16-Apr-2013, 10:18 AM #20
here is what the systemlook found
SystemLook 30.07.11 by jpshortstuff
Log created at 15:17 on 16/04/2013 by Mark
Administrator - Elevation successful

========== filefind ==========

Searching for "*Bluesoleil*"
C:\Windows\Temp\bluesoleilSetup.log --a---- 33711 bytes [12:01 16/04/2013] [12:02 16/04/2013] D5E3D0A194693CD4CACD57B14BF4CB59

========== folderfind ==========

Searching for "*Bluesoleil*"
C:\Program Files (x86)\IVT Corporation\BlueSoleil d------ [12:01 16/04/2013]

========== reg ==========

[Bluesoleil]
Hive unrecognized.

-= EOF =-
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
16-Apr-2013, 10:20 AM #21
the only thing i can see in services is bluetooth support service which says disabled
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
16-Apr-2013, 10:23 AM #22
the file in c programmes is empty
Mark1956's Avatar
Malware Removal Specialist with 14,079 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Apr-2013, 02:35 AM #23
Find this folder and delete it:

C:\Program Files (x86)\IVT Corporation

The Bluetooth support service is a Windows service and should not be removed.

If removing the above folder still doesn't fix the issue we will need to run OTL as follows:

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
17-Apr-2013, 02:48 AM #24
hi there,
heres the first log

OTL logfile created on: 17/04/2013 07:42:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.91 Gb Total Physical Memory | 6.55 Gb Available Physical Memory | 82.84% Memory free
15.81 Gb Paging File | 14.26 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.13 Gb Total Space | 292.84 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 637.06 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 640.08 Gb Free Space | 45.81% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Mark\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (AODDriver4.2) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (rt61x64) -- C:\Windows\SysNative\drivers\netr6164.sys (Ralink Technology, Corp.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Btcsrusb) -- C:\Windows\SysNative\drivers\btcusb.sys (IVT Corporation.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 F7 45 8B DA F7 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggesti on}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:insta ntExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chro me&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.110.21 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Calendar = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Fade to White Aero Skin (by Skarv) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\oekemfmehiakocmomemagciajlikigkl\1.0_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{103BE27F-7CD6-4E18-954C-92B6470D5CA1}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1adc4756-63be-11e2-85a2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1adc4756-63be-11e2-85a2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/17 07:36:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/04/16 08:23:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/15 09:22:43 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Darksiders2
[2013/04/12 13:25:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/04/12 13:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/04/12 13:25:24 | 004,957,976 | ---- | C] (A-volute) -- C:\Windows\SysNative\RTKSMlfx.dll
[2013/04/12 13:25:24 | 003,693,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/04/12 13:25:24 | 002,797,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/04/12 13:25:24 | 002,102,040 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013/04/12 13:25:24 | 001,659,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013/04/12 13:25:24 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013/04/12 13:25:24 | 000,991,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013/04/12 13:25:24 | 000,914,992 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013/04/12 13:25:24 | 000,887,640 | ---- | C] (A-Volute) -- C:\Windows\SysNative\RTKSMSettingsIPC.dll
[2013/04/12 13:25:24 | 000,858,032 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tossaeapo64.dll
[2013/04/12 13:25:24 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013/04/12 13:25:24 | 000,823,072 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\slcnt64.dll
[2013/04/12 13:25:24 | 000,633,632 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sltech64.dll
[2013/04/12 13:25:24 | 000,613,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtDataProc64.dll
[2013/04/12 13:25:24 | 000,569,256 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosasfapo64.dll
[2013/04/12 13:25:24 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013/04/12 13:25:24 | 000,517,408 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\sl3apo64.dll
[2013/04/12 13:25:24 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013/04/12 13:25:24 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013/04/12 13:25:24 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013/04/12 13:25:24 | 000,213,792 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\slprp64.dll
[2013/04/12 13:25:24 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013/04/12 13:25:24 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013/04/12 13:25:24 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013/04/12 13:25:24 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013/04/12 13:25:24 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013/04/12 13:25:24 | 000,148,912 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\toseaeapo64.dll
[2013/04/12 13:25:24 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013/04/12 13:25:24 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013/04/12 13:25:24 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013/04/12 13:25:24 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013/04/12 13:25:24 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013/04/12 13:25:24 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013/04/12 13:25:24 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013/04/12 13:25:24 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013/04/12 13:25:23 | 021,170,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013/04/12 13:25:23 | 014,021,912 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013/04/12 13:25:23 | 009,123,608 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2013/04/12 13:25:23 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013/04/12 13:25:23 | 002,032,408 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013/04/12 13:25:23 | 001,900,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013/04/12 13:25:23 | 001,284,680 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013/04/12 13:25:23 | 000,910,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/04/12 13:25:23 | 000,904,752 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\MISS_APO.dll
[2013/04/12 13:25:23 | 000,719,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO5064.dll
[2013/04/12 13:25:23 | 000,612,728 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO4064.dll
[2013/04/12 13:25:23 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013/04/12 13:25:23 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013/04/12 13:25:23 | 000,395,208 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013/04/12 13:25:23 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013/04/12 13:25:23 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013/04/12 13:25:23 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013/04/12 13:25:23 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013/04/12 13:25:23 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013/04/12 13:25:23 | 000,135,240 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013/04/12 13:25:23 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013/04/12 13:25:23 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013/04/12 13:25:22 | 002,734,624 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/04/12 13:25:22 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013/04/12 13:25:22 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013/04/12 13:25:22 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013/04/12 13:25:22 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013/04/12 13:25:22 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013/04/12 13:25:22 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013/04/12 13:25:22 | 000,501,192 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013/04/12 13:25:22 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013/04/12 13:25:22 | 000,487,368 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013/04/12 13:25:22 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013/04/12 13:25:22 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013/04/12 13:25:22 | 000,415,688 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013/04/12 13:25:22 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013/04/12 13:25:22 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013/04/12 13:25:22 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013/04/12 13:25:22 | 000,208,072 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/04/12 13:25:22 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013/04/12 13:25:22 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013/04/12 11:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/04/10 08:13:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 08:13:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 08:13:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 08:13:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 08:13:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 08:13:49 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 08:13:49 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 08:13:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 08:13:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 08:13:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 08:13:49 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 08:13:49 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 08:13:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 08:13:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 08:13:47 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 07:58:14 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 07:58:13 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 07:58:13 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 07:58:13 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 07:58:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 07:58:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/09 13:31:17 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Skype
[2013/04/09 13:31:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013/04/08 12:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer
[2013/04/08 12:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Windows Live Writer
[2013/04/08 12:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/04/07 21:38:11 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/07 21:38:11 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/07 21:38:11 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/07 21:38:10 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/07 21:38:10 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/07 21:38:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/07 21:38:10 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/07 21:38:10 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/07 21:38:10 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/07 21:38:10 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/07 21:38:10 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/07 21:38:10 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/07 21:38:10 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/07 21:38:10 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/07 21:38:10 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/07 21:38:10 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/07 21:38:10 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/07 21:38:10 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/07 21:38:10 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/07 21:38:10 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/07 21:38:10 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/07 21:38:10 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/07 21:38:10 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/07 21:38:10 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/07 21:38:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/07 21:38:10 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/07 21:38:10 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/07 21:38:10 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/07 21:38:10 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/07 21:38:10 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/07 21:38:10 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/07 21:38:10 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/07 21:38:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/07 21:38:10 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/07 21:38:10 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/07 21:38:10 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/07 21:38:10 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/07 21:38:10 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/07 21:38:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/07 21:38:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/07 21:38:10 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/07 21:38:10 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/07 21:38:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/07 21:38:10 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/07 21:38:10 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/07 21:38:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/07 21:38:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/07 21:38:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/07 21:38:10 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/07 21:38:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/07 21:38:10 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/07 21:38:10 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/07 21:38:10 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/06 22:05:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Cyberlink
[2013/04/06 22:05:55 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\CyberLink
[2013/04/06 22:03:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\dvdcss
[2013/04/04 12:08:42 | 000,155,528 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\DDCHELPER.dll
[2013/04/04 12:08:42 | 000,020,832 | ---- | C] (Nicomsoft Ltd.) -- C:\Windows\SysNative\drivers\ddcdrv.sys
[2013/04/02 13:52:37 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\SWTORPerf
[2013/04/02 13:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEFIANCE
[2013/04/02 12:48:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\DEFIANCE
[2013/03/30 14:37:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe
[2013/03/30 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Activision
[2013/03/30 14:09:27 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Activision
[2013/03/30 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\WinRAR
[2013/03/30 14:06:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/30 14:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/30 14:06:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2013/03/29 09:25:56 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2013/03/29 09:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/29 09:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/29 09:25:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/29 09:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/26 09:48:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Warframe
[2013/03/25 11:56:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\.thumbnails
[2013/03/25 11:56:00 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\fontconfig
[2013/03/25 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\gegl-0.2
[2013/03/25 11:55:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\.gimp-2.8
[2013/03/25 11:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/03/25 11:55:33 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs
[2013/03/24 21:30:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Azureus
[2013/03/24 21:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2013/03/21 13:58:03 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/21 13:58:03 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/21 13:58:03 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/21 10:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[2013/03/21 10:02:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrystalDiskInfo

========== Files - Modified Within 30 Days ==========

[2013/04/17 07:40:13 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/17 07:40:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/17 07:40:07 | 2072,899,583 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/17 07:39:36 | 000,014,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 07:39:36 | 000,014,464 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 07:37:18 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/17 07:37:18 | 000,664,320 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/17 07:37:18 | 000,125,056 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/17 07:36:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2013/04/16 15:28:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 13:02:45 | 000,000,032 | ---- | M] () -- C:\Windows\0
[2013/04/11 07:31:26 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/11 07:31:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/11 07:20:43 | 000,002,279 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/11 07:19:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/10 08:18:41 | 000,294,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/09 09:46:45 | 000,155,528 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\SysNative\DDCHELPER.dll
[2013/04/09 09:46:45 | 000,020,832 | ---- | M] (Nicomsoft Ltd.) -- C:\Windows\SysNative\drivers\ddcdrv.sys
[2013/04/07 21:38:11 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/04/07 21:38:11 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/04/07 21:38:11 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/04/07 21:38:10 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/07 21:38:10 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/07 21:38:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/04/07 21:38:10 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/04/07 21:38:10 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/04/07 21:38:10 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/04/07 21:38:10 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/04/07 21:38:10 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/04/07 21:38:10 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/07 21:38:10 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/04/07 21:38:10 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/04/07 21:38:10 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/04/07 21:38:10 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/04/07 21:38:10 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/07 21:38:10 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/07 21:38:10 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/04/07 21:38:10 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/04/07 21:38:10 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/07 21:38:10 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/04/07 21:38:10 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/04/07 21:38:10 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/04/07 21:38:10 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/04/07 21:38:10 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/04/07 21:38:10 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/04/07 21:38:10 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/07 21:38:10 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/04/07 21:38:10 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/04/07 21:38:10 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/04/07 21:38:10 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/04/07 21:38:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/04/07 21:38:10 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/04/07 21:38:10 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/07 21:38:10 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/04/07 21:38:10 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/04/07 21:38:10 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/04/07 21:38:10 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/07 21:38:10 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/04/07 21:38:10 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/04/07 21:38:10 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/04/07 21:38:10 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/04/07 21:38:10 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/04/07 21:38:10 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/04/07 21:38:10 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/04/07 21:38:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/04/07 21:38:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/04/07 21:38:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/04/07 21:38:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/07 21:38:10 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/07 21:38:10 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/04/07 21:38:10 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/04/07 21:38:10 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/04/07 21:38:10 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/04/06 22:12:15 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/02 13:00:24 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Launch DEFIANCE.lnk
[2013/03/29 18:04:04 | 021,170,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013/03/29 17:52:10 | 000,914,992 | ---- | M] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013/03/29 17:10:06 | 000,449,481 | ---- | M] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/03/28 08:47:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/03/28 08:47:36 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/03/27 16:57:08 | 000,135,240 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013/03/27 08:58:37 | 000,001,437 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/26 17:11:58 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/26 17:06:30 | 002,797,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013/03/26 17:04:40 | 002,734,624 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013/03/26 15:40:04 | 003,693,128 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013/03/26 14:38:02 | 001,659,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013/03/26 13:47:26 | 000,000,200 | ---- | M] () -- C:\Users\Mark\Desktop\BioShock Infinite.url
[2013/03/26 09:03:38 | 000,000,202 | ---- | M] () -- C:\Users\Mark\Desktop\Warframe.url
[2013/03/25 20:39:26 | 000,005,932 | ---- | M] () -- C:\Users\Mark\AppData\Local\recently-used.xbel
[2013/03/25 17:32:22 | 003,180,264 | ---- | M] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013/03/24 21:30:14 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/03/24 21:30:14 | 000,001,794 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/03/24 21:30:01 | 000,000,000 | ---- | M] () -- C:\END
[2013/03/23 03:43:22 | 000,208,072 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013/03/21 13:57:52 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/03/21 13:57:52 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/03/21 13:57:52 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/03/20 13:17:28 | 009,123,608 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVnA64.dll
[2013/03/20 13:16:58 | 001,900,312 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013/03/20 13:16:56 | 002,102,040 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013/03/20 13:16:52 | 000,910,104 | ---- | M] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013/03/19 07:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/19 06:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/19 06:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/19 06:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/19 05:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/19 04:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

========== Files Created - No Company Name ==========

[2013/04/12 13:25:24 | 003,180,264 | ---- | C] () -- C:\Windows\SysNative\drivers\rtvienna.dat
[2013/04/12 13:25:23 | 000,449,481 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013/04/08 12:31:41 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/04/07 21:41:37 | 000,001,413 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/07 21:38:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/07 21:38:10 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/02 13:00:24 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Launch DEFIANCE.lnk
[2013/03/29 09:25:47 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/26 13:47:26 | 000,000,200 | ---- | C] () -- C:\Users\Mark\Desktop\BioShock Infinite.url
[2013/03/26 09:03:38 | 000,000,202 | ---- | C] () -- C:\Users\Mark\Desktop\Warframe.url
[2013/03/25 20:39:26 | 000,005,932 | ---- | C] () -- C:\Users\Mark\AppData\Local\recently-used.xbel
[2013/03/25 11:55:51 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/03/24 21:30:14 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2013/03/24 21:30:14 | 000,001,794 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2013/03/24 21:30:14 | 000,001,794 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2013/03/09 15:02:38 | 000,123,284 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/23 10:02:51 | 000,763,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/22 12:49:54 | 000,000,273 | ---- | C] () -- C:\Windows\lgfwup.ini
[2013/01/22 09:03:50 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/01/22 09:03:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013/01/21 14:39:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/01/21 12:38:04 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013/01/21 12:37:59 | 000,032,714 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/12/19 20:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/19 20:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/11/27 02:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/06/19 13:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 23:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/03/30 14:09:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Activision
[2013/04/16 12:42:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Azureus
[2013/02/08 09:30:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org
[2013/01/29 20:15:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Origin
[2013/04/08 12:32:04 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
17-Apr-2013, 02:49 AM #25
and here is the second

OTL Extras logfile created on: 17/04/2013 07:42:30 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mark\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

7.91 Gb Total Physical Memory | 6.55 Gb Available Physical Memory | 82.84% Memory free
15.81 Gb Paging File | 14.26 Gb Available in Paging File | 90.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.13 Gb Total Space | 292.84 Gb Free Space | 65.49% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 637.06 Gb Free Space | 68.40% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 640.08 Gb Free Space | 45.81% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0676A100-59A2-4767-A50D-0420D74BED72}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0769FBEB-2084-4013-9AFB-59DA45824162}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{080A77D3-4E31-42E0-A955-1279B5AB818B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{11399A7F-5E1C-4B00-B564-ED0BD1BDD1DB}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.exe |
"{2069F8A4-0159-49DA-BDB5-F23CA552AF8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{3797F6D3-526C-43C3-B335-69400A693F09}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A596D78-3E43-4D75-BE93-3F47B2939F33}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4C610FDC-67F6-4002-8A15-79EFA4981195}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F9C09B2-8659-40CF-B370-95E320146606}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6EC3AACF-C4AB-41C0-8BDB-2FFF4ACFEE30}" = rport=139 | protocol=6 | dir=out | app=system |
"{72C27D61-5AB4-4D58-BFD5-996D601381D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D236B7E-AC6C-480A-8C5C-ACEE04452D98}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EF08DE0-480D-4BCC-A19F-0820F2B7274F}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\tools\launcher.exe |
"{9046B912-C167-4893-8B4F-0E652EAF431B}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E402A14-D170-4BE0-8D60-F5C9B70F21B1}" = lport=445 | protocol=6 | dir=in | app=system |
"{A23096CF-9234-4803-B91E-2AC96A10E863}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.x64.exe |
"{B0FEC503-9829-4834-927E-94F5962D59C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B570C96B-D8B9-4F3B-BAFC-517036D1DE5C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BA3A2BEE-8AE3-4693-98E9-929F0F704B46}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7064390-0DC1-4FF2-AF2A-184B43022AB6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{CFB18EE9-41D7-4146-99CF-E998A8489758}" = lport=139 | protocol=6 | dir=in | app=system |
"{D002D532-1775-4F46-ADB3-07D6E927D771}" = rport=445 | protocol=6 | dir=out | app=system |
"{E5180CAB-33E6-493D-ABA1-3169FDE8B2F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E739649A-3F3E-4F01-BCF6-AA35FB64C939}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAB88F34-38C3-4F12-A5F4-CF6419B7490A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EFBA36C0-58BD-411D-8A96-CAE576BF9818}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{0348F4F5-A0EE-4765-86AC-4830D2FFC5D1}" = protocol=6 | dir=in | app=d:\games\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{06B4FE9C-B985-4AFD-8136-DDDB98833779}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{076C80CC-9AA8-4ED7-9F3B-0975F10BE796}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sleepingdogs\hkship.exe |
"{08184982-D748-4693-ACFE-A59C297D2DFC}" = protocol=17 | dir=in | app=d:\games\assassin`s creed 3\assassinscreed3.exe |
"{08C0B7EB-513A-4DC6-8B72-21D323704EBA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tomb raider\tombraider.exe |
"{0DD64570-8C1C-4FD8-9685-D9E8F5CF8E58}" = protocol=6 | dir=in | app=d:\games\origin games\crysis 3\bin32\crysis3.exe |
"{14893B49-2965-4A50-B61B-F2B38B9F01B3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{174F78CC-C5B9-4CFE-A8FF-0171AE1EB0F3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{19DB3523-E4B4-4C88-AE30-1B193743832C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
"{1AC3721D-775C-44B3-AE4F-C53695503A4A}" = protocol=17 | dir=in | app=d:\games\origin games\dead space 3\deadspace3.exe |
"{1CA288A0-B729-4ACF-87AE-7401717409DD}" = protocol=17 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{2094B211-509B-4D6D-AE52-450CD6B4F74B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{249D8ED8-22CD-4E22-A937-5C7301302EC9}" = protocol=6 | dir=in | app=d:\games\batman arkham city\binaries\win32\batmanac.exe |
"{26277DE4-4FFB-4C92-BFE8-04BE1906C448}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{28C828F9-F1B7-4AEB-9583-68941AE901B1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{2B1E1769-658A-4DD5-98B0-7E1503819D95}" = protocol=6 | dir=in | app=d:\games\assassin`s creed 3\ac3sp.exe |
"{2B21C2F9-8268-4571-A06D-9DC2C40C55CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B40770D-4CED-4D56-84F2-C15C4BE05A4A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2E1F6112-8691-486E-B5CE-C09AF840562C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{315814E5-32DA-4FE6-9710-4FF22C9CED76}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
"{338CD86E-07CA-48AE-9907-9B5BC9C485BE}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{3476E3DD-74BB-4390-AA19-568923241AC1}" = protocol=6 | dir=in | app=d:\games\assassin`s creed 3\assassinscreed3.exe |
"{390D6F14-03A9-4CC6-9FD7-EF1153238340}" = protocol=17 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.exe |
"{3A293B0F-63D7-4079-87A7-E6FD8645F0E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{3B88F8C0-3273-4E47-B176-367FC36AAF0E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\forge\binaries\win32\forgegame.exe |
"{3D3CC0D8-2CF3-40BC-9CFD-3C290BDACD3A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\transformers fall of cybertron\binaries\tfoc.exe |
"{3F65313B-691E-465D-A7B1-C62510EB4C3E}" = protocol=17 | dir=out | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.x64.exe |
"{42144E08-5CB8-4822-A86D-A0C8E986E36B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4229B66A-0596-45FA-A2C1-4A3C613B0A2C}" = protocol=17 | dir=in | app=d:\games\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{47F3233F-F637-4ED3-9E22-AB6A8EA8CFFC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{48CC6A65-892E-49CE-A810-09624E01F7A8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{4B9C6081-4A7C-4970-A9A1-6183563B646D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\transformers fall of cybertron\binaries\tfoc.exe |
"{4F8983C2-70A6-4BFF-92E8-B928AAB7058C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FF7DAB6-4E97-49D6-8AD9-42536E38EDFE}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\fc3updater.exe |
"{5BB77250-1DCB-41C2-8535-DDA8B01B4732}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tomb raider\tombraider.exe |
"{62AA28F3-4857-47B8-93D8-108BF10D4131}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{63856D3B-5429-43F3-A382-7C2321FB2457}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{638A37A6-6B09-4E31-9F15-45FED41D3DDD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{6704C77E-A9AC-4228-9437-DAACAA309A72}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6A86E91E-5DAC-4F54-BF8A-927809CDF3C2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sleepingdogs\hkship.exe |
"{6C0E34E3-9C67-47CB-AB33-D6492A4DDE1E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6D6E7DEB-B308-4BA6-8EA0-D27739C5753A}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{6F24E20B-ADFF-4DEE-82DF-2549DB900394}" = protocol=6 | dir=in | app=d:\games\origin games\dead space 3\deadspace3.exe |
"{70FDDBFA-0A0F-4144-9C9A-535511EDA9E7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{73CE496B-C2C8-4C5D-90E6-EFC2DF2012BB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{75F0E374-7382-4636-9867-ADBF811A4E33}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{76792262-7930-4078-9BBF-BDDA494CCD32}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\fc3editor.exe |
"{779C7371-E42D-4484-A2AA-E2A9956BB3F8}" = protocol=17 | dir=in | app=d:\games\assassin`s creed 3\ac3sp.exe |
"{7B8736ED-77F7-4CC0-8CB5-65F4A6E02B9C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82DE779B-5587-4909-BFCC-156DA291C470}" = protocol=17 | dir=in | app=d:\games\origin games\crysis 3\bin32\crysis3.exe |
"{8423D1C5-6907-4B43-BA73-FA168692CB04}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\farcry3_d3d11.exe |
"{843A6A79-9FAA-4AD7-BEEF-6278AF0E228B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{8D3A0FE9-21D5-4877-8B70-98E001C0A4F8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{8E2ACF7F-5922-474C-A80C-7892688D9711}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{90685393-1D4C-4407-A513-5CBE3C9735C1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{915BF1B8-E3A7-4DDD-9049-13D4EB69CAB6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{930EEA8C-B378-410A-895E-0BB52C70DC09}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{936CF313-C15A-4398-8FE7-858DCECEA2D3}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{9958101A-93CC-40AD-862B-416CC9F509E1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9A4DD81D-B3C1-492B-812A-D2FA1A0E9A36}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{9B2CFE0B-3972-4DA5-B26A-B9B40716ADD8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\hitman absolution\hma.exe |
"{9F4A7939-30C2-42F4-849B-BA38B4F82FE6}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\fc3editor.exe |
"{9FCDAD00-5C55-474F-9858-9D083326D864}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{A1319F8D-ECE3-48F6-A146-A96330EB1DC3}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{A1575959-81AB-432F-9C53-630E404C85C7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A19EBD9D-96E6-4FB0-AD5A-0CC1079F53EF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A26E69D6-0F44-46F9-B514-C0D61CD27914}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe |
"{A43A4652-0EEA-444F-9212-DC0776E8C081}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{A5E3E32E-71CB-4592-AEC8-253FF8194723}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{A9294E7A-AC51-4FA5-BA25-D2CFA02DFD08}" = protocol=6 | dir=out | app=system |
"{A9456A10-15A3-47DB-AC1B-4BB1870169AC}" = protocol=6 | dir=in | app=c:\program files (x86)\funcom\the secret world\clientpatcher.exe |
"{AAC5F258-8890-4F7D-86D8-A918394E55B7}" = protocol=17 | dir=in | app=d:\games\batman arkham city\binaries\win32\batmanac.exe |
"{AB60D1B9-00B0-4AC1-B203-51841BD2D39E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{B10DE750-BA38-4F3E-8C77-EE4F38C4C7C1}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{B27637E4-C44C-43CF-9029-FBD08FAC74FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B4344F08-5979-40A6-A66A-5E15920FFDBB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B580F218-3F1A-4C84-AE42-6DEBA603DD56}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B7DC3B36-ABED-4F90-A15B-C1CD68D3FFA5}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\farcry3.exe |
"{B813A108-A054-42E6-BEC9-F1BB0BD7E71F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\hitman absolution\hma.exe |
"{C0F065AD-ADEC-42AC-8A7E-9970A9831BB5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1E4BA09-867D-4A9A-BD02-D5CBEB2B2919}" = protocol=17 | dir=in | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.exe |
"{C2B8423D-1BE0-4A85-BE3F-271F50DB67D4}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C520E883-0122-4C03-B2C9-2BD22400E1BA}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C574DA44-87E7-449E-9A4C-01C6F4D9EBC2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C68BD4F1-5865-435C-9634-A121ED5E086D}" = protocol=6 | dir=in | app=d:\games\farcry 3\bin\fc3updater.exe |
"{CC18E2CE-3A6A-4F01-A6D8-024BE5D7A54E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D01B05CF-BDA7-4A5F-80F9-752D9BB9935A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D173470D-A976-4EB8-A8C1-A4F669424053}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\farcry3.exe |
"{D6A86273-3221-4E47-9D99-BFDA3D0C283C}" = protocol=17 | dir=in | app=d:\games\farcry 3\bin\farcry3_d3d11.exe |
"{DDCCBE1E-CFC2-49DE-8817-37498ACA14AB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{E17897DE-A762-44DF-BBC8-95A55436FD25}" = protocol=6 | dir=in | app=d:\games\assassin`s creed 3\ac3mp.exe |
"{E80317D3-96B4-4AD4-9484-E960FC0C525A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam games\steamapps\common\warframe\warframe.x64.exe |
"{EB30AE59-647C-4EB8-B6E7-2796F3BAD0EC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\aliens colonial marines\binaries\win32\acm.exe |
"{EC6760E5-54AB-489D-941C-2CEBA0AE88D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EF259832-0C1F-4E7A-989B-C57D1BE01027}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{F22D16B3-9E4E-4B1A-96BE-81F300DB8D7B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{F333F6BF-A7AB-49E8-BD3D-9A8AAD18AFA3}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{F5DF95FA-918D-41CE-A738-8CB61DFED30F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8CBC437-02D9-4058-A912-821D994DD880}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD7DB2A1-2D7C-4C26-BEF8-3634F3D22BB1}" = protocol=17 | dir=in | app=d:\games\assassin`s creed 3\ac3mp.exe |
"TCP Query User{3287921C-864E-42C4-83DC-36862211B67D}D:\games\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"TCP Query User{FCB42B94-B134-4CF1-9EDC-DF8074FD6F90}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{2D5C9072-B822-4345-BA2B-1AD522FE9A30}D:\games\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\games\diablo iii\diablo iii.exe |
"UDP Query User{FAD53A4B-0505-46E0-9F7E-95BC780F184B}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{0B3944DA-6702-3E35-A0E7-ED8923990777}" = AMD Media Foundation Decoders
"{0DF85F1E-CDB6-8559-ED64-39A2CADD6CD6}" = AMD Accelerated Video Transcoding
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{24229F0C-8DA9-16FC-4C26-30434495C309}" = ccc-utility64
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{27FFD9F6-7A4C-3DA3-6043-46F396C1F190}" = AMD Fuel
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{50605356-0770-EC17-4043-3018D1D5CA25}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
"{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B185BFAE-3799-C2DD-887F-7089378E54F4}" = AMD Catalyst Install Manager
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"8461-7759-5462-8226" = Vuze
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.63.0
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Defraggler" = Defraggler
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{069386F2-16F3-CCA7-C044-A7893B86806C}" = Catalyst Control Center Graphics Previews Common
"{0D7C39F2-2DC2-A6B6-CDE6-0D3E7BE2404E}" = CCC Help Russian
"{12263319-9EDA-2A2E-11B4-34F08B921462}" = CCC Help Portuguese
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1BE6921C-7A44-BE7A-59A3-736BB1247344}" = CCC Help Spanish
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2CBAA417-378B-AEF3-4CC3-7C354B4A4829}" = CCC Help Norwegian
"{2F101140-A43E-A526-0297-31C710FDBB44}" = CCC Help Danish
"{3135E6FE-6238-DA26-3981-C4F90CE0B3C7}" = CCC Help Polish
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3D36F763-3A90-64AB-2E19-FDC1CA086FB0}" = AMD VISION Engine Control Center
"{3DCF3BFD-2DC1-C074-CB71-A285FF8B2E73}" = CCC Help Dutch
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{52D9D448-D186-7743-3631-7B4AC77E9263}" = CCC Help German
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{570174D7-87BF-4B48-878F-29C57E387D38}" = DEFIANCE
"{57520FA0-A73E-4165-BCA2-D71000038301}" = Batman: Arkham City™
"{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"{5FB7F9E3-3BB7-9847-9AB6-D1D48F226521}" = CCC Help Chinese Standard
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{66B584FB-C50C-235E-A1DE-E7B18B1CF85C}" = CCC Help Czech
"{68C41F0E-A63F-F109-7764-027DF46CAA06}" = CCC Help Korean
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B257B9D-C51C-80F5-1757-AB16A34A3BBB}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{92C35013-BC4A-F17B-FC10-24475B080D84}" = CCC Help French
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.03
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9FB0965D-A678-4DA0-FBA4-66009A4FE297}" = Catalyst Control Center InstallProxy
"{9FD04D98-D045-7238-CE17-C4827D0C3108}" = CCC Help Chinese Traditional
"{A231A6F2-2C80-6203-ED35-2CFB96B25A38}" = Application Profiles
"{A2E584E3-C62B-7BE3-B73E-6AF977049F15}" = CCC Help Japanese
"{A6713266-9D19-6C62-7D40-68193E4BC68F}" = CCC Help Thai
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{BB375893-701A-BD0D-B598-77253800851E}" = CCC Help Hungarian
"{BB78ACFC-C4FE-E3D2-6FC6-64510293B33D}" = CCC Help Italian
"{BC8BFE07-5957-63CA-5BEB-5BF13D1742C6}" = CCC Help Greek
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CA1E3917-BE53-DEB1-0F4A-237BE9C44675}" = CCC Help Swedish
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EB5A441E-B26E-9B91-CB98-931A00C7C752}" = CCC Help Finnish
"{EB5E4F0C-CAAD-3113-09A8-CB469F09B110}" = CCC Help English
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0DEF695-5A47-A3E7-BF3F-1436A505AACD}" = CCC Help Turkish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Antivirus Premium
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.4.2 Shizuku Edition
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps
"GFWL_{57520FA0-AC56-469B-9983-FF1000008300}" = Batman: Arkham City™
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink LG Burning Tool
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 203160" = Tomb Raider
"Steam App 213120" = Transformers: Fall of Cybertron
"Steam App 218230" = PlanetSide 2
"Steam App 220440" = DmC Devil May Cry
"Steam App 230410" = Warframe
"Steam App 49540" = Aliens: Colonial Marines
"Steam App 8870" = BioShock Infinite
"The Secret World_is1" = The Secret World
"Uplay" = Uplay
"VLC media player" = VLC media player 2.0.6
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-C:/Users/Mark/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06/04/2013 02:23:48 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x515cf844 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x515cf844 Exception code: 0xc0000005 Fault offset: 0x007ee030 Faulting process
id: 0x11cc Faulting application start time: 0x01ce328db8075ac0 Faulting application
path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Report
Id: 89e8f22f-9e82-11e2-a0bb-3085a98e9c0b

Error - 09/04/2013 07:29:10 | Computer Name = Mark-PC | Source = Chrome | ID = 1
Description =

Error - 09/04/2013 16:02:32 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Patcher.exe, version: 2.0.0.0, time stamp:
0x516311ec Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp:
0x4df2be1e Exception code: 0xc0000005 Fault offset: 0x00001f68 Faulting process id:
0x13e8 Faulting application start time: 0x01ce354d5575d5bd Faulting application path:
C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe Faulting module path: C:\Windows\system32\MSVCR100.dll
Report
Id: 69d513a5-a150-11e2-9938-3085a98e9c0b

Error - 11/04/2013 07:20:09 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5164dd62 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5164dd62 Exception code: 0xc0000005 Fault offset: 0x007ee030 Faulting process
id: 0x87c Faulting application start time: 0x01ce36a438a5393a Faulting application
path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Report
Id: c4c92367-a299-11e2-8c32-3085a98e9c0b

Error - 12/04/2013 07:01:57 | Computer Name = Mark-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 12/04/2013 07:01:58 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: CCC.exe, version: 3.5.0.0, time stamp:
0x4f8350e0 Faulting module name: clr.dll, version: 4.0.30319.296, time stamp: 0x50483916
Exception
code: 0xc0000005 Fault offset: 0x00000000001acf00 Faulting process id: 0xbec Faulting
application start time: 0x01ce376757056f60 Faulting application path: C:\Program
Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report
Id: 646262bb-a360-11e2-bd18-3085a98e9c0b

Error - 12/04/2013 07:43:54 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x51671537 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x51671537 Exception code: 0xc0000005 Fault offset: 0x007ee030 Faulting process
id: 0xcd0 Faulting application start time: 0x01ce377186e9c66a Faulting application
path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Report
Id: 4004b029-a366-11e2-bd18-3085a98e9c0b

Error - 14/04/2013 14:41:59 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5168a1d8 Faulting module name: PlanetSide2.exe, version: 0.0.0.0, time
stamp: 0x5168a1d8 Exception code: 0xc0000005 Fault offset: 0x024fa960 Faulting process
id: 0x11c8 Faulting application start time: 0x01ce393cd47d33a4 Faulting application
path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Faulting
module path: C:\Program Files (x86)\Steam Games\SteamApps\common\PlanetSide 2\PlanetSide2.exe
Report
Id: fcacc65f-a532-11e2-bb18-3085a98e9c0b

Error - 15/04/2013 04:10:00 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Patcher.exe, version: 2.0.0.0, time stamp:
0x516311ec Faulting module name: Patcher.exe, version: 2.0.0.0, time stamp: 0x516311ec
Exception
code: 0xc0000005 Fault offset: 0x0000a3bd Faulting process id: 0x1184 Faulting application
start time: 0x01ce39b095920387 Faulting application path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe
Faulting
module path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe Report Id: de1f9865-a5a3-11e2-8e15-3085a98e9c0b

Error - 16/04/2013 02:52:11 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Patcher.exe, version: 2.0.0.0, time stamp:
0x516c3806 Faulting module name: Patcher.exe, version: 2.0.0.0, time stamp: 0x516c3806
Exception
code: 0xc0000005 Fault offset: 0x0000a17d Faulting process id: 0x560 Faulting application
start time: 0x01ce3a6eb2c10f7d Faulting application path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe
Faulting
module path: C:\Users\Mark\AppData\Local\DEFIANCE\Patcher.exe Report Id: 299a87c5-a662-11e2-93c8-3085a98e9c0b

[ System Events ]
Error - 15/04/2013 02:30:36 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 15/04/2013 03:48:38 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 16/04/2013 02:31:35 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 16/04/2013 07:10:17 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 16/04/2013 07:44:08 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 16/04/2013 07:59:41 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 16/04/2013 08:03:56 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 16/04/2013 09:51:12 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 17/04/2013 02:33:18 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr

Error - 17/04/2013 02:40:17 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BTHidMgr


< End of report >
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
17-Apr-2013, 03:17 AM #26
hope i did the scans ok ?
Mark1956's Avatar
Malware Removal Specialist with 14,079 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Apr-2013, 03:30 AM #27
Yup you did well.

There is a service installed for that Bluetooth software, run this fix below to remove it, it should clear up the problem.

OTL - System Scan/Fix
Important!---> Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double click on the OTL icon to execute it. DO NOT open any other process or browser so OTL can run uninterrupted.
  • Under the Standard Registry box change it to All.
  • Check/tick the boxes beside LOP Check and Purity Check.


Code:
:commands
[createrestorepoint]
[EMPTYTEMP]

:OTL


:FILES
C:\Windows\SysNative\drivers\btcusb.sys
:Services
Btcsrusb
  • Copy & Paste everything in the Code box above into the Custom Scan/Fixes box.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes the system will reboot, log back in to your normal account.
  • Notepad will open with the scan results. Please Copy & Paste the entire report into your next reply.
  • The report is also saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
17-Apr-2013, 03:44 AM #28
hi,
ok here is the log after the fix

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mark
->Temp folder emptied: 190652 bytes
->Temporary Internet Files folder emptied: 6220039 bytes
->Java cache emptied: 1206668 bytes
->Google Chrome cache emptied: 32379987 bytes
->Flash cache emptied: 506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb

========== OTL ==========
========== FILES ==========
C:\Windows\SysNative\drivers\btcusb.sys moved successfully.
========== SERVICES/DRIVERS ==========
Service Btcsrusb stopped successfully!
Service Btcsrusb deleted successfully!

OTL by OldTimer - Version 3.2.69.0 log created on 04172013_084038

Files\Folders moved on Reboot...
C:\Users\Mark\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


i just check event viewer and im still getting the error
markshim's Avatar
markshim markshim is offline
Member with 87 posts.
THREAD STARTER
 
Join Date: Jan 2009
Location: exeter, uk
Experience: Beginner
17-Apr-2013, 04:03 AM #29
am i going to have to reinstall windows 7 or can i just leave the error or is there something else i can try ?
Mark1956's Avatar
Malware Removal Specialist with 14,079 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
17-Apr-2013, 05:51 AM #30
A re-install would be the last resort. The above deletion took out the service entry, but there must a registry entry still in the system, we shall see if this can find it.

STEP 1
NOTE: If you have already used Combofix please delete the icon from your desktop.
  • Please download DeFogger and save it to your desktop.
  • Once downloaded, double-click on the DeFogger icon to start the tool.
  • The application window will appear.
  • You should now click on the Disable button to disable your CD Emulation drivers.
  • When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  • When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  • If CD Emulation programs are present and have been disabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.



STEP 2
Please download ComboFix from one of the locations below and save it to your Desktop. <-Important!!!

Be sure to print out and follow these instructions: A guide and tutorial on using ComboFix

Vista/Windows 7 users can skip the Recovery Console instructions and use the Windows DVD to boot into the Vista Recovery Environment or Windows 7 System Recovery Options if something goes awry. If you do not have a Windows 7 DVD then please create a Windows 7 Repair Disc. XP users need to install the Recovery Console first.
  • Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Click this link to see a list of such programs and how to disable them.
  • If ComboFix detects an older version of itself, you will be asked to update the program.
  • ComboFix will begin by showing a Disclaimer. Read it and click I Agree if you want to continue.
  • Follow the prompts and click on Yes to continue scanning for malware.
  • If using Windows 7 or Vista and you receive a UAC prompt asking if you want to continue running the program, you should press the Continue button.
  • When finished, please copy and paste the contents of C:\ComboFix.txt (which will open after reboot) in your next reply.
  • Be sure to re-enable your anti-virus and other security programs.

-- Do not touch your mouse/keyboard until the ComboFix scan has completed, as this may cause the process to stall or the computer to lock.
-- ComboFix will temporarily disable your desktop, and if interrupted may leave it disabled. If this occurs, please reboot to restore it.
-- ComboFix disables autorun of all CD, floppy and USB devices to assist with malware removal and increase security.


If you no longer have access to your Internet connection after running ComboFix, please reboot to restore it. If that does not restore the connection, then follow the instructions for Manually restoring the Internet connection provided in the "How to Guide" you printed out earlier. Those instructions only apply to XP, for Vista and Windows 7 go here: Internet connection repair

NOTE: if you see a message like this when you attempt to open anything after the reboot "Illegal Operation attempted on a registry key that has been marked for deletion" please reboot the system again and the warning should not return.

Quote:
Do NOT use ComboFix unless you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, NOT for general public or personal use. Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again. This site, sUBs and myself will not be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read ComboFix's Disclaimer.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑