VIRY.CZ

TADY

ComboFix 14-04-26.01 - user 04/28/2014 18:28:14.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16330.14268 [GMT -7:00]
Running from: c:\users\user\Downloads\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\003\vxlsnyaiet64.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Spybot - Search & Destroy 2
c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe.log
c:\programdata\McAfee
c:\programdata\McAfee\MCLOGS\Common\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\McLightInstaller\McUICnt\McUICnt000.log
c:\programdata\McAfee\MCLOGS\McUICnt\mcuicnt\mcuicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\McCHSvc\McCHSvc000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\mcuicnt\mcuicnt000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Inner\SecurityScan_Inner000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SecurityScan_Release\SecurityScan_Release000.log
c:\programdata\McAfee\MCLOGS\PartnerCustom\SSScheduler\SSScheduler000.log
c:\programdata\McAfee\MCLOGS\SecurityScanner\mcuicnt\mcuicnt000.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESGIGUARD
-------\Service_c2cautoupdatesvc
-------\Service_c2cpnrsvc
-------\Service_esgiguard
-------\Service_SkypeUpdate
-------\Service_vxlsnyaiet64
.
.
((((((((((((((((((((((((( Files Created from 2014-03-28 to 2014-04-29 )))))))))))))))))))))))))))))))
.
.
2014-04-29 01:38 . 2014-04-29 01:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-29 01:38 . 2014-04-29 01:38 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-04-29 01:38 . 2014-04-29 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-28 18:54 . 2014-04-28 18:54 -------- d-----w- C:\AdwCleaner
2014-04-27 16:34 . 2014-04-27 16:34 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2014-04-27 16:33 . 2014-04-27 16:33 -------- d-----w- c:\programdata\Malwarebytes
2014-04-27 07:54 . 2010-08-30 15:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-04-27 04:38 . 2014-04-27 04:38 -------- d-----w- C:\rsit
2014-04-27 04:38 . 2014-04-27 04:38 -------- d-----w- c:\program files\trend micro
2014-04-27 03:04 . 2014-04-27 03:04 -------- d-----w- c:\program files\Enigma Software Group
2014-04-27 03:03 . 2014-04-27 05:53 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-27 03:03 . 2014-04-27 03:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-04-27 01:04 . 2014-04-27 01:04 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-27 01:04 . 2014-04-27 01:04 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-26 20:22 . 2014-04-26 20:22 -------- d-----w- c:\users\user\AppData\Local\com
2014-04-26 20:21 . 2014-04-26 20:21 -------- d-sh--w- c:\users\user\AppData\Local\EmieUserList
2014-04-26 20:21 . 2014-04-26 20:21 -------- d-sh--w- c:\users\user\AppData\Local\EmieSiteList
2014-04-26 00:32 . 2014-04-17 12:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{689D5FE9-A67E-454D-9FA8-D30BDEC3CF6C}\mpengine.dll
2014-04-19 02:21 . 2014-04-19 02:21 -------- d-----w- c:\program files (x86)\Sunflowers
2014-04-19 01:54 . 2014-04-19 02:18 -------- d-----w- c:\users\user\AppData\Roaming\SpieleEntwicklungsKombinat
2014-04-19 01:53 . 2014-04-19 01:54 -------- d-----w- c:\programdata\SpieleEntwicklungsKombinat
2014-04-19 01:53 . 2014-04-19 02:25 211456 ----a-w- c:\windows\system32\drivers\atksgt.sys
2014-04-19 01:53 . 2014-04-19 02:25 35328 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2014-04-11 22:00 . 2014-04-11 22:02 -------- d-----w- c:\users\user\AppData\Local\Forgotten_Hope
2014-04-08 22:42 . 2014-03-21 19:43 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-04-08 22:42 . 2014-03-21 19:43 33568 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-04-08 00:06 . 2014-04-08 00:06 -------- d-----w- c:\users\user\AppData\Local\Project Reality
2014-04-07 23:16 . 2014-04-07 23:16 -------- d-----w- c:\users\user\AppData\Roaming\PowerISO
2014-04-07 23:15 . 2014-03-11 07:00 129944 ----a-w- c:\windows\system32\drivers\scdemu.sys
2014-04-07 23:14 . 2014-04-07 23:15 -------- d-----w- c:\program files\PowerISO
2014-04-07 22:43 . 2014-04-07 22:54 -------- d-----w- c:\users\user\AppData\Roaming\NCH Software
2014-04-07 22:42 . 2014-04-07 22:54 -------- d-----w- c:\program files (x86)\NCH Software
2014-04-07 22:42 . 2014-04-07 22:46 -------- d-----w- c:\programdata\NCH Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-24 02:24 . 2012-11-30 02:06 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-04-24 02:24 . 2012-11-30 02:02 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-04-24 02:23 . 2012-11-30 02:02 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-04-10 07:36 . 2012-11-16 08:14 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-04-09 22:26 . 2014-02-06 06:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2014-04-06 22:14 . 2012-11-30 02:02 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-04-02 13:27 . 2014-03-21 18:26 1081112 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-02 13:27 . 2014-03-21 18:26 1225920 ----a-w- c:\windows\system32\nvspcap64.dll
2014-03-31 16:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-21 19:43 . 2014-03-21 18:24 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-21 18:46 . 2014-03-21 18:46 152848 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2014-03-21 18:46 . 2014-03-21 18:46 1081616 ----a-w- c:\windows\SysWow64\mscomctl.ocx
2014-03-04 14:35 . 2014-03-21 18:24 9728064 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-03-04 14:35 . 2014-03-21 18:24 9690424 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-03-04 14:35 . 2014-03-21 18:24 892704 ----a-w- c:\windows\system32\NvIFR64.dll
2014-03-04 14:35 . 2014-03-21 18:24 877856 ----a-w- c:\windows\system32\NvFBC64.dll
2014-03-04 14:35 . 2014-03-21 18:24 863064 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-03-04 14:35 . 2014-03-21 18:24 846168 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-03-04 14:35 . 2014-03-21 18:24 832936 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-03-04 14:35 . 2014-03-21 18:24 484296 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-03-04 14:35 . 2014-03-21 18:24 409544 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-03-04 14:35 . 2014-03-21 18:24 377688 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-21 18:24 353504 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-03-04 14:35 . 2014-03-21 18:24 333600 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-03-04 14:35 . 2014-03-21 18:24 31474976 ----a-w- c:\windows\system32\nvoglv64.dll
2014-03-04 14:35 . 2014-03-21 18:24 3143456 ----a-w- c:\windows\system32\nvcuvid.dll
2014-03-04 14:35 . 2014-03-21 18:24 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-03-04 14:35 . 2014-03-21 18:24 2958792 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-03-04 14:35 . 2014-03-21 18:24 2783008 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-21 18:24 2715264 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-03-04 14:35 . 2014-03-21 18:24 25255256 ----a-w- c:\windows\system32\nvcompiler.dll
2014-03-04 14:35 . 2014-03-21 18:24 2411976 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-03-04 14:35 . 2014-03-21 18:24 23716640 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-03-04 14:35 . 2014-03-21 18:24 1885472 ----a-w- c:\windows\system32\nvdispco6433523.dll
2014-03-04 14:35 . 2014-03-21 18:24 17755424 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-03-04 14:35 . 2014-03-21 18:24 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-03-04 14:35 . 2014-03-21 18:24 174296 ----a-w- c:\windows\system32\nvinitx.dll
2014-03-04 14:35 . 2014-03-21 18:24 15783992 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-03-04 14:35 . 2014-03-21 18:24 1516488 ----a-w- c:\windows\system32\nvdispgenco6433523.dll
2014-03-04 14:35 . 2014-03-21 18:24 148016 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-03-04 14:35 . 2014-03-21 18:24 14709720 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-03-04 14:35 . 2014-03-21 18:24 12708128 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-03-04 14:35 . 2014-03-21 18:24 11636176 ----a-w- c:\windows\system32\nvcuda.dll
2014-03-04 14:35 . 2014-03-21 18:24 11589272 ----a-w- c:\windows\system32\nvopencl.dll
2014-03-04 14:35 . 2013-09-28 01:02 18302384 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-03-04 14:35 . 2013-09-28 01:02 947808 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-03-04 14:35 . 2013-09-28 01:02 3093280 ----a-w- c:\windows\system32\nvapi64.dll
2014-03-04 13:06 . 2012-11-16 06:53 6714312 ----a-w- c:\windows\system32\nvcpl.dll
2014-03-04 13:06 . 2012-11-16 06:53 3497816 ----a-w- c:\windows\system32\nvsvc64.dll
2014-03-04 13:05 . 2012-11-16 06:53 922968 ----a-w- c:\windows\system32\nvvsvc.exe
2014-03-04 13:05 . 2012-11-16 06:53 64968 ----a-w- c:\windows\system32\nvshext.dll
2014-03-04 13:05 . 2012-11-16 06:53 386336 ----a-w- c:\windows\system32\nvmctray.dll
2014-03-04 13:05 . 2012-11-16 06:53 3649185 ----a-w- c:\windows\system32\nvcoproc.bin
2014-03-04 11:32 . 2014-03-21 18:25 599840 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-03-04 09:17 . 2014-04-09 21:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-10 18:06 . 2014-03-18 19:43 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-10 18:06 . 2014-03-18 19:43 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-10 18:06 . 2014-03-18 19:43 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-10 18:06 . 2014-03-18 19:43 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-10 18:06 . 2014-03-18 19:43 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-10 18:06 . 2013-01-20 08:13 43152 ----a-w- c:\windows\avastSS.scr
2014-02-07 01:23 . 2014-03-13 00:13 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-13 00:09 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-13 00:09 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-13 00:09 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-13 00:09 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-13 00:13 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-13 00:13 381440 ----a-w- c:\windows\SysWow64\wer.dll
2013-08-04 05:48 . 2013-08-04 02:56 704282 ----a-w- c:\program files (x86)\unins000.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-04-02 3774312]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2014-03-11 377368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 aswTap;avast! SecureLine TAP Adapter v3;c:\windows\system32\DRIVERS\aswTap.sys;c:\windows\SYSNATIVE\DRIVERS\aswTap.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-26 00:50 1078088 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-10 18:06 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 23:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-04-02 2201032]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-04-02 1225920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 64.59.144.93 64.59.150.139
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\Pbsvc.exe
AddRemove-{9F7FC1EC-5C07-44A4-8338-22AF90644273}_is1 - c:\gsm fields of honor 6.2\unins000.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e5,f9,3a,98,d5,64,08,3f,75,2a,c2,77,0e,28,39,53,75,77,91,64,a2,99,c6,
f6,16,e7,77,90,21,0e,2a,89,14,db,8c,c4,fc,53,6c,c6,62,ae,e1,e9,0d,cf,e9,44,\
"??"=hex:8f,18,51,da,93,9e,4a,8c,e1,c2,f4,93,04,f3,cc,01
.
[HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\Software\SecuROM\License information*]
"datasecu"=hex:a7,77,19,e1,e9,c5,a5,9d,17,cb,e7,d5,0a,1c,2e,78,6c,23,84,17,0f,
d5,59,37,11,a4,5e,bc,97,27,b8,87,aa,fc,b2,79,ee,37,11,11,a8,7a,50,2b,d4,c0,\
"rkeysecu"=hex:56,e8,dd,f2,09,33,14,41,7c,f6,bb,c3,d3,93,36,97
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2014-04-28 18:50:47 - machine was rebooted
ComboFix-quarantined-files.txt 2014-04-29 01:50
ComboFix2.txt 2014-04-28 18:10
.
Pre-Run: 1,613,346,680,832 bytes free
Post-Run: 1,613,098,885,120 bytes free
.
- - End Of File - - 0AA8746F5491CC77A2C40C861FAEBC95
A36C5E4F47E84449FF07ED3517B43A31

Jak to zatim s pc vypada?


Dejte novy log z RSIT

NO uz po prvnim vycistenim se mi uz skodlivy malware neukazoval a uz zadny reklamy Tady je LOG:

ogfile of random's system information tool 1.09 (written by random/random)
Run by user at 2014-04-29 15:39:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 1535 GB (80%) free of 1908 GB
Total RAM: 16330 MB (87% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:39:54 PM, on 4/29/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\user.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O3 - Toolbar: avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\RunOnce: [20131224] C:\Program Files\AVAST Software\Avast\setup\emupdate\9519001f-0e45-49ab-8f27-a6884b880d6a.exe /check
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8393 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
taskeng.exe {1720BF6A-45EE-44EA-A452-9ABCEC0DDAB6}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\avastui.exe" /nogui
"C:\Program Files\PowerISO\PWRISOVM.EXE" -startup
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"
C:\Windows\system32\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" nss a03437ae-12cf-4033-a823-7d2bc1923236 1
\??\C:\Windows\system32\conhost.exe "1187051209-12471102502005670596-778952472-3156824201650328409-151112716690862698
"C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" serviceapp
\??\C:\Windows\system32\conhost.exe "670915144632168622144485718-1832657868-1100428456-555017690-330162858811530032
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="1092.0.362780462\796473267" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,1,14,28,34 --gpu-vendor-id=0x10de --gpu-device-id=0x1180 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.3523 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ExtensionInstallVerification/None/GoogleNow/Enable/OmniboxBundledExperimentV1/StandardR3/Prerender/PrerenderControl/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/SettingsEnforcement/no_enforcement/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-1-Percent/group_59/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/default/" --renderer-print-preview --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --enable-software-compositing --channel="1092.5.37410469\106889787" /prefetch:673131151
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Users\user\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-10 1390368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-03-21 6270336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-10 1143168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-02-10 1390368]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-03-28 256456]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-02-10 1143168]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-28 194504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2010-11-19 11613288]
"NvBackend"=C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2014-04-02 2201032]
"ShadowPlay"=C:\Windows\system32\nvspcap64.dll [2014-04-02 1225920]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-08-27 59280]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-04-02 3774312]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2014-03-11 377368]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"20131224"=C:\Program Files\AVAST Software\Avast\setup\emupdate\9519001f-0e45-49ab-8f27-a6884b880d6a.exe [2014-04-29 181136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2014-04-28 18:50:56 ----A---- C:\ComboFix.txt
2014-04-28 18:40:07 ----D---- C:\$RECYCLE.BIN
2014-04-28 11:54:00 ----D---- C:\AdwCleaner
2014-04-27 10:35:13 ----A---- C:\MBAM-log-2014-04-27 (10-35-03).txt
2014-04-27 09:34:20 ----D---- C:\Users\user\AppData\Roaming\Malwarebytes
2014-04-27 09:33:35 ----D---- C:\ProgramData\Malwarebytes
2014-04-27 00:54:57 ----A---- C:\Windows\SYSWOW64\sqlite3.dll
2014-04-26 21:38:21 ----D---- C:\rsit
2014-04-26 21:38:21 ----D---- C:\Program Files\trend micro
2014-04-26 20:05:25 ----A---- C:\autoexec.bat
2014-04-26 20:04:54 ----D---- C:\Program Files\Enigma Software Group
2014-04-26 20:03:30 ----D---- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-04-26 19:32:57 ----A---- C:\AVScanner.ini
2014-04-26 18:04:15 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-04-22 03:00:45 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-04-22 03:00:45 ----A---- C:\Windows\system32\ieui.dll
2014-04-22 03:00:43 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-04-22 03:00:43 ----A---- C:\Windows\system32\vbscript.dll
2014-04-22 03:00:38 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 03:00:38 ----A---- C:\Windows\system32\iernonce.dll
2014-04-22 03:00:38 ----A---- C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 03:00:38 ----A---- C:\Windows\system32\ie4uinit.exe
2014-04-22 03:00:36 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-04-22 03:00:36 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-04-22 03:00:36 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-04-22 03:00:36 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-04-22 03:00:36 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-04-22 03:00:36 ----A---- C:\Windows\system32\msrating.dll
2014-04-22 03:00:36 ----A---- C:\Windows\system32\msfeeds.dll
2014-04-22 03:00:36 ----A---- C:\Windows\system32\jsproxy.dll
2014-04-22 03:00:36 ----A---- C:\Windows\system32\jscript9diag.dll
2014-04-22 03:00:36 ----A---- C:\Windows\system32\dxtrans.dll
2014-04-22 03:00:36 ----A---- C:\Windows\system32\dxtmsft.dll
2014-04-22 03:00:35 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-04-22 03:00:35 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-04-22 03:00:35 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-04-22 03:00:35 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-04-22 03:00:35 ----A---- C:\Windows\system32\ieUnatt.exe
2014-04-22 03:00:35 ----A---- C:\Windows\system32\iesetup.dll
2014-04-22 03:00:34 ----A---- C:\Windows\system32\mshtml.dll
2014-04-22 03:00:33 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-04-22 03:00:33 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-04-22 03:00:33 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-04-22 03:00:33 ----A---- C:\Windows\system32\ieapfltr.dll
2014-04-22 03:00:32 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 03:00:32 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-04-22 03:00:32 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-04-22 03:00:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-04-22 03:00:31 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-04-22 03:00:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-04-22 03:00:31 ----A---- C:\Windows\system32\wininet.dll
2014-04-22 03:00:31 ----A---- C:\Windows\system32\urlmon.dll
2014-04-22 03:00:31 ----A---- C:\Windows\system32\iertutil.dll
2014-04-22 03:00:30 ----A---- C:\Windows\system32\ieframe.dll
2014-04-22 03:00:29 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-04-22 03:00:28 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-04-22 03:00:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-04-22 03:00:28 ----A---- C:\Windows\system32\jscript9.dll
2014-04-18 19:21:51 ----D---- C:\Program Files (x86)\Sunflowers
2014-04-18 18:54:00 ----D---- C:\Users\user\AppData\Roaming\SpieleEntwicklungsKombinat
2014-04-18 18:53:58 ----D---- C:\ProgramData\SpieleEntwicklungsKombinat
2014-04-18 18:53:41 ----A---- C:\Windows\system32\drivers\atksgt.sys
2014-04-18 18:53:18 ----A---- C:\Windows\system32\drivers\lirsgt.sys
2014-04-09 14:20:53 ----A---- C:\Windows\SYSWOW64\iologmsg.dll
2014-04-09 14:20:53 ----A---- C:\Windows\system32\iologmsg.dll
2014-04-09 14:20:53 ----A---- C:\Windows\system32\drivers\storport.sys
2014-04-09 14:20:53 ----A---- C:\Windows\system32\drivers\msiscsi.sys
2014-04-09 14:20:53 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2014-04-09 14:20:51 ----A---- C:\Windows\SYSWOW64\wow32.dll
2014-04-09 14:20:51 ----A---- C:\Windows\SYSWOW64\user.exe
2014-04-09 14:20:51 ----A---- C:\Windows\SYSWOW64\setup16.exe
2014-04-09 14:20:51 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2014-04-09 14:20:51 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2014-04-09 14:20:51 ----A---- C:\Windows\SYSWOW64\instnm.exe
2014-04-09 14:20:51 ----A---- C:\Windows\system32\wow64win.dll
2014-04-09 14:20:51 ----A---- C:\Windows\system32\wow64cpu.dll
2014-04-09 14:20:51 ----A---- C:\Windows\system32\wow64.dll
2014-04-09 14:20:51 ----A---- C:\Windows\system32\ntvdm64.dll
2014-04-09 14:20:51 ----A---- C:\Windows\system32\kernel32.dll
2014-04-09 14:20:50 ----A---- C:\Windows\system32\drivers\ntfs.sys
2014-04-08 15:42:35 ----A---- C:\Windows\SYSWOW64\nvaudcap32v.dll
2014-04-08 15:42:35 ----A---- C:\Windows\system32\drivers\nvvad64v.sys
2014-04-07 16:16:00 ----D---- C:\Users\user\AppData\Roaming\PowerISO
2014-04-07 16:15:05 ----A---- C:\Windows\system32\drivers\scdemu.sys
2014-04-07 16:14:46 ----D---- C:\Program Files\PowerISO
2014-04-07 15:43:31 ----D---- C:\Users\user\AppData\Roaming\NCH Software
2014-04-07 15:42:47 ----D---- C:\ProgramData\NCH Software
2014-04-07 15:42:47 ----D---- C:\Program Files (x86)\NCH Software

======List of files/folders modified in the last 1 month======

2014-04-29 15:39:54 ----D---- C:\Windows\Prefetch
2014-04-29 15:39:53 ----D---- C:\Windows\Temp
2014-04-29 15:38:06 ----D---- C:\Windows\system32\config
2014-04-29 15:30:16 ----D---- C:\Windows\System32
2014-04-29 15:30:16 ----D---- C:\Windows\inf
2014-04-29 15:30:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-04-29 15:27:35 ----SHD---- C:\System Volume Information
2014-04-29 15:22:57 ----D---- C:\ProgramData\NVIDIA
2014-04-29 00:16:24 ----D---- C:\Windows\tracing
2014-04-28 22:42:33 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2014-04-28 22:42:31 ----SHD---- C:\Windows\Installer
2014-04-28 22:41:11 ----RD---- C:\Program Files (x86)
2014-04-28 20:22:38 ----D---- C:\Windows\SysWOW64
2014-04-28 20:22:37 ----D---- C:\Windows\Tasks
2014-04-28 20:18:08 ----D---- C:\Program Files (x86)\Steam
2014-04-28 18:51:20 ----D---- C:\Qoobox
2014-04-28 18:51:14 ----D---- C:\Windows\system32\drivers
2014-04-28 18:40:20 ----D---- C:\Windows
2014-04-28 18:40:20 ----A---- C:\Windows\system.ini
2014-04-28 18:40:04 ----D---- C:\Windows\system32\drivers\etc
2014-04-28 18:38:29 ----D---- C:\Windows\erdnt
2014-04-28 18:35:30 ----D---- C:\ProgramData
2014-04-28 18:32:05 ----D---- C:\Windows\SYSWOW64\drivers
2014-04-28 18:32:05 ----D---- C:\Windows\AppPatch
2014-04-28 18:32:04 ----D---- C:\Program Files (x86)\Common Files
2014-04-28 18:19:03 ----D---- C:\ProgramData\Origin
2014-04-28 18:18:29 ----D---- C:\Program Files (x86)\Origin
2014-04-27 16:35:36 ----D---- C:\Users\user\AppData\Roaming\Skype
2014-04-27 10:51:23 ----D---- C:\Temp
2014-04-27 00:56:15 ----RD---- C:\Program Files
2014-04-27 00:51:29 ----SD---- C:\ProgramData\Microsoft
2014-04-26 22:53:06 ----SD---- C:\Users\user\AppData\Roaming\Microsoft
2014-04-26 21:23:22 ----D---- C:\ProgramData\Spybot - Search & Destroy
2014-04-26 20:05:00 ----D---- C:\Windows\system32\Tasks
2014-04-26 19:34:08 ----D---- C:\Windows\Minidump
2014-04-26 18:54:12 ----D---- C:\Windows\Microsoft.NET
2014-04-26 14:23:22 ----RSD---- C:\Windows\assembly
2014-04-26 13:19:36 ----D---- C:\Windows\winsxs
2014-04-25 17:32:45 ----D---- C:\Windows\system32\catroot2
2014-04-25 16:27:52 ----D---- C:\ProgramData\Package Cache
2014-04-25 15:37:42 ----D---- C:\Program Files (x86)\War Thunder
2014-04-23 19:24:09 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2014-04-22 03:54:33 ----D---- C:\Windows\rescache
2014-04-22 03:16:38 ----D---- C:\Windows\SYSWOW64\en-US
2014-04-22 03:16:38 ----D---- C:\Windows\system32\en-US
2014-04-22 03:16:38 ----D---- C:\Windows\PolicyDefinitions
2014-04-22 03:16:38 ----D---- C:\Program Files\Internet Explorer
2014-04-22 03:16:38 ----D---- C:\Program Files (x86)\Internet Explorer
2014-04-22 03:01:06 ----D---- C:\Windows\system32\catroot
2014-04-16 18:20:56 ----RD---- C:\Program Files (x86)\Skype
2014-04-10 15:37:00 ----D---- C:\Windows\system32\DriverStore
2014-04-10 00:38:02 ----D---- C:\Windows\system32\MRT
2014-04-10 00:36:59 ----A---- C:\Windows\system32\MRT.exe
2014-04-09 15:26:53 ----A---- C:\Windows\system32\PnkBstrA.exe
2014-04-08 15:42:48 ----D---- C:\ProgramData\NVIDIA Corporation
2014-04-08 15:42:36 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2014-04-07 23:47:45 ----D---- C:\Program Files (x86)\Microsoft
2014-04-06 15:14:28 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2014-04-06 10:36:19 ----D---- C:\Program Files (x86)\Electronic Arts
2014-04-06 10:34:03 ----D---- C:\Program Files (x86)\Origin Games
2014-04-02 06:27:17 ----A---- C:\Windows\SYSWOW64\nvspcap.dll
2014-04-02 06:27:05 ----A---- C:\Windows\system32\nvspcap64.dll
2014-03-31 09:35:08 ----N---- C:\Windows\system32\MpSigStub.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 amd_sata;amd_sata; C:\Windows\system32\DRIVERS\amd_sata.sys [2011-03-04 78976]
R0 amd_xata;amd_xata; C:\Windows\system32\DRIVERS\amd_xata.sys [2011-03-04 38528]
R0 aswRvrt;avast! Revert; C:\Windows\system32\drivers\aswRvrt.sys [2013-11-19 65776]
R0 aswVmm;avast! VM Monitor; C:\Windows\system32\drivers\aswVmm.sys [2014-01-17 207904]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; \??\C:\Windows\system32\drivers\aswRdr2.sys [2013-11-19 92544]
R1 aswSnx;aswSnx; \??\C:\Windows\system32\drivers\aswSnx.sys [2014-02-10 1038072]
R1 aswSP;aswSP; \??\C:\Windows\system32\drivers\aswSP.sys [2014-02-10 421704]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2014-03-11 129944]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2014-02-10 78648]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-09-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-09-14 394216]
R3 aswStm;aswStm; \??\C:\Windows\system32\drivers\aswStm.sys [2014-02-10 80184]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-11-23 2565736]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-11-28 197408]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM); C:\Windows\system32\drivers\nvvad64v.sys [2014-03-21 40392]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2013-06-26 767144]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2013-06-26 273576]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2013-06-26 28840]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2013-06-26 23208]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2010-12-15 47232]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2014-04-18 211456]
S2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2014-04-18 35328]
S3 aswTap;avast! SecureLine TAP Adapter v3; C:\Windows\system32\DRIVERS\aswTap.sys [2013-11-19 44640]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-13 5020672]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-13 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-07-09 52736]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-08-11 55184]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-02-10 50344]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2013-04-22 822504]
R2 NvNetworkService;NVIDIA Network Service; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-04-02 1615192]
R2 NvStreamSvc;NVIDIA Streamer Service; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-04-02 20541216]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2014-03-04 922968]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2014-04-09 76888]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-06-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-03-04 411936]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-06-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-09-11 124088]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-28 257712]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2013-09-11 51808]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-15 136176]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-11-16 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-03-06 111616]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-04-23 572096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-01 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

Tak jeste posledni sken a budem mazat.


Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Nejde to sekne se to kdy to napise Cannot create C:\Users\user\Desktop\cmd.bat nebo tak nejak udelal sem co ste rekl zaskrtl sem pro vsechny uzivatele (Scan All users) a LOP check a Purity check a dal sem Run scan coz je myslim prohledat a vlozil sem tam co ste poslal predtim nez sem dal run scan

Obcas se to stane, ze OTL tuhle chybku vyhodi

Spustte ho podle stejneho navodu jeste jednou, ale s timto upravenym skriptem

Uz to slo tady je prvni log OTL:

OTL logfile created on: 4/30/2014 9:26:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.24 Gb Available Physical Memory | 83.04% Memory free
31.89 Gb Paging File | 28.86 Gb Available in Paging File | 90.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1493.03 Gb Free Space | 80.14% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/04/29 20:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
PRC - [2014/04/23 17:33:15 | 000,841,032 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/06 15:14:28 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2014/04/02 07:53:37 | 003,774,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/04/02 06:29:05 | 002,201,032 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/04/02 06:28:46 | 001,615,192 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2014/02/10 11:06:57 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2014/04/23 17:33:13 | 000,390,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppgooglenaclpluginchrome.dll
MOD - [2014/04/23 17:33:12 | 013,692,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
MOD - [2014/04/23 17:33:10 | 004,081,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/23 17:33:05 | 000,674,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/23 17:33:04 | 000,093,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/23 17:33:03 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/23 17:33:01 | 000,065,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2013/11/19 17:34:44 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/04/09 15:26:53 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2014/04/02 06:28:36 | 020,541,216 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/10 11:06:57 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/28 20:22:37 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/23 15:01:04 | 000,572,096 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/04/06 15:14:28 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2014/04/02 06:28:46 | 001,615,192 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2014/03/04 04:32:56 | 000,411,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/04/18 19:25:23 | 000,211,456 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2014/04/18 19:25:23 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2014/03/21 12:43:52 | 000,040,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2014/03/11 00:00:12 | 000,129,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2014/02/10 11:06:59 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/10 11:06:59 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/10 11:06:59 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/02/10 11:06:59 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/17 23:51:26 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/28 06:38:18 | 000,197,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/11/19 17:34:45 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/19 17:34:45 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/19 17:34:40 | 000,044,640 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswTap.sys -- (aswTap)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 14:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/14 18:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 18:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/08/23 06:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/12/15 20:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 14:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}: "URL" = http://www.bing.com/search?q={searchTer ... -SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll File not found
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()


[2013/12/01 23:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.ca/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2018.95_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: Google Wallet = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2014/04/28 18:40:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (Power Software Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2080601920-2927812346-669093319-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.93 64.59.150.139
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E4556120-DE38-48C3-AAC9-FC607426A324}: DhcpNameServer = 64.59.144.93 64.59.150.139
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/26 20:05:25 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014/04/29 20:38:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/04/29 17:28:27 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\JURASSIC PARK
[2014/04/28 22:31:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Interactive
[2014/04/28 18:40:07 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014/04/27 09:34:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2014/04/27 09:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/27 00:54:57 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/04/26 21:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014/04/26 21:38:21 | 000,000,000 | ---D | C] -- C:\rsit
[2014/04/26 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/04/26 20:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/26 19:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
[2014/04/26 18:04:15 | 000,692,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/26 18:04:15 | 000,070,832 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/26 13:22:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\com
[2014/04/26 13:21:48 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieUserList
[2014/04/26 13:21:48 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\EmieSiteList
[2014/04/26 13:19:29 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/04/22 03:00:45 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/22 03:00:45 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/22 03:00:43 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/22 03:00:38 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/22 03:00:38 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/22 03:00:38 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/22 03:00:38 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/22 03:00:36 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/22 03:00:36 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/22 03:00:36 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/22 03:00:36 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/22 03:00:36 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/22 03:00:36 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/22 03:00:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/22 03:00:35 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/22 03:00:35 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/22 03:00:35 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/22 03:00:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/22 03:00:35 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/22 03:00:33 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/22 03:00:33 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/22 03:00:33 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/22 03:00:33 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/22 03:00:32 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/22 03:00:32 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/22 03:00:32 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/22 03:00:30 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/22 03:00:30 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/22 03:00:28 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/18 19:58:04 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\SpieleEntwicklungsKombinat
[2014/04/18 19:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sunflowers
[2014/04/18 19:21:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sunflowers
[2014/04/18 18:54:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpieleEntwicklungsKombinat
[2014/04/18 18:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SpieleEntwicklungsKombinat
[2014/04/18 18:53:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2014/04/16 18:22:10 | 000,000,000 | R--D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/04/11 15:00:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Forgotten_Hope
[2014/04/09 14:20:53 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/09 14:20:53 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/09 14:20:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/09 14:20:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/09 14:20:51 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/09 14:20:51 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/09 14:20:51 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/09 14:20:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/09 14:20:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/09 14:20:51 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/09 14:20:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/09 14:20:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/09 14:20:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/09 14:20:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/08 15:42:35 | 000,040,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
[2014/04/08 15:42:35 | 000,033,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
[2014/04/07 17:06:13 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Project Reality
[2014/04/07 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\ProjectReality
[2014/04/07 16:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Reality
[2014/04/07 16:16:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PowerISO
[2014/04/07 16:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2014/04/07 16:15:05 | 000,129,944 | ---- | C] (Power Software Ltd) -- C:\Windows\SysNative\drivers\scdemu.sys
[2014/04/07 16:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2014/04/07 15:43:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\NCH Software
[2014/04/07 15:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software
[2014/04/07 15:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Software
[2014/04/06 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Forgottenhp 2
[2014/04/06 21:00:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2014/04/06 21:00:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Forgotten Hope 2
[2014/04/06 08:32:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bf2SP64 v2.31
[2014/04/06 07:31:21 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Battlefield 2
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/04/30 09:27:52 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014/04/30 09:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/30 07:50:44 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/30 07:50:44 | 000,021,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/30 07:50:26 | 000,783,360 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/30 07:50:26 | 000,662,836 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/30 07:50:26 | 000,122,446 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/30 07:43:27 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/04/30 07:43:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/30 07:43:10 | 4252,831,742 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/29 20:38:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2014/04/28 20:22:35 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/28 20:22:35 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/28 18:40:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/04/28 16:14:00 | 1514,787,246 | ---- | M] () -- C:\Users\user\Desktop\Game.of.Thrones.S04E04.-HD-720p.--CZ-titulky-by-HanzeST.avi
[2014/04/26 20:05:25 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/04/26 18:06:38 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/04/23 19:24:09 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2014/04/23 19:24:09 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2014/04/23 19:23:17 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2014/04/18 19:52:42 | 000,002,208 | ---- | M] () -- C:\Users\user\Desktop\ParaWorld Boosterpack.lnk
[2014/04/18 19:26:57 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\ParaWorld.lnk
[2014/04/18 19:25:23 | 000,211,456 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2014/04/18 19:25:23 | 000,035,328 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2014/04/11 15:20:38 | 000,001,695 | ---- | M] () -- C:\Users\Public\Desktop\Forgotten Hope 2.lnk
[2014/04/09 15:26:53 | 000,076,888 | ---- | M] () -- C:\Windows\SysNative\PnkBstrA.exe
[2014/04/07 16:30:48 | 000,001,735 | ---- | M] () -- C:\Users\user\Desktop\Project Reality BF2.lnk
[2014/04/07 16:15:08 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/04/06 15:14:28 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/04/05 21:33:33 | 000,000,221 | ---- | M] () -- C:\Users\user\Desktop\Battlefield 2.url
[2014/04/02 06:27:17 | 001,081,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
[2014/04/02 06:27:05 | 001,225,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/04/29 20:44:00 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014/04/28 20:22:37 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/28 13:03:25 | 1514,787,246 | ---- | C] () -- C:\Users\user\Desktop\Game.of.Thrones.S04E04.-HD-720p.--CZ-titulky-by-HanzeST.avi
[2014/04/26 20:05:25 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/04/26 19:32:57 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/04/18 19:52:42 | 000,002,208 | ---- | C] () -- C:\Users\user\Desktop\ParaWorld Boosterpack.lnk
[2014/04/18 19:26:57 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\ParaWorld.lnk
[2014/04/18 18:53:41 | 000,211,456 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2014/04/18 18:53:18 | 000,035,328 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2014/04/11 15:00:37 | 000,001,695 | ---- | C] () -- C:\Users\Public\Desktop\Forgotten Hope 2.lnk
[2014/04/07 16:30:48 | 000,001,735 | ---- | C] () -- C:\Users\user\Desktop\Project Reality BF2.lnk
[2014/04/07 16:15:08 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2014/04/05 21:33:33 | 000,000,221 | ---- | C] () -- C:\Users\user\Desktop\Battlefield 2.url
[2014/03/18 11:55:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/03/18 11:55:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/03/18 11:55:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/03/18 11:55:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/03/18 11:55:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/17 10:35:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/08/03 19:56:36 | 000,704,282 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2013/08/03 19:56:36 | 000,044,856 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2013/02/20 12:09:40 | 000,775,482 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/29 19:02:23 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/29 19:02:22 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/15 23:39:55 | 000,038,163 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/11/15 23:37:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/11/15 23:37:06 | 000,027,769 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012/06/19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/11/19 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVAST Software
[2013/07/30 00:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2014/04/07 16:16:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PowerISO
[2014/02/16 02:31:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2014/04/18 19:18:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SpieleEntwicklungsKombinat
[2013/09/03 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\The Creative Assembly
[2013/07/22 20:49:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP

========== Purity Check ==========



========== Custom Scans ==========

< >
[2009/07/13 22:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/13 22:08:49 | 000,032,654 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2014/04/28 20:22:37 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[2009/07/13 18:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/20 20:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/20 20:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/20 20:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/20 20:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\drivers\cdrom.sys
[2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\SysNative\DriverStore\FileRepository\cdrom.inf_amd64_neutral_0b3d0d1942ab684b\cdrom.sys
[2010/11/20 20:23:47 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=F036CE71586E93D94DAB220D7BDF4416 -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_bdcf6151ba66f48b\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: HAL.DLL >
[2010/11/20 20:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\SysNative\hal.dll
[2010/11/20 20:24:08 | 000,263,040 | ---- | M] (Microsoft Corporation) MD5=CFB8C673F9188F99466E76C6972191E0 -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7601.17514_none_094ef8137049c196\hal.dll

< MD5 for: SCECLI.DLL >
[2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll
[2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 20:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll
[2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 20:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SVCHOST.EXE >
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2012/10/03 10:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2013/05/07 23:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2013/09/07 19:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\erdnt\cache64\tcpip.sys
[2013/09/07 19:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/09/07 19:30:37 | 001,903,552 | ---- | M] (Microsoft Corporation) MD5=40AF23633D197905F03AB5628C558C51 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[2010/11/20 20:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2013/09/06 19:27:48 | 001,896,896 | ---- | M] (Microsoft Corporation) MD5=75F9106B74585D38C8FF6BB5CAD262D7 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[2012/08/22 11:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 03:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2013/05/07 23:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2012/03/30 04:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/05 22:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/02 23:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2013/01/03 22:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 10:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/05 23:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2013/11/26 04:34:34 | 001,897,408 | ---- | M] (Microsoft Corporation) MD5=F55B41AA6114568AC558ADBABDA85620 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22525_none_11c3cc3c962abcc3\tcpip.sys
[2012/08/22 11:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys

TADY JE DRUHA CAST OTL:

< MD5 for: USERINIT.EXE >
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 20:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 20:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[9 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[2 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\Download\04f928f3d08c1b3ebb3d20634b77577f\*.tmp files -> C:\Windows\SoftwareDistribution\Download\04f928f3d08c1b3ebb3d20634b77577f\*.tmp -> ]
[1 C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]
[1 C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp files -> C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012/12/02 17:40:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Adobe
[2012/11/16 09:12:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Apple Computer
[2013/11/19 17:37:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVAST Software
[2012/11/15 23:58:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Google
[2012/11/15 23:27:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Identities
[2013/01/21 18:30:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\InstallShield
[2013/01/19 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Macromedia
[2014/04/27 09:34:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2010/11/21 00:16:41 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2014/04/26 22:53:06 | 000,000,000 | --SD | M] -- C:\Users\user\AppData\Roaming\Microsoft
[2014/04/07 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NCH Software
[2013/09/03 18:24:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\NVIDIA
[2013/07/30 00:48:29 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Origin
[2014/04/07 16:16:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PowerISO
[2013/01/21 12:14:01 | 000,000,000 | RH-D | M] -- C:\Users\user\AppData\Roaming\SecuROM
[2014/04/27 16:35:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skype
[2014/02/16 02:31:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
[2014/04/18 19:18:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SpieleEntwicklungsKombinat
[2013/09/03 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\The Creative Assembly
[2013/07/22 20:49:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
[2014/02/01 09:46:48 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2014/04/30 09:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014/04/28 20:22:35 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerApp.exe
[2014/04/28 20:22:35 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\system32\FlashPlayerCPLApp.cpl

< %SYSTEMDRIVE%\*.exe >

< >

< *crack* /s >
[2013/06/14 15:31:30 | 000,000,706 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Company of Heroes Relaunch\Eastern_Front\Data\sound\weapons\ppsh41\ppsh41_whipcrack.bsc
[2013/08/01 15:08:07 | 000,002,748 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Empire Total War\data\UI\Campaign UI\Pips\military-crackdown-repression.tga
[2012/12/02 13:03:56 | 000,002,748 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\napoleon total war\data\UI\Campaign UI\Pips\military-crackdown-repression.tga
[2014/04/06 07:40:00 | 000,012,116 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrack.cfx
[2014/04/06 07:40:04 | 000,012,168 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
[2014/04/06 07:40:04 | 000,012,536 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
[2014/04/06 07:40:06 | 000,012,852 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
[2014/04/06 07:40:08 | 000,012,436 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
[2014/04/06 07:40:06 | 000,012,488 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
[2014/04/06 07:40:00 | 000,012,484 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcracklightmap.cfx
[2014/04/06 07:40:02 | 000,012,800 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
[2014/04/06 07:40:01 | 000,012,720 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
[2014/04/06 07:40:05 | 000,012,756 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2014/04/06 07:40:06 | 000,013,096 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2014/04/06 07:40:07 | 000,013,468 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2014/04/06 07:40:08 | 000,012,816 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2014/04/06 07:40:07 | 000,013,144 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2014/04/06 07:40:01 | 000,013,060 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2014/04/06 07:40:03 | 000,013,432 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2014/04/06 07:40:01 | 000,012,836 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
[2014/04/06 07:40:06 | 000,012,872 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
[2014/04/06 07:40:06 | 000,013,212 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
[2014/04/06 07:40:07 | 000,013,584 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
[2014/04/06 07:40:08 | 000,012,924 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
[2014/04/06 07:40:07 | 000,013,260 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
[2014/04/06 07:40:02 | 000,013,176 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
[2014/04/06 07:40:03 | 000,013,548 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
[2014/04/06 07:40:04 | 000,012,888 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
[2014/04/06 07:40:03 | 000,013,224 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
[2014/04/06 07:40:04 | 000,012,780 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2014/04/06 07:40:03 | 000,013,108 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2014/04/06 07:40:03 | 000,012,400 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
[2014/04/06 07:40:02 | 000,012,436 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackshadow.cfx
[2014/04/06 07:40:00 | 000,012,296 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrack.cfx
[2014/04/06 07:40:04 | 000,012,348 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
[2014/04/06 07:40:05 | 000,012,716 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
[2014/04/06 07:40:06 | 000,013,032 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
[2014/04/06 07:40:08 | 000,012,612 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
[2014/04/06 07:40:06 | 000,012,668 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
[2014/04/06 07:40:00 | 000,012,664 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
[2014/04/06 07:40:02 | 000,012,980 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
[2014/04/06 07:40:01 | 000,012,900 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2014/04/06 07:40:06 | 000,012,936 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2014/04/06 07:40:06 | 000,013,276 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2014/04/06 07:40:07 | 000,013,648 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2014/04/06 07:40:08 | 000,012,996 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2014/04/06 07:40:07 | 000,013,324 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2014/04/06 07:40:01 | 000,013,240 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2014/04/06 07:40:03 | 000,013,612 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2014/04/06 07:40:02 | 000,013,016 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
[2014/04/06 07:40:06 | 000,013,052 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
[2014/04/06 07:40:06 | 000,013,392 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
[2014/04/06 07:40:07 | 000,013,764 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
[2014/04/06 07:40:08 | 000,013,104 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
[2014/04/06 07:40:07 | 000,013,440 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
[2014/04/06 07:40:02 | 000,013,356 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
[2014/04/06 07:40:03 | 000,013,728 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
[2014/04/06 07:40:04 | 000,013,068 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
[2014/04/06 07:40:03 | 000,013,404 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
[2014/04/06 07:40:04 | 000,012,960 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2014/04/06 07:40:03 | 000,013,288 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2014/04/06 07:40:03 | 000,012,576 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
[2014/04/06 07:40:02 | 000,012,616 | ---- | M] () -- \Users\user\Documents\Battlefield 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
[2014/04/12 10:14:10 | 000,012,308 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrack.cfx
[2014/04/12 10:14:15 | 000,012,408 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
[2014/04/12 10:14:15 | 000,012,776 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
[2014/04/12 10:14:16 | 000,013,092 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
[2014/04/12 10:14:18 | 000,012,676 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
[2014/04/12 10:14:16 | 000,012,728 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
[2014/04/12 10:14:10 | 000,012,676 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcracklightmap.cfx
[2014/04/12 10:14:12 | 000,012,992 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
[2014/04/12 10:14:11 | 000,012,884 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
[2014/04/12 10:14:16 | 000,012,968 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2014/04/12 10:14:16 | 000,013,296 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2014/04/12 10:14:17 | 000,013,668 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2014/04/12 10:14:18 | 000,013,056 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2014/04/12 10:14:17 | 000,013,356 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2014/04/12 10:14:11 | 000,013,212 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2014/04/12 10:14:13 | 000,013,584 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2014/04/12 10:14:12 | 000,013,024 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
[2014/04/12 10:14:16 | 000,013,108 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
[2014/04/12 10:14:16 | 000,013,436 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
[2014/04/12 10:14:18 | 000,013,808 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
[2014/04/12 10:14:18 | 000,013,164 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
[2014/04/12 10:14:17 | 000,013,496 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
[2014/04/12 10:14:12 | 000,013,352 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
[2014/04/12 10:14:13 | 000,013,724 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
[2014/04/12 10:14:14 | 000,013,080 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
[2014/04/12 10:14:13 | 000,013,412 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
[2014/04/12 10:14:14 | 000,012,972 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2014/04/12 10:14:13 | 000,013,272 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2014/04/12 10:14:14 | 000,012,592 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
[2014/04/12 10:14:12 | 000,012,628 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackshadow.cfx
[2014/04/12 10:14:10 | 000,012,536 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrack.cfx
[2014/04/12 10:14:15 | 000,012,636 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
[2014/04/12 10:14:15 | 000,013,004 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
[2014/04/12 10:14:16 | 000,013,320 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
[2014/04/12 10:14:18 | 000,012,900 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
[2014/04/12 10:14:16 | 000,012,956 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
[2014/04/12 10:14:10 | 000,012,904 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
[2014/04/12 10:14:12 | 000,013,220 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
[2014/04/12 10:14:12 | 000,013,112 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2014/04/12 10:14:16 | 000,013,196 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2014/04/12 10:14:16 | 000,013,524 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2014/04/12 10:14:17 | 000,013,896 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2014/04/12 10:14:18 | 000,013,284 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2014/04/12 10:14:17 | 000,013,584 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2014/04/12 10:14:12 | 000,013,440 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2014/04/12 10:14:13 | 000,013,812 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2014/04/12 10:14:12 | 000,013,252 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
[2014/04/12 10:14:16 | 000,013,336 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
[2014/04/12 10:14:16 | 000,013,664 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
[2014/04/12 10:14:18 | 000,014,036 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
[2014/04/12 10:14:18 | 000,013,392 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
[2014/04/12 10:14:18 | 000,013,724 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
[2014/04/12 10:14:12 | 000,013,580 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
[2014/04/12 10:14:13 | 000,013,952 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
[2014/04/12 10:14:14 | 000,013,308 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
[2014/04/12 10:14:13 | 000,013,640 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
[2014/04/12 10:14:14 | 000,013,200 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2014/04/12 10:14:13 | 000,013,500 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2014/04/12 10:14:14 | 000,012,816 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
[2014/04/12 10:14:12 | 000,012,856 | ---- | M] () -- \Users\user\Documents\Forgottenhp 2\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx
[2014/04/07 19:15:22 | 000,012,116 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrack.cfx
[2014/04/07 19:15:27 | 000,012,168 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatest.cfx
[2014/04/07 19:15:27 | 000,012,536 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestlightmap.cfx
[2014/04/07 19:15:28 | 000,012,852 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestlightmapshadow.cfx
[2014/04/07 19:15:30 | 000,012,436 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestpointlight.cfx
[2014/04/07 19:15:28 | 000,012,488 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackalphatestshadow.cfx
[2014/04/07 19:15:22 | 000,012,484 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcracklightmap.cfx
[2014/04/07 19:15:24 | 000,012,800 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcracklightmapshadow.cfx
[2014/04/07 19:15:23 | 000,012,720 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrack.cfx
[2014/04/07 19:15:28 | 000,012,756 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
[2014/04/07 19:15:28 | 000,013,096 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
[2014/04/07 19:15:29 | 000,013,468 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
[2014/04/07 19:15:30 | 000,012,816 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
[2014/04/07 19:15:29 | 000,013,144 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
[2014/04/07 19:15:23 | 000,013,060 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncracklightmap.cfx
[2014/04/07 19:15:25 | 000,013,432 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
[2014/04/07 19:15:24 | 000,012,836 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetail.cfx
[2014/04/07 19:15:28 | 000,012,872 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatest.cfx
[2014/04/07 19:15:28 | 000,013,212 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmap.cfx
[2014/04/07 19:15:30 | 000,013,584 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
[2014/04/07 19:15:30 | 000,012,924 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestpointlight.cfx
[2014/04/07 19:15:30 | 000,013,260 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailalphatestshadow.cfx
[2014/04/07 19:15:24 | 000,013,176 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmap.cfx
[2014/04/07 19:15:25 | 000,013,548 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetaillightmapshadow.cfx
[2014/04/07 19:15:26 | 000,012,888 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailpointlight.cfx
[2014/04/07 19:15:25 | 000,013,224 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackparallaxdetailshadow.cfx
[2014/04/07 19:15:26 | 000,012,780 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
[2014/04/07 19:15:25 | 000,013,108 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackndetailncrackshadow.cfx
[2014/04/07 19:15:26 | 000,012,400 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackpointlight.cfx
[2014/04/07 19:15:24 | 000,012,436 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetailcrackshadow.cfx
[2014/04/07 19:15:22 | 000,012,296 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrack.cfx
[2014/04/07 19:15:27 | 000,012,348 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatest.cfx
[2014/04/07 19:15:27 | 000,012,716 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmap.cfx
[2014/04/07 19:15:29 | 000,013,032 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestlightmapshadow.cfx
[2014/04/07 19:15:30 | 000,012,612 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestpointlight.cfx
[2014/04/07 19:15:28 | 000,012,668 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackalphatestshadow.cfx
[2014/04/07 19:15:22 | 000,012,664 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcracklightmap.cfx
[2014/04/07 19:15:24 | 000,012,980 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcracklightmapshadow.cfx
[2014/04/07 19:15:24 | 000,012,900 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrack.cfx
[2014/04/07 19:15:28 | 000,012,936 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
[2014/04/07 19:15:28 | 000,013,276 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
[2014/04/07 19:15:29 | 000,013,648 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
[2014/04/07 19:15:30 | 000,012,996 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
[2014/04/07 19:15:29 | 000,013,324 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
[2014/04/07 19:15:24 | 000,013,240 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
[2014/04/07 19:15:25 | 000,013,612 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
[2014/04/07 19:15:24 | 000,013,016 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetail.cfx
[2014/04/07 19:15:28 | 000,013,052 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatest.cfx
[2014/04/07 19:15:28 | 000,013,392 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmap.cfx
[2014/04/07 19:15:30 | 000,013,764 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestlightmapshadow.cfx
[2014/04/07 19:15:30 | 000,013,104 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestpointlight.cfx
[2014/04/07 19:15:30 | 000,013,440 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailalphatestshadow.cfx
[2014/04/07 19:15:24 | 000,013,356 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmap.cfx
[2014/04/07 19:15:25 | 000,013,728 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetaillightmapshadow.cfx
[2014/04/07 19:15:26 | 000,013,068 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailpointlight.cfx
[2014/04/07 19:15:25 | 000,013,404 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackparallaxdetailshadow.cfx
[2014/04/07 19:15:26 | 000,012,960 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
[2014/04/07 19:15:25 | 000,013,288 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
[2014/04/07 19:15:26 | 000,012,576 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackpointlight.cfx
[2014/04/07 19:15:24 | 000,012,616 | ---- | M] () -- \Users\user\Documents\ProjectReality\mods\bf2\cache\{D7B71E3E-52C0-11CF-2B7A-5C151CC2C435}_3153_3\rashaderstmbasedetaildirtcrackshadow.cfx

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2013/08/27 14:15:54 | 001,177,888 | ---- | M] () -- \NVIDIA\DisplayDriver\327.23\Win8_WinVista_Win7_64\English\GFExperience\ExtensionLoader.dll
[2014/02/05 02:31:23 | 001,169,184 | ---- | M] () -- \NVIDIA\DisplayDriver\335.23\Win8_WinVista_Win7_64\English\GFExperience\ExtensionLoader.dll
[2013/11/08 13:45:57 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331GameReadyDriver\ExtensionLoader.dll
[2013/11/14 04:55:31 | 001,168,672 | ---- | M] () -- \NVIDIA\DisplayDriver\GeForceR331GameReadyDriver\GFExperience\ExtensionLoader.dll
[2012/08/27 22:33:18 | 000,008,827 | ---- | M] () -- \Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\HeapSnapshotLoader.js
[2014/04/02 06:27:35 | 001,170,376 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\ExtensionLoader.dll
[2013/12/20 01:37:56 | 000,065,344 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2013/12/20 01:37:56 | 000,067,904 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXLoader64.dll
[2013/12/20 01:37:44 | 000,073,536 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader.dll
[2013/12/20 01:37:44 | 000,080,704 | ---- | M] () -- \Program Files (x86)\NVIDIA Corporation\PhysX\Common\PhysXUpdateLoader64.dll
[2013/10/23 13:07:40 | 000,007,825 | ---- | M] () -- \Program Files (x86)\Steam\remoteui\static\libs\images\ajax-loader.gif
[2014/03/13 23:47:17 | 001,921,024 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicDownloader\RelicDownloader.exe
[2014/03/14 10:28:53 | 000,007,244 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Company of Heroes\RelicDownloader\Locale\English\RelicDownloader.English.ucs
[2012/11/24 16:51:50 | 000,063,256 | ---- | M] () -- \Program Files (x86)\Steam\steamapps\common\Red Orchestra 2\Binaries\Win32\PhysXLocal\PhysXLoader.dll
[2013/03/16 18:57:01 | 000,330,040 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\ubiorbitapi_r2_loader.dll
[2013/03/16 18:57:02 | 000,294,400 | ---- | M] () -- \Program Files (x86)\Ubisoft\Ubisoft Game Launcher\uplay_r1_loader.dll
[2014/02/05 02:31:23 | 001,169,184 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{6787A549-6484-43BB-8B49-4AA45541D868}\ExtensionLoader.dll
[2013/08/27 14:15:54 | 001,177,888 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{80FE4FFE-1206-4038-8E43-63074BDCB81C}\ExtensionLoader.dll
[2014/04/02 06:27:35 | 001,170,376 | ---- | M] () -- \Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{AA82618F-6108-4B39-BA22-32281CC2208F}\ExtensionLoader.dll
[2013/12/01 14:09:05 | 000,061,528 | ---- | M] () -- \Program Files\WinRAR\Formats\ace32loader.exe
[2012/12/04 18:00:50 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012/12/04 18:00:50 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2013/10/09 18:07:12 | 000,006,012 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/10/09 18:07:12 | 000,021,956 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\normal\loader_30fps.gif
[2012/12/04 18:00:50 | 000,009,772 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\retina\loader@2x.png
[2012/12/04 18:00:50 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012/12/04 18:00:50 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2013/10/09 18:07:12 | 000,006,012 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_15fps.gif
[2013/10/09 18:07:12 | 000,021,956 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\normal\loader_30fps.gif
[2012/12/04 18:00:50 | 000,009,772 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\retina\loader@2x.png
[2013/10/16 23:28:37 | 000,001,473 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\.DownloadError.txt
[2014/03/05 14:13:11 | 000,160,256 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\APEX_Loader_x64.dll
[2014/03/05 14:00:33 | 000,142,336 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\APEX_Loader_x86.dll
[2013/06/07 13:01:47 | 000,319,488 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\wws_crashreport_uploader.exe
[1 \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\*.tmp files -> \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\*.tmp -> ]
[2013/02/01 15:04:54 | 000,300,392 | ---- | M] () -- \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\wws_crashreport_uploader.exe
[2014/04/27 16:34:38 | 000,001,870 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\318N0TYB\AdLoader[1].htm
[2014/04/26 18:08:07 | 000,004,749 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OSH35M3\ImageLoader[1].gif
[2014/04/26 18:08:07 | 000,000,969 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OSH35M3\ImageLoader[2].gif
[2014/04/26 18:08:07 | 000,001,381 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4OSH35M3\ImageLoader[3].gif
[2014/04/27 16:34:29 | 000,001,870 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B76840EO\AdLoader[1].htm
[2014/04/27 16:34:29 | 000,112,122 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL8EV4B6\AdLoader-7b473315d0084c71df83cdee72aab144.min[1].js
[2014/04/26 18:01:30 | 000,000,723 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL8EV4B6\downloaderror[1].js
[2014/04/26 18:01:30 | 000,001,174 | ---- | M] () -- \Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SL8EV4B6\downloader[1].js
[2013/03/04 19:32:04 | 000,805,232 | ---- | M] () -- \Users\user\AppData\Local\Sony Online Entertainment\ApplicationUpdater\ApplicationDownloaderService.exe
[2012/10/26 19:42:33 | 000,294,400 | ---- | M] () -- \Users\user\AppData\Local\Sony Online Entertainment\ApplicationUpdater\wws_crashreport_uploader.exe
[2013/08/01 18:48:15 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/13 18:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2013/08/01 18:48:15 | 000,003,584 | -H-- | M] () -- \Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
[2009/07/13 18:15:12 | 000,038,400 | ---- | M] () -- \Windows\SysWOW64\dmloader.dll
[2009/07/13 18:40:31 | 000,047,616 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_a1e90d98a953d601\dmloader.dll
[2009/07/13 18:24:53 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/15 22:21:03 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_68a9b6bd92929e63\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 11:38:32 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_68c05c919281774d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 10:38:48 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_68a2edab92971725\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 22:38:44 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/01 19:12:19 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/15 22:12:44 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_691eb3faabbf8f66\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 11:09:47 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_6907efc6abd0db81\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 10:35:00 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_6957a248ab947a6d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 22:39:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_69239340abbb38d0\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/03 22:32:07 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_6971452eab80a50e\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/07 22:11:20 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_692597a0abb965cc\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/01 23:20:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_695e76beab8ff095\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/28 19:18:31 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_694dd858ab9ba72a\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 04:03:17 | 000,003,584 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_69637bfcab8b6996\api-ms-win-core-libraryloader-l1-1-0.dll
[2010/11/21 00:06:45 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/21 00:06:45 | 000,033,360 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.efi.mui_35ee487d
[2010/11/21 00:06:45 | 000,033,344 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winload.exe.mui_3bc5b827
[2010/11/21 00:06:45 | 000,029,776 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.efi.mui_f412814e
[2010/11/21 00:06:45 | 000,029,760 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a_winresume.exe.mui_ff8b5358
[2012/11/16 00:39:27 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2012/11/16 00:39:27 | 000,642,944 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.efi_75834aa0
[2012/11/16 00:39:27 | 000,605,552 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winload.exe_75835076
[2012/11/16 00:39:27 | 000,566,208 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.efi_85cd069f
[2012/11/16 00:39:27 | 000,518,672 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb_winresume.exe_85cd1215
[2009/07/13 19:57:50 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/13 19:57:50 | 000,019,008 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59_spldr.sys_98bd87a0
[2010/11/21 00:05:43 | 000,004,431 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d28dabacfdb4dd1a.manifest
[2010/11/20 20:16:35 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17514_none_b94cbfa183466a89.manifest
[2011/02/05 10:34:23 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.17556_none_b923808583650cfb.manifest
[2011/02/05 06:09:57 | 000,005,745 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7601.21655_none_b9ac1d069c83936e.manifest
[2009/07/13 19:18:27 | 000,002,896 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59.manifest
[2009/07/13 18:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009/07/13 18:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/15 21:15:45 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17651_none_0c8b1b39da352d2d\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 10:32:13 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17932_none_0ca1c10dda240617\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 09:40:37 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.17965_none_0c845227da39a5ef\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 21:45:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/01 18:48:15 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/15 21:36:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.21772_none_0d001876f3621e30\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/08/20 10:23:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22091_none_0ce95442f3736a4b\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/04 09:29:45 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22125_none_0d3906c4f3370937\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/11/29 21:46:37 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22177_none_0d04f7bcf35dc79a\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/03 21:43:16 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22209_none_0d52a9aaf32333d8\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/07/07 21:59:24 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22379_none_0d06fc1cf35bf496\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/01 22:53:29 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22411_none_0d3fdb3af3327f5f\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/08/28 18:54:48 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22436_none_0d2f3cd4f33e35f4\api-ms-win-core-libraryloader-l1-1-0.dll
[2014/03/04 03:35:49 | 000,003,584 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.22616_none_0d44e078f32df860\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >
[2014/04/12 10:11:55 | 000,005,048 | ---- | M] () -- \Users\user\AppData\Local\Forgotten_Hope\updater\c25f69e8327b7a6ec443f7e544e1e67e\DhtNodes

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2014/02/13 22:57:42 | 000,434,368 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014/03/13 00:28:38 | 001,164,288 | ---- | M] () -- \Program Files (x86)\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012/10/05 03:53:23 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014/02/13 23:30:04 | 000,434,368 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.dll
[2014/03/13 00:28:59 | 001,546,240 | ---- | M] () -- \Program Files\Microsoft Silverlight\5.1.30214.0\System.Runtime.Serialization.ni.dll
[2012/10/05 03:52:37 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009/06/10 14:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 03:53:23 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014/02/12 16:32:15 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\553e7bfc9cac5e4feaa83d8ee1e187bd\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/12 18:20:49 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f177ea74036d5fdc6c6b9c967dc877cf\System.Runtime.Serialization.ni.dll
[2014/02/12 16:34:07 | 000,396,288 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\8653acb87b4a219a84e4ce58df35e62a\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/12 17:59:19 | 003,073,536 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\b73fbf8a2db2192752ad2b13744a393b\System.Runtime.Serialization.ni.dll
[2014/02/26 17:16:55 | 000,309,760 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/26 17:16:55 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runt9064068c#\abb3fbf787b74b7d2513a8c409b5ef74\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/02/26 17:17:02 | 002,825,216 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
[2014/02/26 17:17:02 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll.aux
[2014/02/26 19:04:48 | 000,026,624 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll
[2014/02/26 19:04:48 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.84e525b7#\94ce7a3b39b335283a0087f9964e9099\System.Xml.Serialization.ni.dll.aux
[2014/02/26 18:59:21 | 000,376,832 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\3b1e2119f9cdfbc454bf08eb1ed9f023\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014/02/26 18:59:21 | 000,000,580 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\3b1e2119f9cdfbc454bf08eb1ed9f023\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux
[2014/02/26 19:00:34 | 003,640,320 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7e7ed14f2b9a7e3d94307462aa99f5b9\System.Runtime.Serialization.ni.dll
[2014/02/26 19:00:34 | 000,001,308 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\7e7ed14f2b9a7e3d94307462aa99f5b9\System.Runtime.Serialization.ni.dll.aux
[2014/02/26 19:02:37 | 000,028,672 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll
[2014/02/26 19:02:37 | 000,000,376 | ---- | M] () -- \Windows\assembly\NativeImages_v4.0.30319_64\System.Xml.84e525b7#\7c4a5c747f2dcdac0329022b43a7be6b\System.Xml.Serialization.ni.dll.aux
[2013/09/11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Json\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Json.dll
[2013/09/11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Primitives\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Primitives.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Xml\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Xml.dll
[2013/09/11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2013/09/11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2013/09/11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.XmlSerializer\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Xml.XmlSerializer.dll
[2009/06/10 14:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 03:53:24 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/06/10 13:40:06 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012/10/05 03:52:38 | 000,847,872 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013/09/11 23:33:38 | 001,052,320 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2013/09/11 23:33:38 | 000,133,344 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Json.dll
[2013/09/11 22:21:54 | 000,022,208 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Primitives.dll
[2013/09/11 22:21:54 | 000,022,176 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Xml.dll
[2013/09/11 22:21:54 | 000,036,480 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2013/09/11 22:21:54 | 000,022,656 | ---- | M] () -- \Windows\Microsoft.NET\Framework64\v4.0.30319\System.Xml.XmlSerializer.dll
[2009/07/13 18:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/06/10 13:37:50 | 000,038,400 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_amd64_neutral_6fb75ea318f84fe5\grserial.sys
[2010/11/21 00:06:15 | 000,005,120 | ---- | M] () -- \Windows\System32\en-US\serialui.dll.mui
[2009/07/13 18:16:13 | 000,015,360 | ---- | M] () -- \Windows\SysWOW64\serialui.dll
[2010/11/21 00:06:15 | 000,005,120 | ---- | M] () -- \Windows\SysWOW64\en-US\serialui.dll.mui
[2010/11/21 00:06:20 | 000,005,120 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781\serialui.dll.mui
[2009/07/13 18:41:54 | 000,017,920 | ---- | M] () -- \Windows\winsxs\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360\serialui.dll
[2010/11/21 00:06:21 | 000,010,240 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_en-us_64015f894ce7c72a\serial.sys.mui
[2009/07/13 17:00:40 | 000,094,208 | ---- | M] () -- \Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
[2009/06/10 13:40:06 | 000,131,072 | ---- | M] () -- \Windows\winsxs\amd64_netfx-system.runtim..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_a9d1bee515273f56\System.Runtime.Serialization.Formatters.Soap.dll
[2009/06/10 13:37:50 | 000,038,400 | ---- | M] () -- \Windows\winsxs\amd64_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_ce9ed3064deed3aa\grserial.sys
[2010/11/20 20:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722\System.Runtime.Serialization.dll
[2012/10/05 03:52:38 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b\System.Runtime.Serialization.dll
[2012/10/05 03:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53\System.Runtime.Serialization.dll
[2010/11/20 20:24:53 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb\System.Runtime.Serialization.dll
[2012/10/05 03:52:37 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4\System.Runtime.Serialization.dll
[2012/10/05 03:56:11 | 000,847,872 | ---- | M] () -- \Windows\winsxs\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec\System.Runtime.Serialization.dll
[2012/11/16 00:39:27 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2012/11/16 00:39:27 | 000,017,792 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8_kdcom.dll_db5e7744
[2010/11/21 00:06:44 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_edb61e94e4562781_serialui.dll.mui_7d29d2a3
[2009/07/13 19:57:29 | 000,017,920 | ---- | M] () -- \Windows\winsxs\Backup\amd64_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_50f69335385bc360_serialui.dll_bea29328
[2010/11/21 00:06:45 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b_serialui.dll.mui_7d29d2a3
[2009/07/13 19:58:37 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009/07/13 19:15:17 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_6daa7ec5c65bf5bc.manifest
[2011/02/05 10:35:45 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.17556_none_6fb25371c3691bc8.manifest
[2011/02/05 06:11:05 | 000,002,766 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7601.21655_none_703aeff2dc87a23b.manifest
[2009/07/13 19:11:30 | 000,000,868 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_88b1c48f2026fe3f.manifest
[2010/11/20 20:17:50 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17514_none_5918bfde74e3f722.manifest
[2012/10/05 11:18:30 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.17966_none_591d933074dfaa5b.manifest
[2012/10/05 11:10:31 | 000,002,237 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization.ref_b03f5f7f11d50a3a_6.1.7601.22126_none_424bee728e8a9f53.manifest
[2010/11/20 20:17:50 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_93efcca8c8dbf1bb.manifest
[2012/10/05 11:19:07 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_93f49ffac8d7a4f4.manifest
[2012/10/05 11:11:10 | 000,002,262 | ---- | M] () -- \Windows\winsxs\Manifests\amd64_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_7d22fb3ce28299ec.manifest
[2010/11/20 20:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c.manifest
[2012/10/05 10:15:39 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285.manifest
[2012/10/05 10:17:50 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d.manifest
[2010/11/21 00:05:51 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_en-us_8f71d563bf7aa3c2.manifest
[2012/10/05 11:09:41 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.17966_en-us_8f4bb639bfcd9db1.manifest
[2012/10/05 10:57:17 | 000,000,531 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7601.22126_en-us_787a117bd97892a9.manifest
[2010/11/20 20:17:50 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f.manifest
[2012/10/05 10:15:03 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8.manifest
[2012/10/05 10:17:15 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0.manifest
[2010/11/20 20:18:20 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1.manifest
[2012/10/05 10:19:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa.manifest
[2012/10/05 10:22:10 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2.manifest
[2009/06/10 14:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2010/11/20 20:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17514_none_a67f221874da7f4c\System.Runtime.Serialization.dll
[2012/10/05 03:53:24 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.17966_none_a683f56a74d63285\System.Runtime.Serialization.dll
[2012/10/05 03:56:07 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7601.22126_none_8fb250ac8e81277d\System.Runtime.Serialization.dll
[2010/11/20 20:24:53 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17514_none_d6c257b29c81807f\System.Runtime.Serialization.dll
[2012/10/05 03:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.17966_none_d6c72b049c7d33b8\System.Runtime.Serialization.dll
[2012/10/05 03:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7601.22126_none_bff58646b62828b0\System.Runtime.Serialization.dll
[2010/11/21 00:06:15 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_en-us_919783112bf8b64b\serialui.dll.mui
[2009/07/13 18:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2010/11/20 20:25:11 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17514_none_db9d037fdd581ac1\System.Runtime.Serialization.dll
[2012/10/05 03:53:23 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.17966_none_dba1d6d1dd53cdfa\System.Runtime.Serialization.dll
[2012/10/05 03:56:05 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7601.22126_none_c4d03213f6fec2f2\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 21 bytes -> \Users\user\AppData\Local\Sony Online Entertainment\ApplicationUpdater\wws_crashreport_uploader.exe:crc
@Alternate Data Stream - 21 bytes -> \Users\user\AppData\Local\Sony Online Entertainment\ApplicationUpdater\ApplicationDownloaderService.exe:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\wws_crashreport_uploader.exe:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\wws_crashreport_uploader.exe:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\APEX_Loader_x86.dll:crc
@Alternate Data Stream - 21 bytes -> \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\APEX_Loader_x64.dll:crc

< End of report >

A tady je log EXTRAS:

OTL Extras logfile created on: 4/30/2014 9:26:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.95 Gb Total Physical Memory | 13.24 Gb Available Physical Memory | 83.04% Memory free
31.89 Gb Paging File | 28.86 Gb Available in Paging File | 90.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862.92 Gb Total Space | 1493.03 Gb Free Space | 80.14% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04363066-07FF-4340-BBCA-6C0860DAD396}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{04CFCA02-E90D-44C8-9EE0-F17052944105}" = rport=139 | protocol=6 | dir=out | app=system |
"{0EA80904-FE69-43AF-851D-8591122DBB0A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{15BD2F7C-BAD3-4B63-99FE-9B79333C3B78}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1DD20AB2-C975-47D0-8343-37DF9E049E3A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{1DD9943F-E4C1-42CF-A26F-5C207FD0BE4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{1F3598B9-1DC8-41F8-87F4-FF520210FBD3}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{21901360-F75D-402F-81A7-678F99DB2430}" = lport=445 | protocol=6 | dir=in | app=system |
"{2360449F-30EB-460A-ABA4-78951DADD83C}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{27AA3827-A3BE-48B6-8A5A-50CFFD6DDE7D}" = rport=137 | protocol=17 | dir=out | app=system |
"{27FD13A2-F212-480B-8870-FC9FB189CF8B}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{3E43DA02-4258-4AC4-AE88-95BEA785962C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{47982A4D-4107-4B60-B7F8-03D7EE01793E}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{486F0750-017E-40CD-B99D-16E91D983F74}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{49F42D66-DC62-44F1-9A15-552B08092549}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4AE95F46-8EC7-4068-927D-D8F2948DD9C6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51BF77DA-0129-47C0-A506-255B3EFA45D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{575CE261-BB72-452B-8E9A-77A95988854C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BCEB4D7-90E0-45FA-A695-7F7F06A15181}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5CCED524-2D7D-4E7A-957A-27C9C02C5D97}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{5E12D896-C2E0-45B5-9202-DE8912E8800C}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{6214B8C2-B2BE-4C9D-AE80-BBFD5F373C92}" = lport=137 | protocol=17 | dir=in | app=system |
"{659BA65C-7D17-43CF-A069-554B7A2C4848}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{708C84CE-7440-4136-A19F-92C978DD6565}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73004DC2-D853-4970-8AD7-7F00F61257A4}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{73903699-0DA7-465D-A5EB-7C60716BCEE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8BAF5891-1BF6-4083-8796-088644962B43}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{93C1DBAB-5CA0-4D6F-BDDC-71D92BB11D0F}" = rport=138 | protocol=17 | dir=out | app=system |
"{9948D9B4-4CE2-47BE-ADBE-E79BF155C95B}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{9F1C0981-47BE-4A6C-A1E8-9F0F12A36D50}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A4474AD9-E2F1-42E3-9DEB-8FB800284C3F}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{A8003318-81CE-494B-9BE2-675B9074C8CA}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B0CC8793-1018-485F-97C7-630CB4FA3698}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B52CDA29-7F70-46F4-935A-CA446940DA35}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{B6F211DF-893F-4408-AC27-A59F01ADA984}" = lport=139 | protocol=6 | dir=in | app=system |
"{B8531EDF-30C1-432A-9A43-067787DAE03D}" = rport=445 | protocol=6 | dir=out | app=system |
"{C222E33B-6F46-4A28-BB2F-41E081271ADC}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C65049DB-F1AA-445D-8A27-70FA7EC88880}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C7D96C42-BE76-4BC4-BE7B-A06C16D6643B}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{CD140C74-D9AC-4965-9253-E3A0F1B72E68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D780D2D3-2C6E-4A4B-808C-291839ED713A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D9A45297-956D-4028-BB5D-950F431CDA05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA7964CE-ED85-4133-AE09-6F494C8787ED}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DADA6D1F-B311-440B-A0AB-D04AA9D56F48}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{DDEEEA1E-33A5-475E-A13E-26533D917868}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{F4B869BA-9066-4E55-83FD-4BD1609342F0}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{F84DB607-9054-4358-82A8-66CFD57DB296}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128E8B1-A2F7-45FA-9B6A-8F38B4BFCE64}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{039B0307-1A19-4AFC-B7C1-DD8CE321C132}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{082A23F9-53CD-4979-9350-6936C89ECFAB}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe |
"{08A80193-007D-4AEA-877C-C90CFC46FAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\heroes & generals\live\hng.exe |
"{08A864BA-75A2-4481-81AC-0A0BA2943AF2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{092CB0C0-585D-4D94-A4E5-8F2614EBD2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
"{09CEEB0E-2C0D-4839-AAFF-F6078649B934}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B4AB95F-13E9-4031-AF51-637289A9CAF7}" = dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\prbf2.exe |
"{10CCCB22-3C3A-4A13-8312-DE36C22B7953}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11DD528F-76AE-4161-9209-D671B2B8FA14}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{1B08DEEE-7203-4573-8D05-4238D78A0B04}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{1BBCDE7C-102E-4B6E-82B0-2CB3B24A630A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DAC42EA-9426-4ABD-88F5-B6340931F6DF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1F0D6D16-D132-4D10-8403-945008AF6496}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{207416C1-97CF-455F-99A7-91B55B6927DC}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{23E6E776-BD13-421A-9AE1-587AAF159840}" = protocol=6 | dir=out | app=system |
"{254283E1-4B62-4064-A8F0-9FC83372D7E4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29EF13FD-EB47-4CCE-AD3B-1042AF92E1A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2BD74F8D-9826-4C51-8377-E5980CFA246A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{2C66B1AB-72A3-478C-AD76-F48BB9021632}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{33AAF5EC-EAF3-45D5-BFFD-8AB6066C157B}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{37D5267B-00B7-40E3-9FA4-8E6AEE387A42}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{3854EF44-EAC8-4852-8A77-879B7A929572}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3C888F66-67A6-42B1-8A68-910B4BE3E87D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FDBC685-07AD-4380-8997-151FB6A464EB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42CC3D6E-BC7F-4ADF-ABA8-B5BCCB521948}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the battle for middle-earth (tm) ii\game.dat |
"{4300F500-D638-43ED-A1F7-883F9F440FA7}" = dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\mods\pr\bin\prupdater.exe |
"{4384C36E-F435-487C-9BE3-D06FE4576478}" = dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\mods\pr\bin\prmumble\prmumble.exe |
"{449AD0CC-A596-4E8C-AA72-3483EEDCC870}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{49E68763-EDAC-4F25-871A-0EEF4F66F305}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\bf2.exe |
"{4C4BFBD0-134E-4743-9A57-B336BC9D07E7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4D30711E-A3AD-4AEE-9975-0A55463E8499}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{4E2F59D6-4382-488B-BB5F-18EFC28971E6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\metro last light\metroll.exe |
"{5114D10F-F60F-4223-B2E1-8B1825577A62}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe |
"{53C6349F-451E-40E7-A088-B98959D061D9}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{56CC4987-3BB4-46E1-9DFC-C7D32C841ACC}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic.exe |
"{56F942AD-460F-419A-8101-BFD6B930086E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5BB52F7B-4376-4CD8-9336-634D71E6EF42}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{5E030750-356D-44B3-9E54-CD47612218A7}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{5F3C420D-DC35-44CF-81F7-BDB3435543A3}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6328AB11-9F14-4A42-BA35-926D76D5F3D1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{6553079F-44AD-4438-BA56-0B6F38F2033C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{6624C73E-6D86-490F-8CA8-45327E3385F9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{68DA49C7-9207-48D6-8EA2-04B9AD6D9D3A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6ABDD590-C230-49BB-BC03-CE92262CEFBC}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_ds.exe |
"{6BD07E8B-E90D-4645-B116-C72223C58705}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\south park - the stick of truth\south park - the stick of truth.exe |
"{6D47613D-754C-4567-843C-BED274D032B4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{6E39D878-A6C1-439E-9117-7EE5F7830C5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{799189D6-2187-4371-ACFA-7AAA4FFA79C8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8381DD39-035C-4A5E-B131-BB5F8927D57E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8430DB0C-6DDB-4135-B54A-0787BB3E7AD6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85C21BDF-C1B1-42C4-A492-6FD065E4075E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{86A24A69-E0B9-40F0-AD5D-4B08EB8D9571}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\napoleon total war\napoleon.exe |
"{86E1572A-21D6-49D3-BD74-153FC9D1BA3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{87819658-EDB0-40CC-BBB0-5C40A5377BF7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{8E3F2EA9-149C-46A0-88E0-60310C98D33D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{8ECFEFFE-F12B-462A-8B82-7B0FE418DC23}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{97F26593-8DA3-456F-BF04-A8D997D0EFF5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{98F7E0AF-858A-4E0E-9FCA-FFE9E665736D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironfront\ironfront.exe |
"{9AAC951E-6389-4E67-B382-49AE2298723F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A114014D-BBC2-427C-B080-1EFCDBF42189}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{A78FE0A6-6E6E-4D1E-8C89-787DDD95519F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\red orchestra 2\binaries\win32\rogame.exe |
"{A7F63289-8D25-4A6B-82C3-67AA96B0585A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{A9F91E7E-4B7C-4868-8129-52CAC8A0D73F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{AB143BF4-8FF5-4F39-BA9A-82B8329A6E13}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{AEBAAC85-C791-4396-A128-9EBE787422B7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2C92167-B6E6-4F71-A2BD-1E73D0E1A113}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{B32AA366-D13C-42AB-B6E3-47D896C22A30}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{B4031BC4-207D-4788-8015-FD7EE1BBEBD1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\reliccoh.exe |
"{C027C9C1-A049-4C47-8198-B77C01D6BE7C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{C35302F7-0F1C-4ED8-AB13-F999E2E89E74}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C6C75258-1EF4-4FA9-B6F9-A5260CCED48D}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
"{C9437CDB-DE01-4CEB-B1DE-AD1B8B773FFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C94B7BBA-7528-4065-A327-32837718CFBA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{CBEDCF47-1987-43D7-91B9-ABD48A635C66}" = protocol=58 | dir=in | app=system |
"{CE98CBD2-251C-47BB-908F-191AEED7894E}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{CF435147-87DC-436B-91AA-874531FBDB1A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{CF81AEA8-119D-44EE-A102-36E2C09F64BE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\empire total war\empire.exe |
"{D0CFAF8F-79DE-46DA-8EF7-BE4DA2BD625A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\south park - the stick of truth\south park - the stick of truth.exe |
"{D350C351-6518-4DED-AB7A-3FC2073DE300}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\wargame airland battle\wargame2.exe |
"{D367F158-5639-426A-853D-E7EACAC3DE41}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes relaunch\reliccoh.exe |
"{D47B3F52-D324-4065-95C9-8D7F6D105E4A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{D4D93A49-7054-4920-A352-757104127E82}" = protocol=17 | dir=in | app=c:\program files (x86)\heroes & generals\live\hng.exe |
"{D74F0690-F98C-4F91-980B-A1B28412E16D}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{D8758343-83B4-41A9-B159-16ED2F65B9C4}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe |
"{DBC2C769-FDC6-4C2A-8336-9204FC077F61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DD48A690-D85F-40FD-B241-6DCE435CB089}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ironfront\ironfront.exe |
"{E93E8CA6-8FB5-4FBF-8AA6-DECE30D92C5A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{EAD11E0E-DF03-47F6-8532-675B1DE3924A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\launcher\launcher.exe |
"{EAF83EF6-D111-4A89-ACA9-BB38E4E84C32}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EC57DEB2-A8EB-41B3-8851-0738E2024D28}" = dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\mods\pr\bin\prlauncher.exe |
"{EE3672E3-D024-4746-BD58-8A0D666A3B31}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{F40B087B-4F32-4842-8F2B-4BF24A9E65B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB1781C4-71FD-4395-ABF4-762633490698}" = protocol=17 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe |
"{FCB95F93-0093-4353-AE14-FF4674EAB6C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FCD8B587-CC3E-452C-A1A0-3CF83A32D280}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes 2\reliccoh2.exe |
"{FEBDE4F8-1509-448A-AD50-B7E09C433AF3}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FF726444-39BE-4E40-8C15-5A721E57097D}" = protocol=6 | dir=in | app=c:\program files (x86)\sierra entertainment\world in conflict\wic_online.exe |
"TCP Query User{16D6DCC3-40D1-46AF-80C9-7CCCFAFD7055}C:\program files (x86)\sunflowers\paraworld\bin\pwserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sunflowers\paraworld\bin\pwserver.exe |
"TCP Query User{17D1BCB5-1EE5-478C-BF46-DAFE04BC7835}C:\program files (x86)\renegade x\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\renegade x\binaries\win32\udk.exe |
"TCP Query User{1DCEB802-8A77-4070-8B08-ADDBBFA2DF71}C:\program files (x86)\1c company\men of war\outfront_mp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\men of war\outfront_mp.exe |
"TCP Query User{35A4ED39-66D6-4516-AF7D-17F06A17B765}C:\program files (x86)\1c company\men of war\mow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1c company\men of war\mow.exe |
"TCP Query User{37961ACB-B007-4626-AD4F-89F9D27AA24C}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"TCP Query User{455E968F-2322-421C-B613-CB97ED269704}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"TCP Query User{48308DE9-8554-4D1E-9161-55DE230E85EB}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |
"TCP Query User{5A9E2E93-0D05-4160-85C9-BE8EED34166A}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{60BBEE3F-861A-4AA0-8D8C-469B42B583A1}C:\users\user\appdata\local\temp\f65a4e662fab4164ac42a6f92863ef93\relicdownloader.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\temp\f65a4e662fab4164ac42a6f92863ef93\relicdownloader.exe |
"TCP Query User{847A23E0-715A-49EB-B78D-FE82289F4A27}C:\program files (x86)\steam\steamapps\common\battlefield 2\forgottenhope2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\forgottenhope2.exe |
"TCP Query User{909CCB52-7474-4CDF-8911-9077EAD6802F}C:\users\user\appdata\local\forgotten_hope\updater\fh2updater.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\forgotten_hope\updater\fh2updater.exe |
"TCP Query User{BB448E6A-1A0E-4F36-AFBC-89A4A320E862}C:\program files (x86)\steam\steamapps\common\battlefield 2\prbf2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\prbf2.exe |
"TCP Query User{E78CA7D6-4B06-4297-A128-779337727C5C}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"TCP Query User{FB12E934-EB6D-4DBF-B6B0-0DE6FA58AE32}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{04DF1BF6-7FE2-414C-9485-9DF531D0F6FA}C:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2\planetside2.exe |
"UDP Query User{1792DA60-9E9E-414E-8401-AAB7072C20A7}C:\program files (x86)\1c company\men of war\outfront_mp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\men of war\outfront_mp.exe |
"UDP Query User{27DE0209-4771-4ECF-AF58-71AF9C5F56C9}C:\program files (x86)\steam\steamapps\common\battlefield 2\prbf2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\prbf2.exe |
"UDP Query User{32BC0EEF-0A35-4A9A-87C9-9606E9A01D1C}C:\users\user\appdata\local\temp\f65a4e662fab4164ac42a6f92863ef93\relicdownloader.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\temp\f65a4e662fab4164ac42a6f92863ef93\relicdownloader.exe |
"UDP Query User{366DBC1B-B70C-4C52-A12C-BB96FAB74ED4}C:\program files (x86)\1c company\men of war\mow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1c company\men of war\mow.exe |
"UDP Query User{43EC8FC5-9557-4AB0-BA78-36AC82A7CCA1}C:\program files (x86)\sunflowers\paraworld\bin\pwserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sunflowers\paraworld\bin\pwserver.exe |
"UDP Query User{79152A32-880E-4E00-BD47-D89AE8B1E6F7}C:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\company of heroes\relicdownloader\relicdownloader.exe |
"UDP Query User{8F29E25A-BD89-4945-B3D8-7B7B2ED478BC}C:\users\user\appdata\local\forgotten_hope\updater\fh2updater.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\forgotten_hope\updater\fh2updater.exe |
"UDP Query User{AE7CDEB3-965C-48E9-BA9A-458F1EE4AA48}C:\program files (x86)\renegade x\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\renegade x\binaries\win32\udk.exe |
"UDP Query User{B21B2707-495A-4437-938C-3C3058D7BB90}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe |
"UDP Query User{BE5A0315-A017-4C09-B6F9-0EC8369D4A1D}C:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"UDP Query User{D43CD739-5B04-4EF4-834A-6B286935A6BD}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{F00EEA17-8E5E-477D-B9C7-C7282F57F572}C:\program files (x86)\steam\steamapps\common\battlefield 2\forgottenhope2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\battlefield 2\forgottenhope2.exe |
"UDP Query User{FC98EDEB-B50C-4560-92E2-F5575E515A23}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A39D1D51-E8DE-4B07-016D-73C232E1E1D8}" = ATI Catalyst Install Manager
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 335.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 12.4.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 12.4.55
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.22
"Project Reality: BF2 (pr)_is1" = Project Reality: BF2
"WinRAR archiver" = WinRAR 5.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{9F7FC1EC-5C07-44A4-8338-22AF90644273}_is1" = German Soldiers Mod Fields of Honor 6.2
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{CE244E07-B58F-4140-806F-34FB0CDDE8CA}" = Medieval II Total War Kingdoms
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}" = Google Drive
"{EAA01BA0-6991-4296-A404-4FFF2DAC2225}" = ParaWorld
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.143
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F11ADC64-C89E-47F4-A0B3-3665FF859397}" = World in Conflict
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ACW 3.0 Brothers vs Brothers Music(only)" = ACW 3.0 Brothers vs Brothers Music
"ACW Brothers vs Brothers3.3" = ACW Brothers vs Brothers
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for Iron Front" = BattlEye for Iron Front Uninstall
"Bf2SP64 v2.31" = Bf2SP64 v2.31
"DarthMod Empire8.0 Platinum" = DarthMod Empire
"DarthMod Empire8.0.1 Platinum" = DarthMod Empire
"DarthMod Napoleon" = DarthMod Napoleon
"Eastern Front" = Eastern Front
"ESN Sonar-0.70.4" = ESN Sonar
"EUROPE AT WAR MOD ( Created by Dartborne. )6.1.8" = Parche Europe At War v6.1.8
"Forgotten Hope 2" = Forgoten Hope 2 (2 of 2) (dummy)
"Google Chrome" = Google Chrome
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Origin" = Origin
"Patch for "Men of War"_is1" = Patch 1.16.4 for "Men of War"
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Steam App 10500" = Empire: Total War
"Steam App 213670" = South Park™: The Stick of Truth™
"Steam App 214950" = Total War: ROME II
"Steam App 222750" = Wargame: AirLand Battle
"Steam App 228200" = Company of Heroes (New Steam Version)
"Steam App 231430" = Company of Heroes 2
"Steam App 24860" = Battlefield 2
"Steam App 34030" = Napoleon: Total War
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"Steam App 91330" = Iron Front : Liberation 1944
"Steam App 9340" = Company of Heroes: Opposing Fronts
"Uplay" = Uplay
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NHCmod v2.700b" = NHCmod v2.700b
"SOE-C:/Users/Public/Sony Online Entertainment/Installed Games/PlanetSide 2" = gamelauncher-ps2-live
"SOE-C:/Users/user/AppData/Local/Sony Online Entertainment/ApplicationUpdater" = applicationupdater
"SOE-PlanetSide 2" = PlanetSide 2
"Third Age - Total War 3.0 (Part 1of2)" = Third Age - Total War 3.0 (Part 1of2)
"Third Age - Total War 3.0 (Part 2of2)" = Third Age - Total War 3.0 (Part 2of2)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2014 6:24:42 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2014 7:35:49 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0x3f4 Faulting application
start time: 0x01cf64039863c4d8 Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: fdf4aac9-cff6-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 7:36:53 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0x358 Faulting application
start time: 0x01cf6403db0f836d Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: 243d1143-cff7-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 7:39:01 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001d8117 Faulting process id: 0x49c Faulting application
start time: 0x01cf640426c79542 Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: 705e4d02-cff7-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 7:39:46 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0xa94 Faulting application
start time: 0x01cf640441576602 Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: 8b357768-cff7-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 7:42:19 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0x1338 Faulting application
start time: 0x01cf640491c892af Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: e6612a70-cff7-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 7:43:04 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0x125c Faulting application
start time: 0x01cf6404b81bfd50 Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: 0189c0ae-cff8-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 8:26:22 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0xcf4 Faulting application
start time: 0x01cf640aae726f95 Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: 0e4cde5b-cffe-11e3-a2f4-10bf48bc0bb0

Error - 4/29/2014 8:27:33 PM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SimJP.exe, version: 0.0.0.0, time stamp:
0x21544c66 Faulting module name: SimJP.exe, version: 0.0.0.0, time stamp: 0x21544c66
Exception
code: 0xc0000005 Fault offset: 0x001e3c79 Faulting process id: 0x884 Faulting application
start time: 0x01cf640aef5e0f64 Faulting application path: C:\Users\user\Desktop\JURASSIC
PARK\SimJP.exe Faulting module path: C:\Users\user\Desktop\JURASSIC PARK\SimJP.exe
Report
Id: 38573ef6-cffe-11e3-a2f4-10bf48bc0bb0

Error - 4/30/2014 10:44:59 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/28/2014 9:34:50 PM | Computer Name = user-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 4/28/2014 9:34:50 PM | Computer Name = user-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 4/28/2014 9:38:19 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/28/2014 9:38:37 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/28/2014 9:39:53 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577

Error - 4/28/2014 9:39:54 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577

Error - 4/29/2014 6:23:11 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577

Error - 4/29/2014 6:23:11 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577

Error - 4/30/2014 10:43:27 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The atksgt service failed to start due to the following error: %%577

Error - 4/30/2014 10:43:27 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The lirsgt service failed to start due to the following error: %%577


< End of report >

Pozor na velikost adresare plochy! C:\Users\user\Desktop
Vidim tam nejake video. Cim vetsi plocha je, tim pomalejsi je pc.



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands) Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Jo na plose mam 3 videa Hobit a GoT uz sem je schoval TADY JE LOG:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hedev
->Temp folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user
->Temp folder emptied: 3494628311 bytes
->Temporary Internet Files folder emptied: 87430427 bytes
->Google Chrome cache emptied: 21330869 bytes
->Flash cache emptied: 4914 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715635 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3998 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42328347 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,478.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: hedev

User: Public

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21A51130-7285-49FE-B3F6-2385CC71CDEA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ not found.
Registry key HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2080601920-2927812346-669093319-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
File C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll not found.
File C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ not found.
File C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1CE3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP95BB.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBE20.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC930.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1140.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP45F4.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5A5B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5BFE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6A94.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP6B8E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFDB1.tmp\MMCEx.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPFDB1.tmp folder deleted successfully.
C:\Windows\Installer\MSI106.tmp deleted successfully.
C:\Windows\Installer\MSIC.tmp deleted successfully.
C:\Windows\SoftwareDistribution\Download\04f928f3d08c1b3ebb3d20634b77577f\BITA318.tmp deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icoEFEE.tmp deleted successfully.
ADS \Users\user\AppData\Local\Sony Online Entertainment\ApplicationUpdater\wws_crashreport_uploader.exe:crc deleted successfully.
ADS \Users\user\AppData\Local\Sony Online Entertainment\ApplicationUpdater\ApplicationDownloaderService.exe:crc deleted successfully.
ADS \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\wws_crashreport_uploader.exe:crc deleted successfully.
ADS \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.libs\wws_crashreport_uploader.exe:crc deleted successfully.
ADS \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\APEX_Loader_x86.dll:crc deleted successfully.
ADS \Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\APEX_Loader_x64.dll:crc deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 04302014_155135

Files\Folders moved on Reboot...
C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Zkontrolujte, jaka je ted velikst plochy C:\Users\user\Desktop


Vsechny tyto programy - vcetne pripadne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)

Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.piriform.com/ccleaner/download/slim a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.

JO jak uz sem napsal pocitac se uz zlepsil po prvnim vycisteni uz se neukazuje ten program a myslim ze je aji rychlejsi Dekuju mnohokrat za pomoc! defragmentaci disku sem jeste neprovedl az pozdeji pac mi to psalo ze to bude trvat den

Fajn, pokud je tedy vse v poradku, mame hotovo

Nemate zac!

Mejte se a treba zase nekdy