TechSpot

Worm:Win32/Rebhip.A Virus Logs

By Carnarvaro
Apr 15, 2013
  1. Hello, I have been able read the instructions here and I am following them to have this virus Worm:Win32/Rebhip.A removed. It infected my pc when someone with an infected removable drive opened it without scanning it. Thanks for the help. Find my logs in the next reply
     
  2. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.04.15.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    VICTOR :: VICTOR-PC [administrator]

    Protection: Enabled

    15-Apr-13 11:51:08 AM
    mbam-log-2013-04-15 (11-51-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225970
    Time elapsed: 17 minute(s), 33 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 2
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191} (PUP.GamePlayLab) -> Quarantined and deleted successfully.

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|servieca.vbe (Trojan.Banker) -> Data: "C:\Users\VICTOR\AppData\Local\Temp\servieca.vbe" -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Users\VICTOR\Downloads\brutus-aet2.zip (HackTool.Brutus) -> Quarantined and deleted successfully.
    C:\Users\VICTOR\AppData\Local\Temp\servieca.vbe (Trojan.Banker) -> Delete on reboot.

    (end)
     
  3. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    This the DSS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.17.2
    Run by VICTOR at 14:32:39 on 2013-04-15
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2924.586 [GMT 3:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erlsrv.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erl.exe
    C:\PROGRA~2\APACHE~1\CouchDB\ERTS-5~1.5\bin\epmd.exe
    C:\Windows\system32\CxAudMsg64.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
    C:\Program Files (x86)\Jenkins\jenkins.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\PROGRA~2\APACHE~1\CouchDB\lib\os_mon-2.2.7\priv\bin\win32sysinfo.exe
    C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Jenkins\jre\bin\java.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Users\VICTOR\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Logitech\Vid\Vid.exe
    C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.com/ig
    uDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    uProxyOverride = <local>
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    uURLSearchHooks: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - <orphaned>
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: {0055C089-8582-441B-A0BF-17B458C2A3A8} - <orphaned>
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll
    BHO: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - E:\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
    TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
    TB: QuickStores-Toolbar: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} -
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -
    uRun: [AdobeBridge] <no file>
    dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
    StartupFolder: C:\Users\VICTOR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
    StartupFolder: C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\servieca.vbe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Launcher.lnk - C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Windows\System: UseOEMBackground = dword:1
    IE: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\jc_all.htm
    IE: &Download with FlashGet - C:\Program Files (x86)\FlashGet\jc_link.htm
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\FlashGet.exe
    TCP: NameServer = 196.43.133.5 196.43.133.6
    TCP: Interfaces\{15DEC016-4A57-417B-9B3A-EB3C169B1E83} : DHCPNameServer = 41.221.87.2 41.221.81.132
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4} : DHCPNameServer = 196.43.133.5 196.43.133.6
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}\1425D435D223 : DHCPNameServer = 10.0.0.4 196.43.133.5 196.43.133.6
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}\1496274756C60233E27353740275962756C6563737 : DHCPNameServer = 192.168.88.1
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}\242434D2D455B4D27455543545 : DHCPNameServer = 192.168.40.1
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}\34255454340237F6C6162702C61626F6271647F62797 : DHCPNameServer = 196.43.133.5 196.43.133.6
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}\35D696C656C44554 : DHCPNameServer = 192.168.1.1 192.168.1.1
    TCP: Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}\6555D27427F657E64664C6F6F627D25487475627E616C6 : DHCPNameServer = 10.0.20.70
    TCP: Interfaces\{E11633E8-E113-48D4-B91A-817719B4D2FB} : DHCPNameServer = 41.221.87.2 41.221.81.132
    TCP: Interfaces\{E2192482-261A-4EE8-B1C7-6DBF0F2321F6} : DHCPNameServer = 8.8.4.4 8.8.8.8
    TCP: Interfaces\{E9259706-1E68-445D-BF13-2C9834503D31} : DHCPNameServer = 41.221.87.2 41.221.81.132
    TCP: Interfaces\{F0F3A386-2433-4977-819B-C36B6F592886} : DHCPNameServer = 196.43.133.5 196.43.133.6
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://acer.msn.com
    x64-mDefault_Page_URL = hxxp://acer.msn.com
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=2&q=
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 9050
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.313\npMcAfeeMSS.dll
    FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: C:\Users\VICTOR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    FF - plugin: C:\Users\VICTOR\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}\plugins\np-mswmp.dll
    FF - plugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npo1d.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
    FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - c87bbeb400000000000000ffa0c23d86
    FF - user.js: extensions.BabylonToolbar_i.hardId - c87bbeb400000000000000ffa0c23d86
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15370
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.175:06:01
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2011-4-18 203888]
    R1 anodlwf;ANOD Network Security Filter driver;C:\Windows\System32\drivers\anodlwfx.sys [2012-9-10 15872]
    R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-5-3 22912]
    R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-5-3 20328]
    R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-5-3 62584]
    R2 Apache CouchDB01ce105856a98600;Apache CouchDB;C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erlsrv.exe [2013-2-21 146432]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-9-16 105120]
    R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
    R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\System32\CxAudMsg64.exe [2011-6-20 198784]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-5-3 352336]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2011-8-29 145008]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 98688]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-9-16 30368]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-5-3 317440]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-5-3 76912]
    R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-15 25928]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-3 333928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-9-16 36000]
    S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-9-16 330912]
    S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-9-16 110240]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-9-16 167584]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-9-16 68256]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-9-16 280992]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-9-16 517280]
    S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\System32\drivers\ew_hwusbdev.sys [2012-4-26 117248]
    S3 ewsercd;Huawei DataCard USB Serial Port;C:\Windows\System32\drivers\ewsercd.sys [2012-1-12 112896]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\Windows\System32\drivers\ewusbwwan.sys [2011-8-30 421888]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\System32\drivers\ewusbnet.sys [2012-4-26 138752]
    S3 huawei_cdcacm;huawei_cdcacm;C:\Windows\System32\drivers\ew_jucdcacm.sys [2012-4-26 91136]
    S3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2012-4-26 85504]
    S3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;C:\Windows\System32\drivers\jrdusbser.sys [2013-3-24 119680]
    S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-5-15 271712]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-5-15 329952]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-5-15 6465760]
    S3 mvusbews;USB EWS Device;C:\Windows\System32\drivers\mvusbews.sys [2012-4-5 20480]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2008-5-16 115240]
    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2009-3-25 113704]
    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2009-3-25 19496]
    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2009-3-25 153128]
    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2009-3-25 133160]
    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2009-3-25 34856]
    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2009-3-25 128552]
    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2009-3-25 146472]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 USB18PRG;mikroElektronika USB18F Device (x64 Platform);C:\Windows\System32\drivers\USB18PRG.sys [2009-11-17 53320]
    S3 VSPerfDrv100;Performance Tools Driver 10.0;E:\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
    .
    =============== File Associations ===============
    .
    FileExt: .chm: chm.file="C:\Windows\hh.exe" %1 [UserChoice]
    FileExt: .js: jsfile="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"
    ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"
    .
    =============== Created Last 30 ================
    .
    2013-04-15 06:56:09--------d-----w-C:\Users\VICTOR\AppData\Roaming\Malwarebytes
    2013-04-15 06:55:29--------d-----w-C:\ProgramData\Malwarebytes
    2013-04-15 06:55:2125928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-04-15 06:55:20--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-04-12 18:33:0576232----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73DE9187-CBE3-4B70-BA31-2AAA3A83072D}\offreg.dll
    2013-04-12 18:31:539311288----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{73DE9187-CBE3-4B70-BA31-2AAA3A83072D}\mpengine.dll
    2013-04-10 13:08:4417121---ha-w-C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\servieca.vbe
    2013-04-10 11:34:149311288----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-03-27 06:36:36--------d--h--w-C:\Program Files (x86)\Zero G Registry
    2013-03-27 06:28:34--------d--h--w-C:\Users\VICTOR\InstallAnywhere
    2013-03-25 20:39:35--------d-----w-C:\Program Files (x86)\e-Sword
    2013-03-25 20:39:35--------d-----w-C:\Program Files (x86)\Common Files\EzTools
    2013-03-25 20:37:42--------d-----w-C:\Users\VICTOR\AppData\Local\Downloaded Installations
    2013-03-23 21:04:54119680----a-w-C:\Windows\System32\drivers\jrdusbser.sys
    2013-03-23 21:04:521724416----a-w-C:\Windows\SysWow64\Gdiplus.dll
    2013-03-23 21:04:50103424----a-w-C:\Windows\SysWow64\MyDIT_GenClassCoInst.dll
    2013-03-20 05:37:292560----a-w-C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
    2013-03-20 05:37:289728----a-w-C:\Windows\System32\Wdfres.dll
    2013-03-20 05:37:28785512----a-w-C:\Windows\System32\drivers\Wdf01000.sys
    2013-03-20 05:37:2854376----a-w-C:\Windows\System32\drivers\WdfLdr.sys
    2013-03-20 05:32:09996352----a-w-C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-20 05:32:09768000----a-w-C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-03-20 05:29:5134304----a-w-C:\Windows\SysWow64\atmlib.dll
    2013-03-20 05:29:5046080----a-w-C:\Windows\System32\atmlib.dll
    2013-03-20 05:29:48367616----a-w-C:\Windows\System32\atmfd.dll
    2013-03-20 05:29:46295424----a-w-C:\Windows\SysWow64\atmfd.dll
    2013-03-19 19:30:466066296----a-w-C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2013-03-18 19:55:132002432----a-w-C:\Windows\System32\msxml6.dll
    2013-03-18 19:55:111882624----a-w-C:\Windows\System32\msxml3.dll
    2013-03-18 19:55:091389568----a-w-C:\Windows\SysWow64\msxml6.dll
    2013-03-18 19:55:051236992----a-w-C:\Windows\SysWow64\msxml3.dll
    2013-03-18 19:54:451914248----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-03-18 19:54:44216576----a-w-C:\Windows\System32\ncsi.dll
    2013-03-18 19:54:44156672----a-w-C:\Windows\SysWow64\ncsi.dll
    2013-03-18 19:54:43569344----a-w-C:\Windows\System32\iphlpsvc.dll
    2013-03-18 19:54:43246272----a-w-C:\Windows\System32\netcorehc.dll
    2013-03-18 19:54:42303104----a-w-C:\Windows\System32\nlasvc.dll
    2013-03-18 19:54:4152224----a-w-C:\Windows\SysWow64\nlaapi.dll
    2013-03-18 19:54:41175104----a-w-C:\Windows\SysWow64\netcorehc.dll
    2013-03-18 19:54:4070656----a-w-C:\Windows\System32\nlaapi.dll
    2013-03-18 19:54:4045568----a-w-C:\Windows\System32\drivers\tcpipreg.sys
    2013-03-18 19:54:3918944----a-w-C:\Windows\SysWow64\netevent.dll
    2013-03-18 19:54:3918944----a-w-C:\Windows\System32\netevent.dll
    2013-03-18 19:03:59800768----a-w-C:\Windows\System32\usp10.dll
    2013-03-18 19:03:58626688----a-w-C:\Windows\SysWow64\usp10.dll
    .
    ==================== Find3M ====================
    .
    2013-04-02 10:34:28282744------w-C:\Windows\System32\MpSigStub.exe
    2013-03-15 08:37:3573432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-15 08:37:35693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-03-06 07:27:4395648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-06 07:27:31861088----a-w-C:\Windows\SysWow64\npdeployJava1.dll
    2013-03-06 07:27:30782240----a-w-C:\Windows\SysWow64\deployJava1.dll
    .
    ============= FINISH: 14:38:22.62 ===============
     
  4. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    This is the Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 23-Aug-11 6:07:38 PM
    System Uptime: 15-Apr-13 1:39:56 PM (1 hours ago)
    .
    Motherboard: Acer | | JM40_HR
    Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU1 | 1092/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 88 GiB total, 3.619 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 49 GiB total, 1.219 GiB free.
    F: is FIXED (NTFS) - 146 GiB total, 14.572 GiB free.
    G: is CDROM ()
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet1
    Device ID: ROOT\VMWARE\0000
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet1
    PNP Device ID: ROOT\VMWARE\0000
    Service: VMnetAdapter
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: VMware Virtual Ethernet Adapter for VMnet8
    Device ID: ROOT\VMWARE\0001
    Manufacturer: VMware, Inc.
    Name: VMware Virtual Ethernet Adapter for VMnet8
    PNP Device ID: ROOT\VMWARE\0001
    Service: VMnetAdapter
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    µTorrent
    1912 Titanic Mystery
    7-Zip 9.20 (x64 edition)
    Acer 3G Connection Manager
    Acer Backup Manager
    Acer Crystal Eye Webcam
    Acer eRecovery Management
    Acer GameZone Console
    Acer PowerSmart Manager
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer USB Charge Manager
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.4 MUI
    Advanced Port Scanner v1.3
    Android SDK Tools
    Apache CouchDB 1.2.1
    Ashampoo Burning Studio 2010
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Backup Manager V3
    Bejeweled 2 Deluxe
    Belles Beauty Boutique
    BerBible
    Bing Bar
    Bluetooth Win7 Suite (64)
    CameraHelperMsi
    Chicken Invaders 3
    clear.fi
    clear.fi Client
    CodeBlocks
    Conduit Engine
    Conexant HD Audio
    Crystal Reports for Visual Studio
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dotfuscator Software Services - Community Edition
    Dream Day First Home
    e-Sword
    EA Download Manager
    EA Download Manager UI
    eBay Worldwide
    erLT
    Facebook Video Calling 1.2.0.287
    Farm Frenzy 3 Ice Age
    FlashGet 1.9.6.1073
    Flip Words
    FormatFactory 2.30
    Fotogalerija Windows Live
    Free Metronome V.1.00
    Free PDF to Word Doc Converter v1.1
    FrontlineSMS 1.6.16.3
    Galapago
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Git version 1.7.9-preview20120201
    GlassFish Server Open Source Edition 3.1.1
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Identity Card
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Internet Download Manager
    Internet Everywhere
    Java 7 Update 10 (64-bit)
    Java 7 Update 17
    Java Auto Updater
    Java SE Development Kit 7 Update 10 (64-bit)
    Java(TM) 6 Update 21 (64-bit)
    Java(TM) SE Development Kit 6 Update 21 (64-bit)
    Jenkins 1.455
    JetBrains RubyMine 4.0.3
    Junk Mail filter update
    Launch Manager
    Linux Mint
    Little Registry Cleaner
    Logitech Vid
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.75.0.1300
    MATLAB R2009a
    Maxthon 3
    McAfee Security Scan Plus
    McAfee SiteAdvisor
    MediaEspresso
    Mesh Runtime
    Metronome u1v2
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft Help Viewer 1.0
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 3 SDK
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Management Objects (x64)
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft Sync Framework Services v1.0 SP1 (x64)
    Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    Microsoft Team Foundation Server 2010 Object Model - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    Microsoft Visual F# 2.0 Runtime
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio 2010 Ultimate - ENU
    Microsoft Visual Studio Macro Tools
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_ATL_x86_x64
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_CRT_x86_x64
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFC_x86_x64
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC80_MFCLOC_x86_x64
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_ATL_x86_x64
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_CRT_x86_x64
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFC_x86_x64
    mikroC PRO for PIC (remove only)
    mikroProg Suite For PIC (remove only)
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MPLAB C for PIC18 MCUs
    MPLAB X IDE v1.10
    MSVCRT
    MSVCRT_amd64
    MTN Mobile Internet
    MySQL Server 5.1
    MyWinLocker
    MyWinLocker 4
    MyWinLocker Suite
    Need for Speed(TM) Hot Pursuit
    NetBeans IDE 7.0.1
    newsXpresso
    NirSoft ProduKey
    Norton Online Backup
    Notepad++
    NTI Media Maker 9
    NVIDIA PhysX
    OpenVPN 2.2.1
    PDF Settings CS5
    PitchPerfect Musical Instrument Tuner
    PL-2303 USB-to-Serial
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Polipo 1.0.4.1
    Pošta Windows Live
    Python 2.7.3 (64-bit)
    QuickStores-Toolbar 1.0.0
    Raccolta foto di Windows Live
    RailsInstaller 2.1.0
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek PCIE Card Reader
    RealUpgrade 1.1
    Renesas Electronics USB 3.0 Host Controller Driver
    Ruby 1.8.7-p371
    S?????? f?t???af??? t?? Windows Live
    SanDiskSecureAccess_Manager.exe
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2251489)
    Security Update for Microsoft Visual Studio 2010 Ultimate - ENU (KB2644980)
    Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
    Shredder
    Skype Click to Call
    Skype™ 6.0
    Sony PC Companion 2.10.115
    Sourcery CodeBench Lite for ARM GNU/Linux
    Sprill and Ritchie
    Sql Server Customer Experience Improvement Program
    SQLyog Community 8.21 Beta 2
    Steam
    Sublime Text 2.0.1
    Synaptics Pointing Device Driver
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    Tor 0.2.2.34
    TortoiseSVN 1.7.10.23359 (64 bit)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    uTorrentBar Toolbar
    Vidalia 0.2.15
    Virtual DJ - Atomix Productions
    VirtualCloneDrive
    Visual Studio 2010 Prerequisites - English
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 1.1.7
    VMware Workstation
    WampServer 2.1
    Web Deployment Tool
    Welcome Center
    Windows Driver Package - BeagleBone CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14)
    Windows Driver Package - BeagleBone CDM Driver Package - VCP Driver (03/18/2011 2.08.14)
    Windows Driver Package - Linux Developer Community Net (06/21/2006 6.0.6000.16384)
    Windows Driver Package - mikroElektronika (USB18PRG) ClassName (07/10/2010 6.1.7600)
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Argazki Galeria
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    WinRAR archiver
    WordWeb
    World of Goo
    Xming 6.9.0.31
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15-Apr-13 8:47:52 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee2 Error description: The operation timed out
    15-Apr-13 8:27:28 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ANDREW-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0F3A386-2433-4977-819B-C36B6F592886}. The master browser is stopping or an election is being forced.
    15-Apr-13 2:23:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    15-Apr-13 2:08:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WwanSvc service.
    15-Apr-13 2:04:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
    15-Apr-13 12:37:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    15-Apr-13 12:37:57 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:36:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    15-Apr-13 12:36:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BBUpdate service to connect.
    15-Apr-13 12:36:24 PM, Error: Service Control Manager [7000] - The BBUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:36:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BBUpdate with arguments "-Service" in order to run the server: {D6381B4A-D254-46EB-9018-A62E0F4BA6BA}
    15-Apr-13 12:35:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    15-Apr-13 12:35:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
    15-Apr-13 12:35:49 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:35:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    15-Apr-13 12:34:40 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    15-Apr-13 12:34:17 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    15-Apr-13 12:33:46 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    15-Apr-13 12:32:39 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
    15-Apr-13 12:31:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    15-Apr-13 12:30:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    15-Apr-13 12:30:39 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:30:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    15-Apr-13 12:30:02 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:29:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application Local Management Service service to connect.
    15-Apr-13 12:29:26 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application Local Management Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:28:46 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
    15-Apr-13 12:28:46 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:28:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    15-Apr-13 12:28:06 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15-Apr-13 12:26:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    14-Apr-13 9:19:34 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    14-Apr-13 3:18:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    14-Apr-13 3:08:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    14-Apr-13 10:46:57 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    13-Apr-13 9:59:53 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer ILABSPORTAL that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F0F3A386-2433-4977-819B-C36B6F592886}. The master browser is stopping or an election is being forced.
    13-Apr-13 5:16:44 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    13-Apr-13 11:45:47 AM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
    13-Apr-13 11:06:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    13-Apr-13 10:18:05 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1727.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
    12-Apr-13 9:53:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:53:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:52:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:52:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:51:51 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A
     
  5. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:51:26 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:51:01 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:49:58 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:49:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:48:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:45:53 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:45:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:45:05 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:44:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:44:10 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:43:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:43:24 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:42:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:40:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:38:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:38:21 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:36:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:35:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:35:16 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:34:50 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:34:27 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:33:59 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 9:33:31 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W42KWV6C\systema[2].exe;file:_C:\Users\VICTOR\AppData\Local\Temp\systema.exe Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1727.0, AS: 1.147.1727.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 8:45:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x80072ee2 Error description: The operation timed out
    12-Apr-13 8:30:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    12-Apr-13 7:36:14 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12-Apr-13 5:39:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Jenkins service to connect.
    12-Apr-13 5:39:12 PM, Error: Service Control Manager [7000] - The Jenkins service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12-Apr-13 5:23:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12-Apr-13 3:38:23 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    12-Apr-13 2:56:27 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12-Apr-13 2:48:00 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 8:39:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11-Apr-13 8:10:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11-Apr-13 4:50:00 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
    11-Apr-13 4:49:54 PM, Error: Microsoft-Windows-SharedAccess_NAT [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    11-Apr-13 4:49:52 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    11-Apr-13 4:11:52 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.137.1. The computer with the IP address 192.168.137.11 did not allow the name to be claimed by this computer.
    11-Apr-13 4:05:53 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT
     
  6. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402f Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11-Apr-13 11:10:50 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.147.1496.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9302.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11-Apr-13 10:47:12 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:46:42 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:46:11 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:45:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:44:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:44:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:43:37 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:43:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:41:15 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:40:21 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:39:44 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:38:13 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:37:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:36:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:34:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:33:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:32:52 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:31:20 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:30:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:30:14 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:27:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:27:00 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:26:04 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:25:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:24:47 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:23:49 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:16:54 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:16:34 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070490 Error description: Element not found. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:15:39 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:15:18 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:14:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:14:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:14:13 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:13:51 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:13:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NHZ1PR4Q\systema[2].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    11-Apr-13 10:13:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Rebhip.A&threatid=2147629622 Name: Worm:Win32/Rebhip.A ID: 2147629622 Severity: Severe Category: Worm Path: file:_C:\Users\VICTOR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COR0I6VW\systema[1].exe Detection Origin: Internet Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\System32\wscript.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x80070020 Error description: The process cannot access the file because it is being used by another process. Signature Version: AV: 1.147.1496.0, AS: 1.147.1496.0, NIS: 17.36.0.0 Engine Version: AM: 1.1.9302.0, NIS: 2.1.8904.0
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================

    [​IMG] Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  8. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    I Have since some success since my last post of the logs. I was using Microsoft Security Essentials for my anti virus and so this pop up came often "Detected Viruses are being cleaned - No action needed" and now after the first procedure it no longer pops out. I also see a change in my internet connectivity as it was horrible previously with the virus. A big thank you to you.

    Let me now move on to the next steps above
     
  9. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    RKreport[1]

    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : VICTOR [Admin rights]
    Mode : Scan -- Date : 04/17/2013 09:40:53
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [PROXY FF] loyidlul.default\ : -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK3259GSXP +++++
    --- User ---
    [MBR] f070a56c8c54cd74ab197c901e0e1d83
    [BSP] 5a19c677295e73e07e9b76f2fcfa4c57 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 89782 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 215537664 | Size: 200001 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_04172013_02d0940.txt >>
    RKreport[1]_S_04172013_02d0940.txt





    RKreport[2]


    RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : VICTOR [Admin rights]
    Mode : Remove -- Date : 04/17/2013 09:43:06
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [PROXY FF] loyidlul.default\ : -> NOT REMOVED, USE PROXYFIX
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: TOSHIBA MK3259GSXP +++++
    --- User ---
    [MBR] f070a56c8c54cd74ab197c901e0e1d83
    [BSP] 5a19c677295e73e07e9b76f2fcfa4c57 : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 89782 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 215537664 | Size: 200001 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_04172013_02d0943.txt >>
    RKreport[1]_S_04172013_02d0940.txt ; RKreport[2]_D_04172013_02d0943.txt
     
  10. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    After running Malwarebytes Anti-Rootkit, in the CleanUp section it displays a statement that -- Congratulations, no clean up needed

    However the two logs produced are as follows..

    mbar.....

    Malwarebytes Anti-Rootkit BETA 1.05.0.1001
    www.malwarebytes.org

    Database version: v2013.04.17.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    VICTOR :: VICTOR-PC [administrator]

    17-Apr-13 10:57:22 AM
    mbar-log-2013-04-17 (10-57-22).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 33975
    Time elapsed: 52 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    sytem-log.....

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.05.0.1001

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 9.0.8112.16421

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.095000 GHz
    Memory total: 3065888768, free: 513978368

    ------------ Kernel report ------------
    04/17/2013 09:48:57
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\anodlwfx.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
    \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\Drivers\ElbyCDIO.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\drivers\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\L1C62x64.sys
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\RtsPStor.sys
    \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \??\C:\Windows\system32\drivers\VMkbd.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\drivers\CmBatt.sys
    \??\C:\Windows\system32\drivers\UBHelper.sys
    \??\C:\Windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\tap0901.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\VClone.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\btath_bus.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\system32\DRIVERS\nusb3hub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    \SystemRoot\system32\DRIVERS\VMNET.SYS
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\hcmon.sys
    \??\C:\Windows\system32\drivers\vmx86.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\vmnetuserif.sys
    \??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
    \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\LVPr2M64.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\normaliz.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\usp10.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\sechost.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\shell32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\devobj.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8005cdc060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8003e0a050
    Lower Device Driver Name: \Driver\iaStor\
    Driver name found: iaStor
    Initialization returned 0x0
    Load Function returned 0x0
    Downloaded database version: v2013.04.17.02
    Downloaded database version: v2013.03.25.01
    Initializing...
    Done!
    <<<2>>>
    Device number: 0, partition: 3
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8005cdc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005b979d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8005cdc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8003e0a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0xfffff8a0015de590, 0xfffffa8005cdc060, 0xfffffa8005f81490
    Lower DeviceData: 0xfffff8a002552610, 0xfffffa8003e0a050, 0xfffffa80035b5e40
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 3
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 2B534CFF

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 31457280

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 31459328 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 31664128 Numsec = 183873536

    Partition 3 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 215537664 Numsec = 409602048

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Performing system, memory and registry scan...
    Done!
    Scan finished
    =======================================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Good news :)

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    Okay I now move on to the next step. Thanks a lot
     
  13. Broni

    Broni Malware Annihilator Posts: 52,899   +344

  14. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    File ComboFix


    ComboFix 13-04-20.02 - VICTOR 22-Apr-13 11:57:33.1.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2924.1512 [GMT 3:00]
    Running from: c:\users\VICTOR\Downloads\Programs\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\users\VICTOR\AppData\Local\assembly\tmp
    c:\windows\TEMP\jna\jna4946603078615110864.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-22 to 2013-04-22 )))))))))))))))))))))))))))))))
    .
    .
    2013-04-22 09:14 . 2013-04-22 09:14--------d-----w-c:\users\Default\AppData\Local\temp
    2013-04-21 18:02 . 2013-04-10 03:469317456----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F3543535-C7F5-43FD-ABC4-0388F358A5E6}\mpengine.dll
    2013-04-15 11:16 . 2012-11-02 05:59478208----a-w-c:\windows\system32\dpnet.dll
    2013-04-15 11:16 . 2012-11-02 05:11376832----a-w-c:\windows\SysWow64\dpnet.dll
    2013-04-15 11:16 . 2012-11-20 05:48307200----a-w-c:\windows\system32\ncrypt.dll
    2013-04-15 11:16 . 2012-11-20 04:51220160----a-w-c:\windows\SysWow64\ncrypt.dll
    2013-04-15 06:56 . 2013-04-15 06:56--------d-----w-c:\users\VICTOR\AppData\Roaming\Malwarebytes
    2013-04-15 06:55 . 2013-04-15 06:55--------d-----w-c:\programdata\Malwarebytes
    2013-04-12 18:31 . 2013-03-15 06:289311288----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-04-10 13:08 . 2013-02-21 09:5517121---ha-w-c:\users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\servieca.vbe
    2013-03-27 06:36 . 2013-03-27 06:40--------d--h--w-c:\program files (x86)\Zero G Registry
    2013-03-27 06:28 . 2013-03-27 06:28--------d--h--w-c:\users\VICTOR\InstallAnywhere
    2013-03-25 20:39 . 2013-03-25 20:44--------d-----w-c:\program files (x86)\Common Files\EzTools
    2013-03-25 20:39 . 2013-03-25 20:39--------d-----w-c:\program files (x86)\e-Sword
    2013-03-25 20:37 . 2013-03-25 20:37--------d-----w-c:\users\VICTOR\AppData\Local\Downloaded Installations
    2013-03-23 21:04 . 2009-11-17 07:44119680----a-w-c:\windows\system32\drivers\jrdusbser.sys
    2013-03-23 21:04 . 2009-08-27 10:181724416----a-w-c:\windows\SysWow64\Gdiplus.dll
    2013-03-23 21:04 . 2009-08-27 10:18103424----a-w-c:\windows\SysWow64\MyDIT_GenClassCoInst.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-04-02 10:34 . 2010-11-21 03:27282744------w-c:\windows\system32\MpSigStub.exe
    2013-03-15 08:37 . 2012-05-10 06:41693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-15 08:37 . 2011-08-31 02:4273432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-12 17:51 . 2013-03-12 17:5153248----a-r-c:\users\VICTOR\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2013-03-06 07:27 . 2013-03-06 07:2895648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-03-06 07:27 . 2012-08-21 11:33861088----a-w-c:\windows\SysWow64\npdeployJava1.dll
    2013-03-06 07:27 . 2012-01-12 17:51782240----a-w-c:\windows\SysWow64\deployJava1.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2011-03-28 16:22176936----a-w-c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    2011-03-28 16:22176936----a-w-c:\program files (x86)\uTorrentBar\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2064792----a-w-c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-04-17 802136]
    "Facebook Update"="c:\users\VICTOR\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
    "SanDiskSecureAccess_Manager.exe"="c:\users\VICTOR\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe" [2011-06-29 27311232]
    "Logitech Vid"="c:\program files (x86)\Logitech\Vid\Vid.exe" [2010-05-11 6061400]
    "Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
    .
    c:\users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
    servieca.vbe [2013-2-21 17121]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Launcher.lnk - c:\program files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe [2012-1-12 506824]
    McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.313\SSScheduler.exe [2012-10-26 271808]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 Apache CouchDB01ce105856a98600;Apache CouchDB;c:\program files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erlsrv.exe [2012-01-09 146432]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-09-16 36000]
    R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-09-16 330912]
    R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-09-16 110240]
    R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-09-16 167584]
    R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-09-16 68256]
    R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-09-16 280992]
    R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-09-16 517280]
    R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-04-26 117248]
    R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [2012-01-12 112896]
    R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2011-08-29 421888]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2012-04-26 138752]
    R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-04-26 91136]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-04-26 85504]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 jrdusbser;Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys [2009-11-17 119680]
    R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-05-14 329952]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-05-14 6465760]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.313\McCHSvc.exe [2012-10-26 234776]
    R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [2010-03-05 20480]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 113704]
    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 19496]
    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 153128]
    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 133160]
    R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 34856]
    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 128552]
    R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 146472]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USB18PRG;mikroElektronika USB18F Device (x64 Platform);c:\windows\system32\Drivers\USB18PRG.sys [2009-11-17 53320]
    R3 VSPerfDrv100;Performance Tools Driver 10.0;e:\microsoft visual studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-05 1255736]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872]
    S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-05-03 22912]
    S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-05-03 20328]
    S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-05-03 62584]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-09-16 105120]
    S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
    S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe [2010-12-16 198784]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
    S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2011-02-18 799848]
    S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-02-18 13336]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-27 1817088]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 145008]
    S2 InternetEverywhere_Service;InternetEverywhere_Service;c:\program files (x86)\InternetEverywhere\InternetEverywhere_Service.exe [2011-02-22 334792]
    S2 Jenkins;Jenkins;c:\program files (x86)\Jenkins\jenkins.exe [2012-03-12 36584]
    S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
    S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-12-04 103472]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-02-15 257344]
    S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-03-19 3289208]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-09-16 30368]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-12 333928]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-04-11 11:401642448----a-w-c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 08:37]
    .
    2013-04-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000Core.job
    - c:\users\VICTOR\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-28 09:11]
    .
    2013-04-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000UA.job
    - c:\users\VICTOR\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-28 09:11]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 18:19]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 18:19]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000Core.job
    - c:\users\VICTOR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 12:57]
    .
    2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000UA.job
    - c:\users\VICTOR\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-10 12:57]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
    @="{C5994560-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
    @="{C5994561-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
    @="{C5994562-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
    @="{C5994563-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
    @="{C5994564-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
    @="{C5994565-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
    @="{C5994566-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
    @="{C5994567-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
    @="{C5994568-53D9-4125-87C9-F193FC689CB2}"
    [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
    2011-06-13 07:2075544----a-w-c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:5022408----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-31 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-31 392216]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-31 415768]
    "Power Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2011-02-18 499304]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-09-16 976032]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-09-16 799904]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/ig
    uLocal Page = c:\windows\system32\blank.htm
    mDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: &Download All with FlashGet - c:\program files (x86)\FlashGet\jc_all.htm
    IE: &Download with FlashGet - c:\program files (x86)\FlashGet\jc_link.htm
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 196.43.133.5 196.43.133.6
    FF - ProfilePath - c:\users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine -
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=2&q=
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 9050
    FF - prefs.js: network.proxy.type - 1
    FF - user.js: extensions.BabylonToolbar_i.id - c87bbeb400000000000000ffa0c23d86
    FF - user.js: extensions.BabylonToolbar_i.hardId - c87bbeb400000000000000ffa0c23d86
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15370
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.175:06
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9} - (no file)
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    Wow6432Node-HKCU-Run-Unified Remote v2 - c:\program files (x86)\Unified Remote\RemoteServer.exe
    Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-RealPlayer 15.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000_Classes\Wow6432Node\CLSID\{171d0b56-76d0-4332-9824-270ffd73e445}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000109
    "Therad"=dword:00000018
    .
    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000_Classes\Wow6432Node\CLSID\{332b4f86-d9ea-4196-803e-ba24a1444e4d}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000015f
    "Therad"=dword:0000001e
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):e8,83,41,89,32,b8,e3,a7,e1,a2,09,c5,39,51,71,2f,14,ca,74,7e,33,
    ef,a3,95,1a,b4,cd,5a,1f,dd,03,25,89,ce,10,9a,1b,65,d7,f8,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):39,ed,d6,15,5f,18,f7,33,a4,4f,6c,bb,22,70,39,9e,1a,d5,4e,ae,c0,
    9b,f8,10,e2,7c,ef,79,1b,bf,cb,ff,42,bc,48,34,62,f3,08,a6,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    "Key"="ActionsPane3"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Launch Manager\LMutilps32.exe
    c:\program files (x86)\Jenkins\jre\bin\java.exe
    c:\program files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
    c:\program files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
    c:\windows\SysWOW64\vmnat.exe
    c:\windows\SysWOW64\vmnetdhcp.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2013-04-22 12:44:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-04-22 09:44
    .
    Pre-Run: 778,682,368 bytes free
    Post-Run: 1,730,334,720 bytes free
    .
    - - End Of File - - 163F3A43FC41AF470CCB67943ECEAFCC
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Looks good.

    How is computer doing?

    [​IMG] Uninstall McAfee Security Scan Plus, typical foistware.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    The Computer is okay though It looks like it once in a while gets some issues with connectivity. Okay thanks a lot let me move to the next step
     
  17. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    # AdwCleaner v2.202 - Logfile created 04/27/2013 at 10:04:11
    # Updated 23/04/2013 by Xplode
    # Operating system : Windows 7 Professional Service Pack 1 (64 bits)
    # User : VICTOR - VICTOR-PC
    # Boot Mode : Normal
    # Running from : C:\Users\VICTOR\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    File Deleted : C:\Users\VICTOR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
    File Deleted : C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
    File Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\searchplugins\Conduit.xml
    File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
    Folder Deleted : C:\Program Files (x86)\ConduitEngine
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
    Folder Deleted : C:\Program Files (x86)\uTorrentBar
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\InstallMate
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\Users\VICTOR\AppData\Local\Babylon
    Folder Deleted : C:\Users\VICTOR\AppData\Local\Conduit
    Folder Deleted : C:\Users\VICTOR\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\VICTOR\AppData\LocalLow\ConduitEngine
    Folder Deleted : C:\Users\VICTOR\AppData\LocalLow\uTorrentBar
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Media Finder
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\ConduitCommon
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\CT3031607
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\extensions\{08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\extensions\staged
    Folder Deleted : C:\Users\VICTOR\AppData\Roaming\QuickStoresToolbar
    Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\MediaFinder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
    Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
    Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
    Key Deleted : HKLM\SOFTWARE\Classes\MF
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3031607
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Vid-Saver_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\Software\uTorrentBar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A97B89CD-B65C-49DD-AF46-2B772C627456}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1653C0EB-EF09-4D4B-9CAB-D385FD449BD0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{842F45C3-E21A-4FA3-903C-C165B3E08E25}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{92D76B29-535B-42CF-90A5-B68D92B22DA0}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16476

    [OK] Registry is clean.

    -\\ Mozilla Firefox v14.0.1 (en-US)

    File : C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\prefs.js

    C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\user.js ... Deleted !

    Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
    Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 24 2011 18:00:20 GMT-0200");
    Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
    Deleted : user_pref("CT2786678.CTID", "CT2786678");
    Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
    Deleted : user_pref("CT2786678.CurrentServerDate", "12-11-2011");
    Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Nov 14 2011 05:12:27 GMT-0200");
    Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
    Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Nov 15 2011 08:58:30 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Nov 15 2011 08:58:30 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Nov 15 2011 08:58:30 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Nov 15 2011 08:58:30 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
    Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
    Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
    Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
    Deleted : user_pref("CT2786678.FirstServerDate", "8-9-2011");
    Deleted : user_pref("CT2786678.FirstTime", true);
    Deleted : user_pref("CT2786678.FirstTimeFF3", true);
    Deleted : user_pref("CT2786678.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
    Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
    Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
    Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT2786678.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CT2786678.Initialize", true);
    Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2786678.InstallationType", "Unknown");
    Deleted : user_pref("CT2786678.InstalledDate", "Thu Sep 08 2011 22:09:57 GMT-0200");
    Deleted : user_pref("CT2786678.InvalidateCache", false);
    Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
    Deleted : user_pref("CT2786678.IsGrouping", false);
    Deleted : user_pref("CT2786678.IsInitSetupIni", true);
    Deleted : user_pref("CT2786678.IsMulticommunity", false);
    Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2786678.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2786678.IsProtectorsInit", true);
    Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Nov 15 2011 08:58:40 GMT-0200");
    Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Sun Sep 25 2011 19:36:22 GMT-0200");
    Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Mon Nov 07 2011 21:17:46 GMT-0200");
    Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Tue Nov 15 2011 08:58:43 GMT-0200");
    Deleted : user_pref("CT2786678.LatestVersion", "3.8.0.8");
    Deleted : user_pref("CT2786678.Locale", "en");
    Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.6.0.10");
    Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
    Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
    Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
    Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
    Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
    Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
    Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
    Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Nov 15 2011 08:58:43 GMT-0200");
    Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Nov 15 2011 08:58:28 GMT-0200");
    Deleted : user_pref("CT2786678.SettingsLastUpdate", "1314985690");
    Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Nov 12 2011 15:36:07 GMT-0200");
    Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
    Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
    Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2786678.UserID", "UN58002722662564290");
    Deleted : user_pref("CT2786678.ValidationData_Search", 1);
    Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2786678.WeatherNetwork", "");
    Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Nov 15 2011 08:58:30 GMT-0200");
    Deleted : user_pref("CT2786678.WeatherUnit", "C");
    Deleted : user_pref("CT2786678.alertChannelId", "1178763");
    Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5765642053657020323820323031312031313A34343A34392[...]
    Deleted : user_pref("CT2786678.backendstorage.pairingkey", "41413342303930393943383834434136353734304645413536[...]
    Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
    Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F6367692E656261792E636F6D2F5175616C6[...]
    Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333231313236313932333338");
    Deleted : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32353830362C226C6162656C223A5B5D[...]
    Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Tue Nov 15 2011 08:58:44 GMT-0200");
    Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2786678.initDone", true);
    Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2786678.myStuffEnabled", true);
    Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
    Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
    Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2786678.testingCtid", "");
    Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Nov 15 2011 08:58:35 GMT-0200");
    Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Nov 09 2011 23:40:57 GMT-0200");
    Deleted : user_pref("CT2786678.usagesFlag", 2);
    Deleted : user_pref("CT3031607..clientLogIsEnabled", false);
    Deleted : user_pref("CT3031607..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT3031607..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT3031607.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT3031607.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT3031607.AppTrackingLastCheckTime", "Thu Jul 05 2012 13:24:23 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.BrowserCompStateIsOpen_129524509878872275", true);
    Deleted : user_pref("CT3031607.BrowserCompStateIsOpen_129780204584723943", true);
    Deleted : user_pref("CT3031607.BrowserCompStateIsOpen_129784496726587929", true);
    Deleted : user_pref("CT3031607.BrowserCompStateIsOpen_1359634299000", true);
    Deleted : user_pref("CT3031607.BrowserCompStateIsOpen_1366639053000", true);
    Deleted : user_pref("CT3031607.CTID", "CT3031607");
    Deleted : user_pref("CT3031607.CurrentServerDate", "22-4-2013");
    Deleted : user_pref("CT3031607.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT3031607.DialogsGetterLastCheckTime", "Mon Apr 22 2013 19:48:45 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.DownloadReferralCookieData", "");
    Deleted : user_pref("CT3031607.EMailNotifierPollDate", "Mon Apr 22 2013 20:32:57 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.FirstServerDate", "27-9-2011");
    Deleted : user_pref("CT3031607.FirstTime", true);
    Deleted : user_pref("CT3031607.FirstTimeFF3", true);
    Deleted : user_pref("CT3031607.FixPageNotFoundErrors", false);
    Deleted : user_pref("CT3031607.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT3031607.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT3031607.HasUserGlobalKeys", true);
    Deleted : user_pref("CT3031607.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT3031607.HomepageBeforeUnload", "about:home");
    Deleted : user_pref("CT3031607.Initialize", true);
    Deleted : user_pref("CT3031607.InitializeCommonPrefs", true);
    Deleted : user_pref("CT3031607.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT3031607.InstallationId", "CT3031607_SFT_eng7.exe");
    Deleted : user_pref("CT3031607.InstallationType", "ConduitIntegration");
    Deleted : user_pref("CT3031607.InstalledDate", "Tue Sep 27 2011 09:12:34 GMT-0200");
    Deleted : user_pref("CT3031607.InvalidateCache", false);
    Deleted : user_pref("CT3031607.IsAlertDBUpdated", true);
    Deleted : user_pref("CT3031607.IsGrouping", false);
    Deleted : user_pref("CT3031607.IsInitSetupIni", true);
    Deleted : user_pref("CT3031607.IsMulticommunity", false);
    Deleted : user_pref("CT3031607.IsOpenThankYouPage", false);
    Deleted : user_pref("CT3031607.IsOpenUninstallPage", true);
    Deleted : user_pref("CT3031607.LanguagePackLastCheckTime", "Mon Apr 22 2013 19:48:49 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT3031607.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT3031607.LastLogin_3.10.0.1", "Thu Apr 19 2012 20:12:32 GMT+0300");
    Deleted : user_pref("CT3031607.LastLogin_3.12.0.7", "Thu Apr 26 2012 19:38:22 GMT+0300");
    Deleted : user_pref("CT3031607.LastLogin_3.12.2.3", "Mon Jun 04 2012 17:03:30 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.LastLogin_3.13.0.6", "Wed Aug 22 2012 07:38:13 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.LastLogin_3.15.1.0", "Mon Nov 19 2012 16:18:44 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.LastLogin_3.16.0.3", "Mon Apr 22 2013 19:48:45 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.LastLogin_3.6.0.10", "Wed Oct 05 2011 14:56:59 GMT-0200");
    Deleted : user_pref("CT3031607.LastLogin_3.7.0.6", "Tue Nov 08 2011 07:28:01 GMT-0200");
    Deleted : user_pref("CT3031607.LastLogin_3.8.0.8", "Tue Dec 06 2011 20:05:43 GMT-0200");
    Deleted : user_pref("CT3031607.LastLogin_3.8.1.0", "Mon Jan 09 2012 14:35:32 GMT-0200");
    Deleted : user_pref("CT3031607.LastLogin_3.9.0.3", "Mon Mar 19 2012 16:22:43 GMT+0300");
    Deleted : user_pref("CT3031607.LatestVersion", "3.18.0.7");
    Deleted : user_pref("CT3031607.Locale", "en");
    Deleted : user_pref("CT3031607.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT3031607.MCDetectTooltipShow", false);
    Deleted : user_pref("CT3031607.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT3031607.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT3031607.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT3031607.OriginalFirstVersion", "3.6.0.10");
    Deleted : user_pref("CT3031607.RadioIsPodcast", false);
    Deleted : user_pref("CT3031607.RadioLastCheckTime", "Mon Apr 22 2013 19:48:33 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT3031607.RadioLastUpdateServer", "129524557143500000");
    Deleted : user_pref("CT3031607.RadioMediaID", "21889800");
    Deleted : user_pref("CT3031607.RadioMediaType", "Media Player");
    Deleted : user_pref("CT3031607.RadioMenuSelectedID", "EBRadioMenu_CT303160721889800");
    Deleted : user_pref("CT3031607.RadioShrinkedFromSetup", false);
    Deleted : user_pref("CT3031607.RadioStationName", "California%20Rock%20-%20Rock");
    Deleted : user_pref("CT3031607.RadioStationURL", "hxxp://www.feedlive.net/california.asx");
    Deleted : user_pref("CT3031607.SavedHomepage", "chrome://branding/locale/browserconfig.properties");
    Deleted : user_pref("CT3031607.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
    Deleted : user_pref("CT3031607.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT3031607.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT303[...]
    Deleted : user_pref("CT3031607.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT3031607.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT3031607.SearchInNewTabLastCheckTime", "Mon Apr 22 2013 19:48:31 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT3031607.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
    Deleted : user_pref("CT3031607.SearchInNewTabUserEnabled", false);
    Deleted : user_pref("CT3031607.SearchProtectorEnabled", false);
    Deleted : user_pref("CT3031607.SearchProtectorToolbarDisabled", false);
    Deleted : user_pref("CT3031607.ServiceMapLastCheckTime", "Mon Apr 22 2013 19:48:31 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.SettingsLastCheckTime", "Mon Apr 22 2013 19:48:20 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.SettingsLastUpdate", "1366646270");
    Deleted : user_pref("CT3031607.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT3031607.ThirdPartyComponentsLastCheck", "Mon Apr 15 2013 05:50:53 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.ThirdPartyComponentsLastUpdate", "1331805997");
    Deleted : user_pref("CT3031607.ToolbarShrinkedFromSetup", false);
    Deleted : user_pref("CT3031607.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3031607");
    Deleted : user_pref("CT3031607.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT3031607.UserID", "UN36458733496696885");
    Deleted : user_pref("CT3031607.ValidationData_Search", 0);
    Deleted : user_pref("CT3031607.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT3031607.alertChannelId", "1423186");
    Deleted : user_pref("CT3031607.approveUntrustedApps", false);
    Deleted : user_pref("CT3031607.backendstorage.cb_user_id_000", "43423631363538333538363736345F46697265666F78")[...]
    Deleted : user_pref("CT3031607.backendstorage.cbcountry_000", "5553");
    Deleted : user_pref("CT3031607.backendstorage.cbcountry_001", "5553");
    Deleted : user_pref("CT3031607.backendstorage.cbfirsttime", "5475652041707220313020323031322031353A34343A30302[...]
    Deleted : user_pref("CT3031607.backendstorage.printitgreenstatus", "74727565");
    Deleted : user_pref("CT3031607.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041756720323720323031322031303A[...]
    Deleted : user_pref("CT3031607.backendstorage.shoppingapp.gk.geolocation", "7567616E6461");
    Deleted : user_pref("CT3031607.backendstorage.url_history0001", "68747470733A2F2F7777772E66616365626F6F6B2E636[...]
    Deleted : user_pref("CT3031607.backendstorage.youtubelang", "5553");
    Deleted : user_pref("CT3031607.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT3031607.globalFirstTimeInfoLastCheckTime", "Mon Apr 15 2013 12:47:24 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT3031607.initDone", true);
    Deleted : user_pref("CT3031607.isAppTrackingManagerOn", false);
    Deleted : user_pref("CT3031607.isFirstRadioInstallation", false);
    Deleted : user_pref("CT3031607.myStuffEnabled", true);
    Deleted : user_pref("CT3031607.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT3031607.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT3031607.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT3031607.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT3031607.oldAppsList", "129524431781223901,129524431781233667,111,129524450094515146,129[...]
    Deleted : user_pref("CT3031607.revertSettingsEnabled", false);
    Deleted : user_pref("CT3031607.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT3031607.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT3031607.testingCtid", "");
    Deleted : user_pref("CT3031607.toolbarAppMetaDataLastCheckTime", "Mon Apr 22 2013 19:48:49 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.toolbarContextMenuLastCheckTime", "Mon Apr 22 2013 19:48:49 GMT+0000 (UTC)");
    Deleted : user_pref("CT3031607.usagesFlag", 2);
    Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3031607&Search[...]
    Deleted : user_pref("CommunityToolbar.ConduitSearchList", " ,SFT_eng7 Customized Web Search");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3031607/CT3031607[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/DE", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/SE", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/UG", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1423186/1418841/DE", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1423186/1418841/UG", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3031607", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3031607",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3031607&octid=[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/idel.gif", "[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/minimize.gif[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/play.gif", "[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/stop.gif", "[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Tapuz/vol.gif", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"38b[...]
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\VICTOR\\AppData\\Roaming\\Mozilla\\[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
    Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/e9/bd/e99ef76[...]
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT3031607");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3031607");
    Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT3031607");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Nov 15 2011 08:58:29 GMT-0200");
    Deleted : user_pref("CommunityToolbar.globalUserId", "df7f588a-a492-4a82-828c-864a37391cb9");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3031607");
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Apr 15 2013 06:29:0[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Apr 22 2013 19:48:52 GMT+000[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Apr 22 2013 19:48:45 GMT+0000 (U[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "dc455ae1-ed95-40de-9201-3e22793c6906");
    Deleted : user_pref("browser.search.defaultthis.engineName", "SFT_eng7 Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&Sea[...]
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=101067");
    Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 2);
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
    Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "c87bbeb400000000000000ffa0c23d86");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15370");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.lastDP", 2);
    Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.175:06:01");
    Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
    Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
    Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 66745298);
    Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
    Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.175:06:01");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=101067");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "c87bbeb400000000000000ffa0c23d86");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "c87bbeb400000000000000ffa0c23d86");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15370");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.175:06:01");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3031607&SearchSource=2&q=[...]
    Deleted : user_pref("quickstores.toolbar.affid", "2006");
    Deleted : user_pref("quickstores.toolbar.guid", "{ACC0B236-B131-E859-2B64-323FBEADD78A}");

    -\\ Google Chrome v26.0.1410.64

    File : C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [38412 octets] - [27/04/2013 10:04:11]

    ########## EOF - C:\AdwCleaner[S1].txt - [38473 octets] ##########
     
  18. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.8.9 (04.22.2013:1)
    OS: Windows 7 Professional x64
    Ran by VICTOR on 27-Apr-13 at 10:23:57.62
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\VICTOR\appdata\local\software"
    Successfully deleted: [Empty Folder] C:\Users\VICTOR\appdata\local\{485B4980-A8A4-4F28-914D-6207FE603274}
    Successfully deleted: [Empty Folder] C:\Users\VICTOR\appdata\local\{7F5A792A-EF31-48B2-BE33-F63E68C0843D}
    Successfully deleted: [Empty Folder] C:\Users\VICTOR\appdata\local\{9843220E-EF2C-4455-8C2E-6CD376E30A6A}
    Successfully deleted: [Empty Folder] C:\Users\VICTOR\appdata\local\{E3CBA356-3093-42B1-8996-34AD2A9C1FFE}
    Successfully deleted: [Empty Folder] C:\Users\VICTOR\appdata\local\{E69E6120-0202-47E2-83CF-2574BB989945}



    ~~~ FireFox

    Successfully deleted: [File] "C:\Users\VICTOR\AppData\Roaming\mozilla\firefox\profiles\loyidlul.default\extensions\isreaditlater@ideashower.com.xpi"
    Emptied folder: C:\Users\VICTOR\AppData\Roaming\mozilla\firefox\profiles\loyidlul.default\minidumps [13 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 27-Apr-13 at 10:35:19.12
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    OTL logfile created on: 27-Apr-13 11:13:38 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VICTOR\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    2.86 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.61% Memory free
    5.71 Gb Paging File | 3.50 Gb Available in Paging File | 61.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 87.68 Gb Total Space | 1.66 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
    Drive E: | 48.83 Gb Total Space | 1.20 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
    Drive F: | 146.48 Gb Total Space | 14.25 Gb Free Space | 9.73% Space Free | Partition Type: NTFS

    Computer Name: VICTOR-PC | User Name: VICTOR | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013-04-26 17:40:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VICTOR\Downloads\OTL.exe
    PRC - [2013-04-17 09:10:53 | 000,802,136 | ---- | M] (BitTorrent Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2013-03-19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012-06-11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
    PRC - [2012-01-09 14:22:12 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\epmd.exe
    PRC - [2012-01-09 14:22:10 | 000,146,432 | ---- | M] () -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erlsrv.exe
    PRC - [2012-01-09 14:22:10 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erl.exe
    PRC - [2012-01-09 14:20:42 | 000,009,728 | ---- | M] () -- c:\Program Files (x86)\Apache Software Foundation\CouchDB\lib\os_mon-2.2.7\priv\bin\win32sysinfo.exe
    PRC - [2011-06-29 10:56:42 | 027,311,232 | ---- | M] (Gemalto N.V.) -- C:\Users\VICTOR\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    PRC - [2011-05-04 04:52:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Jenkins\jre\bin\java.exe
    PRC - [2011-03-14 14:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    PRC - [2011-03-14 14:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2011-02-22 20:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
    PRC - [2011-02-22 20:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    PRC - [2011-02-22 16:33:32 | 000,334,792 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe
    PRC - [2011-02-22 16:33:02 | 000,506,824 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
    PRC - [2011-02-18 18:20:54 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2011-02-15 21:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    PRC - [2011-02-02 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011-02-02 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010-12-27 11:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    PRC - [2010-05-11 16:43:48 | 006,061,400 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid\Vid.exe
    PRC - [2010-05-07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
    PRC - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2010-01-30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
    PRC - [2010-01-08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
    PRC - [2008-12-18 00:19:40 | 000,258,048 | R--- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe
    PRC - [2007-05-02 03:52:36 | 000,109,360 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2007-05-02 03:52:32 | 000,150,320 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
    PRC - [2007-05-02 03:51:46 | 000,121,648 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
    PRC - [2007-03-23 15:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011-06-29 11:56:06 | 011,483,264 | ---- | M] () -- C:\Users\VICTOR\AppData\Roaming\SanDisk\My Vaults\dmBackup.dll
    MOD - [2011-02-22 20:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
    MOD - [2011-02-22 20:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
    MOD - [2011-02-22 16:33:02 | 000,506,824 | ---- | M] () -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Launcher.exe
    MOD - [2010-05-15 00:55:48 | 000,181,592 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll
    MOD - [2010-05-11 16:45:18 | 000,138,072 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\plugins\imageformats\qjpeg4.dll
    MOD - [2010-05-11 16:44:48 | 000,035,160 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\plugins\imageformats\qico4.dll
    MOD - [2010-05-11 16:44:22 | 000,029,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\plugins\imageformats\qgif4.dll
    MOD - [2010-05-11 16:42:22 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\SDL.dll
    MOD - [2010-05-11 16:42:10 | 000,363,864 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\qtxml4.dll
    MOD - [2010-05-11 16:42:00 | 011,311,960 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\QtWebKit4.dll
    MOD - [2010-05-11 16:41:48 | 000,200,024 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\qtsql4.dll
    MOD - [2010-05-11 16:41:36 | 000,475,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\QtOpenGL4.dll
    MOD - [2010-05-11 16:41:24 | 000,969,048 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\QtNetwork4.dll
    MOD - [2010-05-11 16:41:14 | 007,704,408 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\QtGui4.dll
    MOD - [2010-05-11 16:41:02 | 002,141,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\QtCore4.dll
    MOD - [2010-05-11 16:40:50 | 000,291,672 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid\phonon4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013-01-27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013-01-27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2012-04-05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2011-02-18 15:26:48 | 000,799,848 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010-12-17 02:18:08 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg)
    SRV:64bit: - [2010-09-23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010-05-07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
    SRV:64bit: - [2009-07-14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009-07-14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013-03-19 22:26:44 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013-03-15 11:37:49 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-12-04 10:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
    SRV - [2012-11-09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012-07-14 03:17:12 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012-06-11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2012-06-11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
    SRV - [2012-03-12 09:51:46 | 000,036,584 | ---- | M] (CloudBees, Inc.) [Auto | Running] -- C:\Program Files (x86)\Jenkins\jenkins.exe -- (Jenkins)
    SRV - [2012-02-16 05:12:07 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012-01-09 14:22:10 | 000,146,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Apache Software Foundation\CouchDB\erts-5.8.5\bin\erlsrv.exe -- (Apache CouchDB01ce105856a98600)
    SRV - [2011-09-16 20:52:06 | 000,105,120 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
    SRV - [2011-07-01 12:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
    SRV - [2011-06-20 07:38:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011-03-14 14:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2011-02-22 16:33:32 | 000,334,792 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\InternetEverywhere\InternetEverywhere_Service.exe -- (InternetEverywhere_Service)
    SRV - [2011-02-18 18:20:54 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2011-02-15 21:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2011-02-02 00:41:24 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2011-02-02 00:41:20 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010-12-27 11:30:22 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2010-11-24 20:00:16 | 007,669,760 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.53\bin\mysqld.exe -- (wampmysqld)
    SRV - [2010-10-24 18:34:38 | 000,021,504 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe -- (wampapache)
    SRV - [2010-09-28 04:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
    SRV - [2010-06-02 01:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010-02-19 18:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010-01-30 02:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
    SRV - [2010-01-08 16:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009-06-11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007-05-02 03:52:36 | 000,109,360 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2007-05-02 03:52:32 | 000,150,320 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2007-05-02 03:51:46 | 000,121,648 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2007-04-09 18:58:14 | 000,187,184 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
    SRV - [2007-03-23 15:02:52 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013-02-12 07:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2013-01-20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012-04-26 16:33:01 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV:64bit: - [2012-04-26 16:33:01 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV:64bit: - [2012-04-26 16:33:00 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2012-04-26 16:33:00 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2012-04-26 16:33:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV:64bit: - [2012-04-13 13:05:16 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
    DRV:64bit: - [2012-04-13 13:05:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
    DRV:64bit: - [2012-04-02 15:28:00 | 000,084,992 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2012-03-01 09:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012-01-12 20:48:10 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd)
    DRV:64bit: - [2011-09-16 21:01:36 | 000,517,280 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2011-09-16 21:00:50 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
    DRV:64bit: - [2011-09-16 21:00:34 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
    DRV:64bit: - [2011-09-16 21:00:04 | 000,167,584 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
    DRV:64bit: - [2011-09-16 20:59:48 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
    DRV:64bit: - [2011-09-16 20:59:32 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
    DRV:64bit: - [2011-09-16 20:59:18 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
    DRV:64bit: - [2011-09-16 20:59:02 | 000,330,912 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
    DRV:64bit: - [2011-08-30 01:07:10 | 000,421,888 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbwwan.sys -- (ewusbmbb)
    DRV:64bit: - [2011-07-06 18:14:42 | 000,145,008 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2011-07-01 12:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2011-05-03 09:53:48 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
    DRV:64bit: - [2011-05-03 09:53:48 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
    DRV:64bit: - [2011-05-03 09:53:48 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
    DRV:64bit: - [2011-03-27 02:19:50 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011-03-25 05:49:24 | 001,583,744 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2011-03-11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011-03-11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011-03-10 07:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2011-03-10 07:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2011-02-18 18:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2011-01-13 14:46:18 | 001,412,144 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011-01-12 11:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2010-11-21 06:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010-11-21 06:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010-11-21 06:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010-11-08 07:44:40 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2010-10-20 03:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010-10-15 11:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010-09-30 08:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2010-09-30 08:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2010-05-15 01:02:14 | 006,465,760 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2010-05-15 01:00:52 | 000,329,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2010-05-15 01:00:28 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
    DRV:64bit: - [2010-05-11 13:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010-05-07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
    DRV:64bit: - [2010-05-07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
    DRV:64bit: - [2010-03-06 02:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mvusbews.sys -- (mvusbews)
    DRV:64bit: - [2009-12-18 01:25:17 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2009-11-17 21:42:12 | 000,053,320 | ---- | M] (mikroElektronika) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USB18PRG.sys -- (USB18PRG)
    DRV:64bit: - [2009-11-17 10:44:54 | 000,119,680 | ---- | M] (TCT International Mobile Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jrdusbser.sys -- (jrdusbser)
    DRV:64bit: - [2009-08-10 00:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009-08-05 21:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009-07-14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009-07-14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009-07-14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009-06-10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009-06-10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009-06-10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009-06-10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5)
    DRV:64bit: - [2009-03-25 22:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl)
    DRV:64bit: - [2009-03-06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
    DRV:64bit: - [2008-05-16 17:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus)
    DRV:64bit: - [2007-05-02 03:53:16 | 000,029,488 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2007-05-02 03:53:14 | 000,098,608 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2007-05-02 03:53:14 | 000,028,976 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
    DRV:64bit: - [2007-05-02 03:53:10 | 000,042,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2007-05-02 03:51:16 | 000,035,632 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2007-05-02 03:51:16 | 000,020,272 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2007-05-02 03:51:02 | 000,037,040 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
    DRV - [2012-04-26 16:33:01 | 000,091,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
    DRV - [2012-04-26 16:33:01 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_jubusenum.sys -- (huawei_enumerator)
    DRV - [2012-04-26 16:33:00 | 000,138,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2012-04-26 16:33:00 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2012-04-26 16:33:00 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
    DRV - [2012-01-12 20:48:10 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewsercd.sys -- (ewsercd)
    DRV - [2010-03-17 23:34:36 | 000,068,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys -- (VSPerfDrv100)
    DRV - [2009-07-14 04:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007-04-09 18:55:24 | 000,026,416 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
    DRV - [2007-03-23 15:02:48 | 000,024,880 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-772003519-446485709-3197023028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ig
    IE - HKU\S-1-5-21-772003519-446485709-3197023028-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-772003519-446485709-3197023028-1000\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-772003519-446485709-3197023028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-772003519-446485709-3197023028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: ""
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledAddons: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.4.6.3
    FF - prefs.js..extensions.enabledAddons: {08d6b0b4-c132-470d-a8e2-aa2e9c3851c9}:3.16.0.3
    FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.1
    FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
    FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.6.0
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.socks: "127.0.0.1"
    FF - prefs.js..network.proxy.socks_port: 9050
    FF - prefs.js..network.proxy.socks_remote_dns: true
    FF - prefs.js..network.proxy.type: 1
    FF - user.js - File not found
     
  20. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\VICTOR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\VICTOR\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\VICTOR\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013-02-13 14:39:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-06-05 17:45:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012-08-22 10:50:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\VICTOR\AppData\Roaming\IDM\idmmzcc5 [2011-08-31 06:20:25 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\VICTOR\AppData\Roaming\IDM\idmmzcc5 [2011-08-31 06:20:25 | 000,000,000 | ---D | M]

    [2011-08-31 05:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VICTOR\AppData\Roaming\Mozilla\Extensions
    [2013-04-27 10:33:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\extensions
    [2013-03-18 20:21:27 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012-10-17 08:52:37 | 000,844,878 | ---- | M] () (No name found) -- C:\Users\VICTOR\AppData\Roaming\Mozilla\Firefox\Profiles\loyidlul.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}.xpi
    [2013-04-27 10:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013-04-06 11:53:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012-08-21 14:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
    [2013-02-13 14:39:35 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
    File not found (No name found) -- C:\USERS\VICTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOYIDLUL.DEFAULT\EXTENSIONS\{08D6B0B4-C132-470D-A8E2-AA2E9C3851C9}
    File not found (No name found) -- C:\USERS\VICTOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LOYIDLUL.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI
    [2012-07-14 03:17:47 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012-07-14 03:16:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012-07-14 03:16:36 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll
    CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
    CHR - plugin: Skype Click to Call (Enabled) = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\VICTOR\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
    CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\VICTOR\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - Extension: YouTube = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Read Later Fast = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.6_0\
    CHR - Extension: SiteAdvisor = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\
    CHR - Extension: TweetDeck = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl\2.7.6_0\
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: Skype Click to Call = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.7.0.12055_0\
    CHR - Extension: Type Fu = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\okboeogmnhjpgbeaokfogelclpblaemo\2.0.0_0\
    CHR - Extension: Gmail = C:\Users\VICTOR\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013-04-22 12:20:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
    O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files (x86)\FlashGet\jccatch.dll (www.flashget.com)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - E:\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files (x86)\FlashGet\getflash.dll (www.flashget.com)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
    O4 - HKU\S-1-5-21-772003519-446485709-3197023028-1000..\Run: [Facebook Update] C:\Users\VICTOR\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKU\S-1-5-21-772003519-446485709-3197023028-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid\Vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-772003519-446485709-3197023028-1000..\Run: [Logitech Vid HD] C:\Program Files (x86)\Logitech\Vid\vid.exe (Logitech Inc.)
    O4 - HKU\S-1-5-21-772003519-446485709-3197023028-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKU\S-1-5-21-772003519-446485709-3197023028-1000..\Run: [SanDiskSecureAccess_Manager.exe] C:\Users\VICTOR\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe (Gemalto N.V.)
    O4 - HKU\S-1-5-21-772003519-446485709-3197023028-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O4 - Startup: C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
    O4 - Startup: C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\servieca.vbe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-772003519-446485709-3197023028-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-772003519-446485709-3197023028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
    O8:64bit: - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files (x86)\FlashGet\JC_ALL.HTM ()
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files (x86)\FlashGet\JC_LINK.HTM ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
    O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files (x86)\FlashGet\flashget.exe (FlashGet.com)
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Value error.)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.10.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 196.43.133.5 196.43.133.6
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15DEC016-4A57-417B-9B3A-EB3C169B1E83}: DhcpNameServer = 41.221.87.2 41.221.81.132
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4C808B5E-4BA3-4554-9DB0-AE3883C4F1A4}: DhcpNameServer = 196.43.133.5 196.43.133.6
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E11633E8-E113-48D4-B91A-817719B4D2FB}: DhcpNameServer = 41.221.87.2 41.221.81.132
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2192482-261A-4EE8-B1C7-6DBF0F2321F6}: DhcpNameServer = 8.8.4.4 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9259706-1E68-445D-BF13-2C9834503D31}: DhcpNameServer = 41.221.87.2 41.221.81.132
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F0F3A386-2433-4977-819B-C36B6F592886}: DhcpNameServer = 196.43.133.5 196.43.133.6
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013-04-27 10:23:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013-04-27 10:23:19 | 000,000,000 | ---D | C] -- C:\JRT
    [2013-04-25 09:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
    [2013-04-25 08:58:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2013-04-25 08:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2013-04-25 08:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2013-04-25 08:31:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2013-04-22 12:20:52 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013-04-22 11:54:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013-04-22 11:54:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013-04-22 11:54:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013-04-22 11:54:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013-04-22 11:53:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013-04-17 09:36:54 | 000,000,000 | ---D | C] -- C:\Users\VICTOR\Desktop\RK_Quarantine
    [2013-04-15 09:56:09 | 000,000,000 | ---D | C] -- C:\Users\VICTOR\AppData\Roaming\Malwarebytes
    [2013-04-15 09:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013-04-27 11:09:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-04-27 10:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-04-27 10:34:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000UA.job
    [2013-04-27 10:29:00 | 000,034,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-04-27 10:29:00 | 000,034,112 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-04-27 10:09:24 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-04-27 10:08:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013-04-27 10:08:07 | 2299,416,576 | -HS- | M] () -- C:\hiberfil.sys
    [2013-04-27 09:52:07 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000UA.job
    [2013-04-26 14:28:08 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000Core.job
    [2013-04-26 14:25:56 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-772003519-446485709-3197023028-1000Core.job
    [2013-04-25 15:06:16 | 000,001,112 | ---- | M] () -- C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013-04-25 15:00:23 | 004,984,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013-04-25 09:37:06 | 000,871,370 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-04-25 09:37:06 | 000,729,430 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013-04-25 09:37:06 | 000,147,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013-04-25 09:36:54 | 000,871,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013-04-25 08:56:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013-04-22 12:20:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013-04-20 22:05:17 | 000,237,568 | ---- | M] () -- C:\Users\VICTOR\Documents\FacesDatabase.mdb
    [2013-04-18 16:53:07 | 000,004,143 | ---- | M] () -- C:\Users\VICTOR\AppData\Roaming\LTspiceIV.ini
    [2013-04-15 17:31:59 | 000,000,731 | ---- | M] () -- C:\Users\VICTOR\Desktop\LTspice IV.lnk
    [2013-04-11 16:50:00 | 000,000,637 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2013-04-11 11:47:24 | 052,470,629 | ---- | M] () -- C:\Users\VICTOR\Documents\RVR Presentation.wma
    [2013-04-10 10:24:04 | 000,000,600 | ---- | M] () -- C:\Users\VICTOR\AppData\Local\PUTTY.RND
    [2013-03-29 16:08:06 | 014,007,622 | ---- | M] () -- C:\Users\VICTOR\Documents\Their-First-Million.pdf
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013-04-25 15:06:16 | 000,001,112 | ---- | C] () -- C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013-04-25 08:44:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    [2013-04-22 11:54:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013-04-22 11:54:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013-04-22 11:54:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013-04-22 11:54:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013-04-22 11:54:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013-04-20 21:28:22 | 000,237,568 | ---- | C] () -- C:\Users\VICTOR\Documents\FacesDatabase.mdb
    [2013-04-15 17:36:21 | 000,004,143 | ---- | C] () -- C:\Users\VICTOR\AppData\Roaming\LTspiceIV.ini
    [2013-04-15 17:31:59 | 000,000,731 | ---- | C] () -- C:\Users\VICTOR\Desktop\LTspice IV.lnk
    [2013-04-11 11:47:24 | 052,470,629 | ---- | C] () -- C:\Users\VICTOR\Documents\RVR Presentation.wma
    [2013-04-10 16:08:44 | 000,017,121 | -H-- | C] () -- C:\Users\VICTOR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\servieca.vbe
    [2013-03-29 16:04:33 | 014,007,622 | ---- | C] () -- C:\Users\VICTOR\Documents\Their-First-Million.pdf
    [2013-03-07 18:40:11 | 000,000,074 | ---- | C] () -- C:\Users\VICTOR\.bash_profile
    [2013-03-01 11:27:06 | 000,000,219 | ---- | C] () -- C:\Users\VICTOR\_netrc
    [2013-02-11 16:37:23 | 000,000,600 | ---- | C] () -- C:\Users\VICTOR\AppData\Local\PUTTY.RND
    [2013-02-06 09:43:00 | 000,000,288 | ---- | C] () -- C:\Users\VICTOR\AppData\Roaming\.backup.dm
    [2012-11-05 19:42:23 | 000,000,000 | ---- | C] () -- C:\Users\VICTOR\g2mdlhlpx.exe
    [2012-09-10 22:24:24 | 000,000,253 | ---- | C] () -- C:\Users\VICTOR\AppData\Roaming\ANICONFIG_{F3A0689F-A766-4FB7-9195-CAF4910A1CB5}.ini
    [2012-09-10 16:35:42 | 000,000,149 | ---- | C] () -- C:\Windows\MetroTimer.ini
    [2012-06-11 14:21:05 | 004,389,441 | ---- | C] () -- C:\Windows\SysWow64\USBAccessLink.dll
    [2012-06-11 14:21:05 | 000,229,376 | ---- | C] () -- C:\Windows\SysWow64\SerialAccessLink.dll
    [2012-03-23 10:13:29 | 000,000,641 | ---- | C] () -- C:\Users\VICTOR\.bash_history
    [2012-03-21 15:09:28 | 000,000,778 | ---- | C] () -- C:\Users\VICTOR\_viminfo
    [2012-03-21 15:05:42 | 000,000,061 | ---- | C] () -- C:\Users\VICTOR\.gitconfig
    [2012-03-21 14:54:48 | 000,000,936 | -H-- | C] () -- C:\Users\VICTOR\.gitk
    [2012-02-23 12:29:16 | 000,000,132 | ---- | C] () -- C:\Users\VICTOR\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011-11-12 22:02:46 | 000,000,017 | ---- | C] () -- C:\Users\VICTOR\AppData\Local\resmon.resmoncfg
    [2011-10-29 01:20:22 | 000,000,036 | ---- | C] () -- C:\Users\VICTOR\.org.eclipse.epp.usagedata.recording.userId
    [2011-10-22 23:25:17 | 000,001,456 | ---- | C] () -- C:\Users\VICTOR\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011-08-27 16:31:42 | 000,871,370 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011-05-03 09:52:59 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011-05-03 09:52:27 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011-05-03 09:52:26 | 000,214,760 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011-05-03 09:52:24 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2011-05-03 09:52:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
    [2011-05-03 09:52:22 | 013,355,008 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

    ========== ZeroAccess Check ==========

    [2009-07-14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012-06-09 08:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 07:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 06:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011-11-15 14:15:14 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\(40-2B-A1-F0-B4-76)
    [2012-06-11 14:24:28 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\.mplab_ide
    [2011-11-14 04:35:58 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2013-04-24 10:00:29 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\DMCache
    [2012-07-20 15:09:37 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\ExpressFiles
    [2012-10-31 09:40:40 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\FlashGet
    [2013-04-12 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\IDM
    [2012-04-26 16:34:03 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\InternetEverywhere
    [2013-03-12 20:51:53 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\Leadertech
    [2012-01-12 20:44:44 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\Maxthon3
    [2011-08-23 21:45:49 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\newsXpresso
    [2012-02-19 04:07:55 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\Notepad++
    [2012-02-24 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\PowerCinema
    [2013-02-06 09:45:05 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\SanDisk
    [2012-10-27 00:26:28 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\SQLyog
    [2011-11-14 04:44:55 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2013-02-22 21:08:37 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\Sublime Text 2
    [2012-12-14 22:01:55 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\Subversion
    [2012-11-12 12:35:21 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\Unified Remote
    [2013-04-27 11:32:15 | 000,000,000 | ---D | M] -- C:\Users\VICTOR\AppData\Roaming\uTorrent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:2430E4FC

    < End of report >
     
  21. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    Dupe...
     
  22. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    Extras.txt

    OTL Extras logfile created on: 27-Apr-13 11:13:38 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VICTOR\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    2.86 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.61% Memory free
    5.71 Gb Paging File | 3.50 Gb Available in Paging File | 61.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 87.68 Gb Total Space | 1.66 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
    Drive E: | 48.83 Gb Total Space | 1.20 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
    Drive F: | 146.48 Gb Total Space | 14.25 Gb Free Space | 9.73% Space Free | Partition Type: NTFS

    Computer Name: VICTOR-PC | User Name: VICTOR | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{035D2178-4392-4F7C-B393-D472E04578B5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{04419AAA-9B4D-43F8-827D-4903539FBED4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{04B57D8F-7FEC-4C74-A3D6-5C20FF4E7CC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{07B189B4-D4A7-4FA8-A702-3CC6D0AA16B2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1A742730-2FB0-426C-85D3-F0819A50C856}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2043E572-5EBD-4AA4-9585-23821B589F87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{21FC79F3-B6F4-4F05-9123-93A46AA8AC47}" = rport=445 | protocol=6 | dir=out | app=system |
    "{2C500D41-B057-4E9A-8370-CDA08FDE38F3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{31383FDC-3264-40B7-B21C-F5608F15FB2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{44C605D9-EECD-41E2-972B-B05CB7DEAA09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4CB75171-6EE5-4352-9642-32C89511EB78}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{52DCA5C9-4423-4D1E-886F-F15EDF0332A4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{560D60E0-08C2-4058-8132-3FBC38B3328D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{59814B6E-35D0-4D43-96E6-950AE988834C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B830492-30E9-4BD3-8AF5-8B3B30DFDA5A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{6419E40C-9973-4B80-8493-5DCC661E1A0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6484D71A-0A58-4458-945A-568CC5414727}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6559297C-1E39-472B-A6A9-D6431B399A5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6ACA88B1-BF49-41A0-9810-B244CE00197F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7A6F2E47-31A4-4EFA-823B-3CB8C0166CCF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A6252121-4A7E-4321-AA56-0263579FCEC3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BFAAB899-806B-476D-8C6F-9354E910E1F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF35E271-F1B3-4D6E-A471-A14F513B6F1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D5B0EB9B-4747-454E-A4C7-464EC1458C97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{EDEE986C-34BF-480D-8A70-BFB7005C5798}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F32BCA61-5448-469D-B507-889215CA8AC1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FDAACC2B-4487-452A-8B21-F073820CDE7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06906CC2-E266-424F-8CD6-B0CD52BA3F4A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0F02B3B6-0611-44DC-BE89-AB2EA3630BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1348C9ED-4EC6-4800-82E8-95989D8EAED1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
    "{1C53C9E2-9ADE-42B3-91D0-185BED64A66A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
    "{1E6FF448-5752-4E11-B0B5-6C17E801B718}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{2BBACA1D-3CFB-4259-A5B8-7D60779D7D4A}" = protocol=6 | dir=in | app=f:\documents\downloads\programs\pdfconvertersetup.exe |
    "{2EDFEAF7-8195-4056-A3B5-CFFD43C18ECC}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{31635FBE-AB87-4FF4-86DC-7742D6C8EB4C}" = dir=in | app=c:\users\victor\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{31835D77-0385-41A3-89EA-33A4C0F1860F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3260EB98-3CBB-45B5-8B83-EF61421C56FF}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{3A77C349-99D5-4565-8B30-F2794BF47DC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3AD8247F-7135-4EE5-8CBA-747AD4B19436}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3BAF40B8-8FCF-4DBB-B7AE-35042ED1DFCB}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
    "{3F4B1787-E5D9-4820-8192-8AA3181AD472}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4AB80F79-0E5B-4EE0-874D-9B2BFC40534F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4D973B97-307E-4A1D-A9FE-ADC296DD8DE7}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{52D30DF7-496D-4BCE-A204-6273D0942B27}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "{609DC593-DB68-43F9-A96D-4E17F270A129}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{615A69C7-35D3-41F0-948B-C92E93652942}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{67EAC9DE-8E04-496B-96E6-3E6333A90A0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6FF3563F-7E00-405A-9C21-3C79A5D46520}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{74156271-6085-4514-917C-5FC832765955}" = protocol=6 | dir=out | app=system |
    "{76906730-3EA3-4360-9F0E-DC1F7FF65DAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{789E5991-4797-461A-8477-C74BAE7DBFAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8580C2F9-FEA1-4B11-9CEA-72A1389A7112}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{86ECE756-8F24-4B79-961F-F5F46522D65F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
    "{8C2D2242-AB8D-458B-98DC-7264A956E927}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{8CEC7C96-FE47-4701-A720-8265C165BB58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{906C619D-6BCD-4E35-95B3-D1284CC0CEAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{921E5D71-3FD6-4994-B59E-BC2FF2DB343F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{970A5DCB-0C6E-4459-81F0-D0A8043294A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
    "{9A9FA2B0-4E65-46A8-BDDB-878CCBE01174}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9C35B389-11A8-4A34-9AC7-FB16DFD92F66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A39C1905-39AF-4ADF-AED0-BE646F2DE72A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{A70A6D8C-9190-41F6-B8DA-4DDFB6B17346}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{A8114DB8-283A-4ED8-8F92-D0C30C7F0218}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{AA72203D-3E00-43EE-B9AA-4B603BFDDCAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ACA492F5-E265-400D-8526-BB7C2EB4FC40}" = protocol=17 | dir=in | app=c:\users\victor\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{AD4309B2-9FD4-494D-A21D-83F834EABA56}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AF7F2F1D-25BB-47A3-B5EE-E84591636139}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
    "{BBE16E26-8FE1-4F4C-B257-63FEA832E45A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BD7B3183-8900-4B32-A02E-4918FAE60C62}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
    "{C426027C-052F-40F7-AD3D-0AB54D750528}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C8F28BB0-41AA-4475-BA17-F9DD8B52B5D5}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
    "{CB6BFCEB-4E73-4FA7-8ADD-7EAB3F053CC7}" = dir=in | app=c:\program files (x86)\jenkins\jre\bin\java.exe |
    "{D5B3F977-4CC2-4325-91E6-E2C151D781A5}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "{E1C129C1-806A-4E04-867F-2BCA11401BD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E48EDE1A-E5FA-4F63-9379-80BEBD9E4E92}" = protocol=17 | dir=in | app=f:\documents\downloads\programs\pdfconvertersetup.exe |
    "{EA47ED56-7870-423E-ACF6-43C04CC1E499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EBAB0A0D-5884-488F-8602-616B48733723}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ED7FA394-AD20-4B81-838A-7E2A7B61604C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
    "{EE3AC5F3-4447-4676-85B6-BE9B4407A8DD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{F69E3C6D-AF06-4FC9-86BB-94044582FF2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F86444CD-C5D3-4ABB-B74D-790783AFFF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{FBC64029-835E-4F9B-9374-C5D62F2281A0}" = protocol=6 | dir=in | app=c:\users\victor\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "TCP Query User{04E985E4-2732-4273-82D7-6880898C8B30}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{135D0CF7-D888-47ED-AE6F-E1FB569BD8DB}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\java.exe |
    "TCP Query User{156110A0-DEC5-4A4D-AC00-AFE0A0E13003}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "TCP Query User{1614F660-6886-412D-B7F1-8C6D38EB62AF}E:\portal 2\portal2.exe" = protocol=6 | dir=in | app=e:\portal 2\portal2.exe |
    "TCP Query User{23C5836F-D04C-40B2-9BF8-E61F6BF4F24A}F:\matlab\r2009a\bin\win64\matlab.exe" = protocol=6 | dir=in | app=f:\matlab\r2009a\bin\win64\matlab.exe |
    "TCP Query User{2A547981-696D-427E-80C7-C5BF133C4952}C:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe |
    "TCP Query User{3DF7A8AC-D9DB-4908-949E-39D4E13B5709}C:\program files (x86)\internet download manager\idman.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |
    "TCP Query User{4DFFA5D6-570D-45B9-B747-BCAA0680884F}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe |
    "TCP Query User{61AC7E04-C578-4ADB-B339-FEDB1100F7E0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{6AAAAE3D-EB5A-4ADA-B379-EFA0C68E7A34}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
    "TCP Query User{77E6D801-B51C-4FF1-B5E9-A360D54C977E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "TCP Query User{87D6A528-6973-4563-95DF-9F882038ED92}C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe |
    "TCP Query User{9C77ACE7-E19B-4F1D-AD1D-8C3AB87F6588}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=6 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe |
    "TCP Query User{B9BE0835-7EDE-4287-8456-711A496C5E23}C:\program files\java\jdk1.6.0_21\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\java.exe |
    "TCP Query User{CB9DED6D-59EA-44D0-A57B-1491A093502C}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
    "TCP Query User{D5309FCC-8510-47F1-83B0-8C05FE71E2C8}C:\ruby187\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby187\bin\ruby.exe |
    "TCP Query User{DFFA323A-4E0D-45C0-91AA-0CA6992302A9}F:\half-life 2\hl2.exe" = protocol=6 | dir=in | app=f:\half-life 2\hl2.exe |
    "TCP Query User{F05B0750-F567-44F6-B5B8-6EFA48418199}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
    "TCP Query User{F45EB35E-7073-4104-AC46-EFB8590254C8}C:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
    "TCP Query User{FA5467CB-ADE4-4A95-B298-92EA25DCA0F5}F:\program files\xming\xming.exe" = protocol=6 | dir=in | app=f:\program files\xming\xming.exe |
    "UDP Query User{04FA52D3-79B8-4C8A-BA42-CB614622069C}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
    "UDP Query User{08BD635B-6171-4288-A6B2-85287424E2D2}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=17 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe |
    "UDP Query User{08D8AEDC-70C9-4DD4-BAA5-00959B65C99E}C:\program files (x86)\internet download manager\idman.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |
    "UDP Query User{0DF021AB-B8BC-41F6-98DA-86090556F856}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{0EFF65F4-FDC5-4F81-9E62-D97731951088}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\java.exe |
    "UDP Query User{2495B5ED-1104-40BC-AA51-797E7B0899AB}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe |
    "UDP Query User{2DBE922C-AF07-4E23-8A0F-6DD687C36BB5}C:\ruby187\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby187\bin\ruby.exe |
    "UDP Query User{42343B94-5B87-48E4-8DE2-BD5046738423}F:\matlab\r2009a\bin\win64\matlab.exe" = protocol=17 | dir=in | app=f:\matlab\r2009a\bin\win64\matlab.exe |
    "UDP Query User{4389CF59-A695-466D-B7FA-E800ED3024BD}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
    "UDP Query User{538E6DB3-4FD9-444F-8B4C-3D0DE579F2EC}F:\half-life 2\hl2.exe" = protocol=17 | dir=in | app=f:\half-life 2\hl2.exe |
    "UDP Query User{658C7315-27B0-4C16-95D2-F13DC9E2390C}E:\portal 2\portal2.exe" = protocol=17 | dir=in | app=e:\portal 2\portal2.exe |
    "UDP Query User{76B40D9F-D33C-47CF-9AC3-3B73EBDB91F8}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
    "UDP Query User{8816F5E9-2636-43E1-A3F3-40B8B814195F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{8B46E2EA-3047-4A60-BEBD-F397D9038C80}C:\program files\java\jdk1.6.0_21\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\java.exe |
    "UDP Query User{90CB1520-A437-438E-BEF0-5A134376DF6A}C:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe |
    "UDP Query User{9344A32B-096E-4D5A-B6D7-8AA4410FC756}C:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
    "UDP Query User{BFAF7138-8013-48AE-8CD6-73DE834BBEE1}F:\program files\xming\xming.exe" = protocol=17 | dir=in | app=f:\program files\xming\xming.exe |
    "UDP Query User{D926CC7E-A6F2-41D4-8178-74A7038957A9}C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe |
    "UDP Query User{DFE353C7-BDD2-4766-B791-3F13A6C3FDDB}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{FDE7D1F9-DB07-4A39-886F-05D21D99A423}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
    "{64A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10 (64-bit)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
    "{71EFF430-1A34-423E-8EAF-A80173960A8E}" = TortoiseSVN 1.7.10.23359 (64 bit)
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C19AEBA-B433-4D1F-88AC-343F5CD88369}" = MySQL Server 5.1
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "54C7C567898ADB9173D5761C17924A844122BDCE" = Windows Driver Package - mikroElektronika (USB18PRG) ClassName (07/10/2010 6.1.7600)
    "A627DA08A5F362713EB4C440F904A2D1B8CD7E74" = Windows Driver Package - BeagleBone CDM Driver Package - VCP Driver (03/18/2011 2.08.14)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "E115CC79390C233F94F72330FE3603A63E5204E2" = Windows Driver Package - BeagleBone CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14)
    "F8DB389D3D629D89F82795C4EB490AE50D7FB01E" = Windows Driver Package - Linux Developer Community Net (06/21/2006 6.0.6000.16384)
    "MatlabR2009a" = MATLAB R2009a
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "nbi-glassfish-mod-3.1.1.12.0" = GlassFish Server Open Source Edition 3.1.1
    "nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
    "Sublime Text 2_is1" = Sublime Text 2.0.1
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
     
  23. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
    "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    "{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
    "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
    "{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
    "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
    "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{27B60A64-915E-4EF2-B106-78D469CE95A2}" = Jenkins 1.455
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
    "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
    "{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
    "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
    "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
    "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
    "{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112623650}" = Belles Beauty Boutique
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117897550}" = 1912 Titanic Mystery
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}" = Sprill and Ritchie
    "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118399487}" = Farm Frenzy 3 Ice Age
    "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96F5085A-FAB3-40DA-BF1A-EABC37EA031C}" = Acer 3G Connection Manager
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B98010C-A6E2-40D4-A69D-7EA024EAEC79}" = e-Sword
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
    "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    "{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
    "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
    "{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C97623E2-0614-4845-B199-8E8BEC8E131C}_is1" = Acer GameZone Console
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
    "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{ED1F652A-014D-4672-AF04-148A71D395E2}_is1" = Metronome u1v2
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
    "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
    "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F53A49E6-9FB1-4A5A-B1D9-82BA116196B7}" = Acer USB Charge Manager
    "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "Acer Registration" = Acer Registration
    "Acer Screensaver" = Acer ScreenSaver
    "Acer Welcome Center" = Welcome Center
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
    "Android SDK Tools" = Android SDK Tools
    "ApacheCouchDB_is1" = Apache CouchDB 1.2.1
    "Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
    "BerBible" = BerBible
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
    "EA Download Manager" = EA Download Manager
    "FlashGet" = FlashGet 1.9.6.1073
    "FormatFactory" = FormatFactory 2.30
    "Free Metronome" = Free Metronome V.1.00
    "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
    "FrontlineSMS_0" = FrontlineSMS 1.6.16.3
    "Git_is1" = Git version 1.7.9-preview20120201
    "Google Chrome" = Google Chrome
    "Identity Card" = Identity Card
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
    "InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
    "InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
    "InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
    "InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
    "InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
    "InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
    "Internet Download Manager" = Internet Download Manager
    "InternetEverywhere" = Internet Everywhere
    "Little Registry Cleaner" = Little Registry Cleaner
    "LManager" = Launch Manager
    "LTspice IV" = LTspice IV
    "Maxthon3" = Maxthon 3
    "Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
    "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
    "mikroC PRO for PIC" = mikroC PRO for PIC (remove only)
    "mikroProg Suite For PIC" = mikroProg Suite For PIC (remove only)
    "Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MPLAB C for PIC18 MCUs v3.42" = MPLAB C for PIC18 MCUs
    "MPLAB X IDE v1.10 v1.10" = MPLAB X IDE v1.10
    "MTN Mobile Internet" = MTN Mobile Internet
    "NirSoft ProduKey" = NirSoft ProduKey
    "Notepad++" = Notepad++
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "OpenVPN" = OpenVPN 2.2.1
    "PitchPerfect" = PitchPerfect Musical Instrument Tuner
    "Polipo" = Polipo 1.0.4.1
    "PRJPRO" = Microsoft Office Project Professional 2007
    "RealPlayer 15.0" = RealPlayer
    "RubyMine 4.0.3" = JetBrains RubyMine 4.0.3
    "Sourcery CodeBench Lite for ARM GNU/Linux" = Sourcery CodeBench Lite for ARM GNU/Linux
    "SQLyog Community" = SQLyog Community 8.21 Beta 2
    "Tor" = Tor 0.2.2.34
    "uTorrent" = µTorrent
    "Vidalia" = Vidalia 0.2.15
    "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
    "VirtualCloneDrive" = VirtualCloneDrive
    "VLC media player" = VLC media player 1.1.7
    "VMware_Workstation" = VMware Workstation
    "WampServer 2_is1" = WampServer 2.1
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WordWeb" = WordWeb
    "Wubi" = Linux Mint
    "Xming_is1" = Xming 6.9.0.31

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe" = SanDiskSecureAccess_Manager.exe
    "{613C3EA5-1248-4E35-B61A-6D0B31BBC0DB}_is1" = RailsInstaller 2.1.0
    "{F6377277-9DF1-4a1f-A487-CB5D34DCD793}_is1" = Ruby 1.8.7-p371
    "CodeBlocks" = CodeBlocks

    ========== Last 20 Event Log Errors ==========

    [ System Events ]
    Error - 27-Apr-13 4:21:52 AM | Computer Name = VICTOR-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
     
  24. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    Extras.txt

    OTL Extras logfile created on: 27-Apr-13 11:13:38 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\VICTOR\Downloads
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

    2.86 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 58.61% Memory free
    5.71 Gb Paging File | 3.50 Gb Available in Paging File | 61.34% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 87.68 Gb Total Space | 1.66 Gb Free Space | 1.90% Space Free | Partition Type: NTFS
    Drive E: | 48.83 Gb Total Space | 1.20 Gb Free Space | 2.47% Space Free | Partition Type: NTFS
    Drive F: | 146.48 Gb Total Space | 14.25 Gb Free Space | 9.73% Space Free | Partition Type: NTFS

    Computer Name: VICTOR-PC | User Name: VICTOR | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-772003519-446485709-3197023028-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{035D2178-4392-4F7C-B393-D472E04578B5}" = lport=138 | protocol=17 | dir=in | app=system |
    "{04419AAA-9B4D-43F8-827D-4903539FBED4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{04B57D8F-7FEC-4C74-A3D6-5C20FF4E7CC7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{07B189B4-D4A7-4FA8-A702-3CC6D0AA16B2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{1A742730-2FB0-426C-85D3-F0819A50C856}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2043E572-5EBD-4AA4-9585-23821B589F87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{21FC79F3-B6F4-4F05-9123-93A46AA8AC47}" = rport=445 | protocol=6 | dir=out | app=system |
    "{2C500D41-B057-4E9A-8370-CDA08FDE38F3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{31383FDC-3264-40B7-B21C-F5608F15FB2C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{44C605D9-EECD-41E2-972B-B05CB7DEAA09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4CB75171-6EE5-4352-9642-32C89511EB78}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{52DCA5C9-4423-4D1E-886F-F15EDF0332A4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{560D60E0-08C2-4058-8132-3FBC38B3328D}" = rport=138 | protocol=17 | dir=out | app=system |
    "{59814B6E-35D0-4D43-96E6-950AE988834C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{5B830492-30E9-4BD3-8AF5-8B3B30DFDA5A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{6419E40C-9973-4B80-8493-5DCC661E1A0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6484D71A-0A58-4458-945A-568CC5414727}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6559297C-1E39-472B-A6A9-D6431B399A5A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6ACA88B1-BF49-41A0-9810-B244CE00197F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{7A6F2E47-31A4-4EFA-823B-3CB8C0166CCF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A6252121-4A7E-4321-AA56-0263579FCEC3}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BFAAB899-806B-476D-8C6F-9354E910E1F1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CF35E271-F1B3-4D6E-A471-A14F513B6F1E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D5B0EB9B-4747-454E-A4C7-464EC1458C97}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{EDEE986C-34BF-480D-8A70-BFB7005C5798}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F32BCA61-5448-469D-B507-889215CA8AC1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{FDAACC2B-4487-452A-8B21-F073820CDE7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{06906CC2-E266-424F-8CD6-B0CD52BA3F4A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{0F02B3B6-0611-44DC-BE89-AB2EA3630BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{1348C9ED-4EC6-4800-82E8-95989D8EAED1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
    "{1C53C9E2-9ADE-42B3-91D0-185BED64A66A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
    "{1E6FF448-5752-4E11-B0B5-6C17E801B718}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "{2BBACA1D-3CFB-4259-A5B8-7D60779D7D4A}" = protocol=6 | dir=in | app=f:\documents\downloads\programs\pdfconvertersetup.exe |
    "{2EDFEAF7-8195-4056-A3B5-CFFD43C18ECC}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{31635FBE-AB87-4FF4-86DC-7742D6C8EB4C}" = dir=in | app=c:\users\victor\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{31835D77-0385-41A3-89EA-33A4C0F1860F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3260EB98-3CBB-45B5-8B83-EF61421C56FF}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{3A77C349-99D5-4565-8B30-F2794BF47DC5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3AD8247F-7135-4EE5-8CBA-747AD4B19436}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{3BAF40B8-8FCF-4DBB-B7AE-35042ED1DFCB}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
    "{3F4B1787-E5D9-4820-8192-8AA3181AD472}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{4AB80F79-0E5B-4EE0-874D-9B2BFC40534F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{4D973B97-307E-4A1D-A9FE-ADC296DD8DE7}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{52D30DF7-496D-4BCE-A204-6273D0942B27}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "{609DC593-DB68-43F9-A96D-4E17F270A129}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{615A69C7-35D3-41F0-948B-C92E93652942}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{67EAC9DE-8E04-496B-96E6-3E6333A90A0E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{6FF3563F-7E00-405A-9C21-3C79A5D46520}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{74156271-6085-4514-917C-5FC832765955}" = protocol=6 | dir=out | app=system |
    "{76906730-3EA3-4360-9F0E-DC1F7FF65DAE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{789E5991-4797-461A-8477-C74BAE7DBFAA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8580C2F9-FEA1-4B11-9CEA-72A1389A7112}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{86ECE756-8F24-4B79-961F-F5F46522D65F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
    "{8C2D2242-AB8D-458B-98DC-7264A956E927}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
    "{8CEC7C96-FE47-4701-A720-8265C165BB58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{906C619D-6BCD-4E35-95B3-D1284CC0CEAC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{921E5D71-3FD6-4994-B59E-BC2FF2DB343F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{970A5DCB-0C6E-4459-81F0-D0A8043294A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
    "{9A9FA2B0-4E65-46A8-BDDB-878CCBE01174}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9C35B389-11A8-4A34-9AC7-FB16DFD92F66}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{A39C1905-39AF-4ADF-AED0-BE646F2DE72A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{A70A6D8C-9190-41F6-B8DA-4DDFB6B17346}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{A8114DB8-283A-4ED8-8F92-D0C30C7F0218}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
    "{AA72203D-3E00-43EE-B9AA-4B603BFDDCAB}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{ACA492F5-E265-400D-8526-BB7C2EB4FC40}" = protocol=17 | dir=in | app=c:\users\victor\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "{AD4309B2-9FD4-494D-A21D-83F834EABA56}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AF7F2F1D-25BB-47A3-B5EE-E84591636139}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
    "{BBE16E26-8FE1-4F4C-B257-63FEA832E45A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{BD7B3183-8900-4B32-A02E-4918FAE60C62}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
    "{C426027C-052F-40F7-AD3D-0AB54D750528}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{C8F28BB0-41AA-4475-BA17-F9DD8B52B5D5}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
    "{CB6BFCEB-4E73-4FA7-8ADD-7EAB3F053CC7}" = dir=in | app=c:\program files (x86)\jenkins\jre\bin\java.exe |
    "{D5B3F977-4CC2-4325-91E6-E2C151D781A5}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid\vid.exe |
    "{E1C129C1-806A-4E04-867F-2BCA11401BD3}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{E48EDE1A-E5FA-4F63-9379-80BEBD9E4E92}" = protocol=17 | dir=in | app=f:\documents\downloads\programs\pdfconvertersetup.exe |
    "{EA47ED56-7870-423E-ACF6-43C04CC1E499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{EBAB0A0D-5884-488F-8602-616B48733723}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ED7FA394-AD20-4B81-838A-7E2A7B61604C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
    "{EE3AC5F3-4447-4676-85B6-BE9B4407A8DD}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
    "{F69E3C6D-AF06-4FC9-86BB-94044582FF2E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{F86444CD-C5D3-4ABB-B74D-790783AFFF0F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
    "{FBC64029-835E-4F9B-9374-C5D62F2281A0}" = protocol=6 | dir=in | app=c:\users\victor\appdata\local\google\google talk plugin\googletalkplugin.exe |
    "TCP Query User{04E985E4-2732-4273-82D7-6880898C8B30}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
    "TCP Query User{135D0CF7-D888-47ED-AE6F-E1FB569BD8DB}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\java.exe |
    "TCP Query User{156110A0-DEC5-4A4D-AC00-AFE0A0E13003}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "TCP Query User{1614F660-6886-412D-B7F1-8C6D38EB62AF}E:\portal 2\portal2.exe" = protocol=6 | dir=in | app=e:\portal 2\portal2.exe |
    "TCP Query User{23C5836F-D04C-40B2-9BF8-E61F6BF4F24A}F:\matlab\r2009a\bin\win64\matlab.exe" = protocol=6 | dir=in | app=f:\matlab\r2009a\bin\win64\matlab.exe |
    "TCP Query User{2A547981-696D-427E-80C7-C5BF133C4952}C:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe |
    "TCP Query User{3DF7A8AC-D9DB-4908-949E-39D4E13B5709}C:\program files (x86)\internet download manager\idman.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |
    "TCP Query User{4DFFA5D6-570D-45B9-B747-BCAA0680884F}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe |
    "TCP Query User{61AC7E04-C578-4ADB-B339-FEDB1100F7E0}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "TCP Query User{6AAAAE3D-EB5A-4ADA-B379-EFA0C68E7A34}C:\program files (x86)\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
    "TCP Query User{77E6D801-B51C-4FF1-B5E9-A360D54C977E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "TCP Query User{87D6A528-6973-4563-95DF-9F882038ED92}C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe |
    "TCP Query User{9C77ACE7-E19B-4F1D-AD1D-8C3AB87F6588}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=6 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe |
    "TCP Query User{B9BE0835-7EDE-4287-8456-711A496C5E23}C:\program files\java\jdk1.6.0_21\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\java.exe |
    "TCP Query User{CB9DED6D-59EA-44D0-A57B-1491A093502C}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
    "TCP Query User{D5309FCC-8510-47F1-83B0-8C05FE71E2C8}C:\ruby187\bin\ruby.exe" = protocol=6 | dir=in | app=c:\ruby187\bin\ruby.exe |
    "TCP Query User{DFFA323A-4E0D-45C0-91AA-0CA6992302A9}F:\half-life 2\hl2.exe" = protocol=6 | dir=in | app=f:\half-life 2\hl2.exe |
    "TCP Query User{F05B0750-F567-44F6-B5B8-6EFA48418199}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
    "TCP Query User{F45EB35E-7073-4104-AC46-EFB8590254C8}C:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
    "TCP Query User{FA5467CB-ADE4-4A95-B298-92EA25DCA0F5}F:\program files\xming\xming.exe" = protocol=6 | dir=in | app=f:\program files\xming\xming.exe |
    "UDP Query User{04FA52D3-79B8-4C8A-BA42-CB614622069C}C:\program files (x86)\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget\flashget.exe |
    "UDP Query User{08BD635B-6171-4288-A6B2-85287424E2D2}C:\railsinstaller\ruby1.9.3\bin\ruby.exe" = protocol=17 | dir=in | app=c:\railsinstaller\ruby1.9.3\bin\ruby.exe |
    "UDP Query User{08D8AEDC-70C9-4DD4-BAA5-00959B65C99E}C:\program files (x86)\internet download manager\idman.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet download manager\idman.exe |
    "UDP Query User{0DF021AB-B8BC-41F6-98DA-86090556F856}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
    "UDP Query User{0EFF65F4-FDC5-4F81-9E62-D97731951088}C:\program files\java\jdk1.6.0_21\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\java.exe |
    "UDP Query User{2495B5ED-1104-40BC-AA51-797E7B0899AB}C:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\jre\bin\javaw.exe |
    "UDP Query User{2DBE922C-AF07-4E23-8A0F-6DD687C36BB5}C:\ruby187\bin\ruby.exe" = protocol=17 | dir=in | app=c:\ruby187\bin\ruby.exe |
    "UDP Query User{42343B94-5B87-48E4-8DE2-BD5046738423}F:\matlab\r2009a\bin\win64\matlab.exe" = protocol=17 | dir=in | app=f:\matlab\r2009a\bin\win64\matlab.exe |
    "UDP Query User{4389CF59-A695-466D-B7FA-E800ED3024BD}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
    "UDP Query User{538E6DB3-4FD9-444F-8B4C-3D0DE579F2EC}F:\half-life 2\hl2.exe" = protocol=17 | dir=in | app=f:\half-life 2\hl2.exe |
    "UDP Query User{658C7315-27B0-4C16-95D2-F13DC9E2390C}E:\portal 2\portal2.exe" = protocol=17 | dir=in | app=e:\portal 2\portal2.exe |
    "UDP Query User{76B40D9F-D33C-47CF-9AC3-3B73EBDB91F8}C:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\need for speed(tm) hot pursuit\nfs11.exe |
    "UDP Query User{8816F5E9-2636-43E1-A3F3-40B8B814195F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
    "UDP Query User{8B46E2EA-3047-4A60-BEBD-F397D9038C80}C:\program files\java\jdk1.6.0_21\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_21\bin\java.exe |
    "UDP Query User{90CB1520-A437-438E-BEF0-5A134376DF6A}C:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jetbrains\rubymine 4.0.3\bin\rubymine.exe |
    "UDP Query User{9344A32B-096E-4D5A-B6D7-8AA4410FC756}C:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon3\modules\mxminithunder\thundermini.exe |
    "UDP Query User{BFAF7138-8013-48AE-8CD6-73DE834BBEE1}F:\program files\xming\xming.exe" = protocol=17 | dir=in | app=f:\program files\xming\xming.exe |
    "UDP Query User{D926CC7E-A6F2-41D4-8178-74A7038957A9}C:\wamp\bin\apache\apache2.2.17\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe |
    "UDP Query User{DFE353C7-BDD2-4766-B791-3F13A6C3FDDB}C:\program files (x86)\unified remote\remoteserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\unified remote\remoteserver.exe |
    "UDP Query User{FDE7D1F9-DB07-4A39-886F-05D21D99A423}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{64A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21 (64-bit)
    "{64A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10 (64-bit)
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
    "{71EFF430-1A34-423E-8EAF-A80173960A8E}" = TortoiseSVN 1.7.10.23359 (64 bit)
    "{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C19AEBA-B433-4D1F-88AC-343F5CD88369}" = MySQL Server 5.1
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
    "{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
    "{C0C31BCC-56FB-42a7-8766-D29E1BD74C7d}" = Python 2.7.3 (64-bit)
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
    "54C7C567898ADB9173D5761C17924A844122BDCE" = Windows Driver Package - mikroElektronika (USB18PRG) ClassName (07/10/2010 6.1.7600)
    "A627DA08A5F362713EB4C440F904A2D1B8CD7E74" = Windows Driver Package - BeagleBone CDM Driver Package - VCP Driver (03/18/2011 2.08.14)
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "E115CC79390C233F94F72330FE3603A63E5204E2" = Windows Driver Package - BeagleBone CDM Driver Package - Bus/D2XX Driver (03/18/2011 2.08.14)
    "F8DB389D3D629D89F82795C4EB490AE50D7FB01E" = Windows Driver Package - Linux Developer Community Net (06/21/2006 6.0.6000.16384)
    "MatlabR2009a" = MATLAB R2009a
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "nbi-glassfish-mod-3.1.1.12.0" = GlassFish Server Open Source Edition 3.1.1
    "nbi-nb-base-7.0.1.0.0" = NetBeans IDE 7.0.1
    "Sublime Text 2_is1" = Sublime Text 2.0.1
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
     
  25. Carnarvaro

    Carnarvaro TS Rookie Topic Starter Posts: 31

    Ignore this above post - looks like I laready posted its contents
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...