Inactive [A] Svchost.exe trojan.agent + Rootkit.boot.Pihar.c

Status
Not open for further replies.
Looks good.

How is computer doing?

================================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Windows just recovered from an unexpected shut down. I still have the svchost.exe issue along with the Rootkit.boot.Pihar.c
======================================================================
 
OTL logfile created on: 7/1/2012 2:57:59 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Lotus\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 48.39% Memory free
9.36 Gb Paging File | 7.29 Gb Available in Paging File | 77.88% Paging File free
Paging file location(s): C:\pagefile.sys 5754 5754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 94.05 Gb Free Space | 32.89% Space Free | Partition Type: NTFS
Drive G: | 591.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 5.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DRAGON | User Name: Lotus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/01 14:17:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lotus\Desktop\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/30 01:36:25 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009/10/17 00:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
PRC - [2009/10/17 00:39:40 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/24 18:42:32 | 000,261,888 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
PRC - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/09/10 09:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/31 22:19:12 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2009/08/04 01:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/10 18:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Program Files (x86)\MagicDisc\MagicDisc.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/30 01:36:25 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2009/05/20 02:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/08 13:42:32 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/14 09:30:58 | 000,800,624 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/08/05 03:44:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/17 00:41:10 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/24 18:42:28 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/09/10 09:42:46 | 000,305,448 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 05:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 05:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/28 13:14:02 | 000,070,760 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCTBD64.sys -- (PCTBD)
DRV:64bit: - [2011/06/06 18:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/11/08 23:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/10/17 00:41:16 | 000,445,640 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2009/10/14 09:30:04 | 000,044,664 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV:64bit: - [2009/10/14 09:30:04 | 000,032,888 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2009/10/12 18:15:26 | 000,351,248 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2009/10/12 18:15:26 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/10/04 21:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/08/05 04:23:00 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 06:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:09:15 | 000,145,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/07/02 01:15:26 | 000,202,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/25 22:34:24 | 000,219,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/25 04:38:20 | 000,966,144 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/05/05 04:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/04/03 10:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273601105635l03c4z115t48k2v600
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5538&r=273601105635l03c4z115t48k2v600
IE - HKLM\..\URLSearchHook: {aac4043a-8832-4abe-9963-35377f30b8e6} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536667


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=MSNTDF&PC=MSNTDF&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=941a6bbf00000000000000259cde47df
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...tEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...coding}&sourceid=ie7&rlz=1I7ACAW_enUS364US364
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2536667
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-i3752
IE - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lotus\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/06/12 18:37:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/30 04:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\Spyware Doctor\BDT\Firefox\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/06/12 18:06:03 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\14.0.835.187\pdf.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/07/01 03:16:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (no name) - {aac4043a-8832-4abe-9963-35377f30b8e6} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {aac4043a-8832-4abe-9963-35377f30b8e6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PCHealthBoost] "C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe" /s File not found
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Lotus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O4 - Startup: C:\Users\Lotus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ubisoft register.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..Trusted Domains: btjunkie.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..Trusted Domains: btjunkie.org ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..Trusted Domains: evony.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..Trusted Domains: ivytech.edu ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1228520339-2595029199-2838376600-1000\..Trusted Domains: yahoo.com ([www] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65E39617-799C-4DD1-9829-DCED98053FA7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BCA9776-5AB0-43D7-9DE4-C8335CE5CE19}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9E25B191-B249-4EEC-9575-75D245A93718}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1CE37E8-56B6-454A-AFD6-9B15719143A0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDECF472-6803-4EEC-861E-C63FDDA8E9EA}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/21 20:09:24 | 000,000,337 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2002/09/09 23:18:28 | 000,049,152 | R--- | M] (Microsoft Corporation) - G:\AUTORUN2.EXE -- [ CDFS ]
O32 - AutoRun File - [2001/04/18 11:23:00 | 000,000,041 | R--- | M] () - J:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2007/03/06 23:19:18 | 000,000,000 | R--D | M] - K:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007/02/25 00:23:24 | 000,000,047 | R--- | M] () - K:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007/03/02 05:31:43 | 000,162,880 | R--- | M] () - K:\autorun.exe -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========

[2012/07/01 14:17:10 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Lotus\Desktop\OTL.exe
[2012/07/01 12:52:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/01 01:24:29 | 004,567,958 | R--- | C] (Swearware) -- C:\Users\Lotus\Desktop\ComboFix.exe
[2012/07/01 01:09:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/06/30 15:29:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Lotus\Desktop\dds.scr
[2012/06/30 15:24:48 | 000,000,000 | ---D | C] -- C:\Users\Lotus\Desktop\Virus - Saturday
[2012/06/27 18:18:22 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\Unity
[2012/06/27 18:16:15 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\.mono
[2012/06/27 18:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\.mono
[2012/06/27 17:27:51 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Local\Unity
[2012/06/18 23:11:40 | 000,000,000 | ---D | C] -- C:\Users\Lotus\Desktop\New folder
[2012/06/17 14:46:23 | 000,000,000 | ---D | C] -- C:\Users\Lotus\Desktop\My CD Tracks
[2012/06/15 23:12:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DIABLO MULE
[2012/06/14 09:44:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RELOADED
[2012/06/14 09:27:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sins of a Solar Empire Rebellion
[2012/06/14 03:16:49 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\ApplicationData
[2012/06/14 02:02:40 | 000,000,000 | ---D | C] -- C:\13e7c5c121ce82a898152841
[2012/06/12 21:04:37 | 000,000,000 | ---D | C] -- C:\Windows\AutoKMS
[2012/06/12 20:09:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/06/12 18:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2012/06/12 18:22:37 | 000,000,000 | ---D | C] -- C:\Users\Lotus\Documents\ForceField Shared Files
[2012/06/12 18:22:25 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\CheckPoint
[2012/06/12 18:22:13 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\MailFrontier
[2012/06/12 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/06/12 18:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm
[2012/06/12 18:05:17 | 000,157,712 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kl1.sys
[2012/06/12 18:05:08 | 000,351,248 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/06/12 18:03:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2012/06/12 18:02:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs
[2012/06/12 18:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/06/12 18:01:45 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2012/06/12 02:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Start Orb Manager
[2012/06/12 01:00:44 | 000,712,704 | ---- | C] (Ralink Technology, Corp.) -- C:\Windows\SysNative\netr28x.sys
[2012/06/12 01:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Ralink
[2012/06/12 00:58:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Broadcom
[2012/06/12 00:57:07 | 001,542,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/06/12 00:57:07 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012/06/12 00:57:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2012/06/12 00:56:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/06/11 18:33:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/06/11 18:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/06/10 05:15:55 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2012/06/10 04:31:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/06/10 00:26:06 | 000,000,000 | R--D | C] -- C:\Users\Lotus\Desktop\Project X
[2012/06/10 00:15:38 | 000,000,000 | R--D | C] -- C:\Users\Lotus\Desktop\MS OFFICE PROGRAMS
[2012/06/09 23:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/06/09 23:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/06/09 22:59:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012/06/09 21:00:37 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\Yahoo!
[2012/06/09 20:17:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/06/09 20:15:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/06/09 20:12:59 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/06/09 01:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/09 01:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/08 21:23:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hewlett-Packard Company
[2012/06/08 21:23:21 | 000,000,000 | ---D | C] -- C:\DriveKey
[2012/06/07 17:28:29 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\BabylonToolbar
[2012/06/07 17:27:47 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\Babylon
[2012/06/07 17:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\SmartPCFixer
[2012/06/07 07:19:13 | 000,070,760 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTBD64.sys
[2012/06/07 03:52:28 | 000,000,000 | ---D | C] -- C:\Users\Lotus\Documents\PPT to Video Pro Log Files
[2012/06/06 02:02:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/06/06 02:02:41 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/06/06 02:02:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP250 series
[2012/06/06 02:01:59 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/06/04 18:57:31 | 000,000,000 | ---D | C] -- C:\Users\Lotus\Documents\Command & Conquer 3 Tiberium Wars
[2012/06/04 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2012/06/04 18:51:14 | 000,000,000 | RH-D | C] -- C:\Users\Lotus\AppData\Roaming\SecuROM
[2012/06/04 18:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2012/06/04 07:51:07 | 000,000,000 | ---D | C] -- C:\Users\Lotus\AppData\Roaming\YourFileDownloader
[2010/05/12 05:41:35 | 001,821,008 | ---- | C] (Microsoft Corporation) -- C:\Users\Lotus\InstMsiW.Exe
[2010/05/12 05:41:35 | 001,707,856 | ---- | C] (Microsoft Corporation) -- C:\Users\Lotus\InstMsiA.Exe
[2010/05/12 05:41:35 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Users\Lotus\Setup.Exe
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/01 14:57:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/01 14:17:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Lotus\Desktop\OTL.exe
[2012/07/01 12:54:01 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\pdfl.dat
[2012/07/01 12:52:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/01 12:48:17 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:48:17 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/01 12:43:20 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/07/01 12:42:39 | 000,000,434 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/07/01 12:41:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/01 12:40:56 | 805,744,595 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/01 12:40:53 | 3016,790,016 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/01 03:16:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/01 01:24:31 | 004,567,958 | R--- | M] (Swearware) -- C:\Users\Lotus\Desktop\ComboFix.exe
[2012/06/30 15:29:18 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Lotus\Desktop\dds.scr
[2012/06/30 06:56:48 | 000,007,611 | ---- | M] () -- C:\Users\Lotus\AppData\Local\Resmon.ResmonCfg
[2012/06/29 14:31:45 | 000,107,766 | ---- | M] () -- C:\Users\Lotus\Desktop\metallica_one.gp4
[2012/06/25 03:49:55 | 000,795,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 03:49:55 | 000,671,426 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 03:49:55 | 000,126,480 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/15 23:53:25 | 000,140,450 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2012/06/15 23:27:58 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2012/06/15 23:27:58 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2012/06/14 09:35:18 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Sins of a Solar Empire Rebellion.lnk
[2012/06/14 04:47:15 | 004,996,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 18:06:52 | 000,001,484 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/06/12 18:05:49 | 000,000,144 | ---- | M] () -- C:\Windows\SysWow64\lkfl.dat
[2012/06/12 18:05:49 | 000,000,080 | ---- | M] () -- C:\Windows\SysWow64\ibfl.dat
[2012/06/12 05:11:42 | 000,002,341 | ---- | M] () -- C:\Users\Lotus\Desktop\Internet Explorer.lnk
[2012/06/11 23:46:49 | 002,628,973 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/06/11 18:11:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2012/06/10 01:06:40 | 000,001,748 | ---- | M] () -- C:\Users\Lotus\Desktop\Downloads.lnk
[2012/06/10 01:05:08 | 000,001,745 | ---- | M] () -- C:\Users\Lotus\Desktop\Movies.lnk
[2012/06/09 01:45:00 | 000,001,102 | ---- | M] () -- C:\Users\Lotus\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/08 22:23:32 | 000,000,019 | ---- | M] () -- C:\Users\Lotus\AppData\Local\llftool.license
[2012/06/08 22:21:12 | 000,000,001 | ---- | M] () -- C:\Users\Lotus\AppData\Local\llftool.4.25.agreement
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/29 16:25:51 | 805,744,595 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/29 14:31:44 | 000,107,766 | ---- | C] () -- C:\Users\Lotus\Desktop\metallica_one.gp4
[2012/06/14 09:35:18 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Sins of a Solar Empire Rebellion.lnk
[2012/06/14 09:35:17 | 000,001,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sins of a Solar Empire Rebellion.lnk
[2012/06/12 21:04:38 | 000,000,266 | ---- | C] () -- C:\Windows\tasks\AutoKMS.job
[2012/06/12 18:15:45 | 004,996,456 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 18:05:49 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\pdfl.dat
[2012/06/12 18:05:49 | 000,000,144 | ---- | C] () -- C:\Windows\SysWow64\lkfl.dat
[2012/06/12 18:05:49 | 000,000,080 | ---- | C] () -- C:\Windows\SysWow64\ibfl.dat
[2012/06/12 18:03:37 | 000,001,484 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/06/12 05:10:31 | 000,002,341 | ---- | C] () -- C:\Users\Lotus\Desktop\Internet Explorer.lnk
[2012/06/12 01:00:44 | 000,354,096 | ---- | C] () -- C:\Windows\SysNative\netr28x.inf
[2012/06/12 01:00:44 | 000,021,612 | ---- | C] () -- C:\Windows\SysNative\netr28x.cat
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4328_Update64D.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4328_Update64C.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Update64D.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Update64C.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Update64D.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Update64C.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4315_Update64D.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4315_Update64C.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4312_Update64D.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4312_Update64C.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4311_Update64D.BAT
[2012/06/12 00:58:59 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4311_Update64C.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4328_Remove64D.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4328_Remove64C.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Remove64D.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0312_Remove64C.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Remove64D.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4318_0311_Remove64C.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4315_Remove64D.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4315_Remove64C.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4312_Remove64D.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4312_Remove64C.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4311_Remove64D.BAT
[2012/06/12 00:58:59 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4311_Remove64C.BAT
[2012/06/12 00:58:58 | 000,681,508 | ---- | C] () -- C:\Windows\SysNative\bcmwl6.inf
[2012/06/12 00:58:57 | 000,012,067 | ---- | C] () -- C:\Windows\SysNative\bcm43xx64.cat
[2012/06/12 00:58:57 | 000,011,638 | ---- | C] () -- C:\Windows\SysNative\bcm43xx.cat
[2012/06/12 00:58:57 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4357_Update64D.BAT
[2012/06/12 00:58:57 | 000,000,074 | ---- | C] () -- C:\Windows\SysNative\4357_Update64C.BAT
[2012/06/12 00:58:57 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\4357_Update32D.BAT
[2012/06/12 00:58:57 | 000,000,072 | ---- | C] () -- C:\Windows\SysNative\4357_Update32C.BAT
[2012/06/12 00:58:57 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4357_Remove64D.BAT
[2012/06/12 00:58:57 | 000,000,063 | ---- | C] () -- C:\Windows\SysNative\4357_Remove64C.BAT
[2012/06/12 00:58:57 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\4357_Remove32D.BAT
[2012/06/12 00:58:57 | 000,000,061 | ---- | C] () -- C:\Windows\SysNative\4357_Remove32C.BAT
[2012/06/12 00:57:07 | 000,297,953 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/06/12 00:57:07 | 000,049,449 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/06/11 18:11:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2012/06/10 19:19:13 | 000,007,611 | ---- | C] () -- C:\Users\Lotus\AppData\Local\Resmon.ResmonCfg
[2012/06/09 01:45:00 | 000,001,102 | ---- | C] () -- C:\Users\Lotus\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/06/08 22:21:21 | 000,000,019 | ---- | C] () -- C:\Users\Lotus\AppData\Local\llftool.license
[2012/06/08 22:21:12 | 000,000,001 | ---- | C] () -- C:\Users\Lotus\AppData\Local\llftool.4.25.agreement
[2012/06/07 07:18:43 | 002,628,973 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/31 10:31:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/31 10:31:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/31 10:31:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/31 10:31:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/31 10:31:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/02 22:55:52 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/04/21 17:22:50 | 000,164,673 | ---- | C] () -- C:\Windows\hphins32.dat
[2012/03/11 22:26:57 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/11 22:26:57 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/13 11:30:13 | 000,000,565 | ---- | C] () -- C:\Users\Lotus\AppData\Roaming\myMPQ.ini
[2011/11/07 05:55:11 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
[2011/09/14 11:47:40 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/09/05 10:27:07 | 000,140,450 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/09/02 03:08:46 | 000,000,493 | ---- | C] () -- C:\Windows\EReg072.dat
[2011/04/20 16:16:15 | 000,001,249 | ---- | C] () -- C:\Windows\SysWow64\mail.dat
[2011/04/20 16:16:09 | 000,000,518 | ---- | C] () -- C:\Windows\SysWow64\mess.dat
[2011/04/18 06:08:14 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011/03/06 22:12:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/25 19:04:24 | 000,193,964 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/12/03 22:30:35 | 000,000,042 | ---- | C] () -- C:\Windows\Pt.dll
[2010/12/03 21:21:20 | 000,000,026 | ---- | C] () -- C:\Windows\marscam.ini
[2010/12/03 21:19:52 | 000,000,000 | ---- | C] () -- C:\Windows\PTWebCam.INI
[2010/10/22 16:19:19 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/10/15 22:02:42 | 000,000,093 | ---- | C] () -- C:\Users\Lotus\AppData\Local\fusioncache.dat
[2010/10/15 21:54:03 | 000,790,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/06 12:21:23 | 000,001,051 | ---- | C] () -- C:\Users\Lotus\Music - Shortcut.lnk
[2010/06/10 18:33:34 | 000,001,008 | ---- | C] () -- C:\Users\Lotus\communicator_config.xml
[2010/05/12 05:41:35 | 002,512,896 | ---- | C] () -- C:\Users\Lotus\PTEditor17.msi
[2010/03/09 08:24:05 | 000,006,656 | ---- | C] () -- C:\Users\Lotus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/06/15 22:54:00 | 000,000,000 | ---D | M] -- C:\Users\DIABLO II\AppData\Roaming\#ISW.FS#
[2012/06/15 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\DIABLO II\AppData\Roaming\Acer
[2012/06/15 22:53:53 | 000,000,000 | ---D | M] -- C:\Users\DIABLO II\AppData\Roaming\CheckPoint
[2012/06/15 22:53:24 | 000,000,000 | ---D | M] -- C:\Users\DIABLO II\AppData\Roaming\Leadertech
[2012/06/15 22:53:51 | 000,000,000 | ---D | M] -- C:\Users\DIABLO II\AppData\Roaming\MailFrontier
[2012/06/27 18:16:15 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\.mono
[2010/01/30 01:35:31 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Acer
[2012/06/14 03:35:09 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\ApplicationData
[2011/09/05 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Atari
[2012/06/29 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Audacity
[2010/08/26 02:34:19 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Autodesk
[2012/06/07 17:27:47 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Babylon
[2012/06/07 17:28:29 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\BabylonToolbar
[2012/01/29 18:58:34 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Blender Foundation
[2012/01/28 22:10:29 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/12 18:22:25 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\CheckPoint
[2010/06/02 18:46:13 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/04 18:56:45 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2010/08/18 04:01:59 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\CyberMotion 3D-Designer
[2011/08/01 00:56:52 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Dev-Cpp
[2011/04/29 15:55:46 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Echo Software
[2012/01/26 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\GetRightToGo
[2010/05/14 09:19:24 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Guitar Pro 6
[2011/03/26 08:45:52 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\ImgBurn
[2010/01/30 01:35:30 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Leadertech
[2010/10/22 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\LolClient
[2012/06/12 18:22:14 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\MailFrontier
[2011/03/29 02:28:49 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\nswb
[2011/07/21 20:26:53 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Petroglyph
[2010/05/27 04:45:26 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\SoftDMA
[2012/01/28 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/25 00:21:51 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Stardock
[2010/02/11 05:45:39 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\StealthBot
[2011/03/28 00:21:25 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\TeamViewer
[2010/04/25 17:29:23 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Thinstall
[2011/10/16 16:44:53 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Tific
[2010/02/09 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\TuneUp Software
[2010/10/15 22:03:38 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Turbine
[2011/04/30 22:35:01 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Uniblue
[2012/06/27 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Unity
[2012/06/30 06:45:12 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\uTorrent
[2010/12/25 19:10:46 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\Windows Live Writer
[2012/06/04 07:51:07 | 000,000,000 | ---D | M] -- C:\Users\Lotus\AppData\Roaming\YourFileDownloader
[2012/07/01 12:43:20 | 000,000,266 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/05/12 14:10:46 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 255 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:C31F31E6
< End of report >
 

Attachments

  • OTL.Txt
    129.1 KB · Views: 0
OTL Extras logfile created on: 7/1/2012 2:19:40 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Lotus\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 57.14% Memory free
9.36 Gb Paging File | 7.50 Gb Available in Paging File | 80.13% Paging File free
Paging file location(s): C:\pagefile.sys 5754 5754 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 94.05 Gb Free Space | 32.89% Space Free | Partition Type: NTFS
Drive G: | 591.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 549.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 5.15 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: DRAGON | User Name: Lotus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Lotus\AppData\Roaming\3330D2.exe" = C:\Users\Lotus\AppData\Roaming\3330D2.exe:*:Enabled:Windows Messanger
"C:\Users\Lotus\AppData\Roaming\3330D2.exe" = C:\Users\Lotus\AppData\Roaming\3330D2.exe:*:Enabled:Windows Messanger


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011F64F0-31DD-4F0B-B7BF-0FE0C71A4AB6}" = lport=6988 | protocol=6 | dir=in | name=league of legends launcher |
"{015428CF-D0D8-4D37-AA85-5FE0809E5FBA}" = lport=6913 | protocol=6 | dir=in | name=league of legends launcher |
"{07990D99-0EE0-416B-B461-ABFC4A997DE2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{07F1C27E-BF79-4030-98B5-88651A45C6B8}" = rport=2869 | protocol=6 | dir=out | app=system |
"{0E530FB2-E9EC-4593-A728-AB7965B0A52E}" = lport=6942 | protocol=17 | dir=in | name=league of legends launcher |
"{1066B171-BE76-4D79-A465-B93D6BFDCA32}" = lport=6988 | protocol=17 | dir=in | name=league of legends launcher |
"{14227E49-F105-4047-B933-4EE2A82B3014}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A030CA-7C9F-4678-A043-5336AB36A9E1}" = lport=6885 | protocol=17 | dir=in | name=league of legends launcher |
"{1C7FFA37-CF1D-4A7E-9931-DDDF14AD1F63}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1DA9C17C-D032-4F67-B728-F8F74445E6B5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{20A722F6-0B91-4CC2-BC55-7DBE9B206E94}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{213188BC-2DF3-4069-A196-A617B98EFEDE}" = lport=6979 | protocol=6 | dir=in | name=league of legends launcher |
"{268021FD-4017-4AF5-9EB8-2CDA9F385D99}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2B1631DF-28AF-4D30-ACAE-AAFDAAF6235D}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby |
"{2C4A137C-5E08-4DD3-9F72-B9EC41FAC557}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2DE69607-1340-4996-8F26-B0965A5D08B9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2DEC6CCF-9DD7-4ECF-8969-B20D0D429CB6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2FE9402F-6E75-4C6A-80E0-FDD8F8C58487}" = lport=6943 | protocol=17 | dir=in | name=league of legends launcher |
"{332B9B8E-4028-4834-A8AF-912C3031D3D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{33C44E02-5C9C-4808-988B-2C21DFC1CAAE}" = lport=8382 | protocol=6 | dir=in | name=league of legends launcher |
"{349C795D-3BB5-47A7-88A7-F675762CD2B3}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B44DB2A-B55F-450B-BD39-B2AD57272CC9}" = lport=8383 | protocol=17 | dir=in | name=league of legends launcher |
"{4548154A-4F28-4EBD-958C-6199A39C2F24}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4586CB25-5DC5-4D26-A8E0-10CC6FD39A90}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4638B555-5714-455C-8ECB-4312F0E18135}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby |
"{475F2C25-EF12-49AB-9CBF-02CC08D1637D}" = rport=445 | protocol=6 | dir=out | app=system |
"{48DD25BC-6362-42A9-BFD3-1AEDC8621144}" = lport=6913 | protocol=17 | dir=in | name=league of legends launcher |
"{4ADC2F1E-A676-4A11-BBFF-E1121DCBBE9E}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4B8C8B66-554D-439D-9779-937AEDFA2EAF}" = lport=8381 | protocol=6 | dir=in | name=league of legends launcher |
"{514380E0-A1F1-41D7-BB87-3F7DD08B0042}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{580F5928-E896-4F22-A32A-74D079136A34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5982E684-807B-4839-B2A5-5FC225635063}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{5A0D3E72-BF4D-49B7-A2F5-C336FE46CB40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A751244-1DA5-44FA-B3A5-BD4CF9B3A41E}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client |
"{6129C844-8F90-4FD7-9621-EB51568AA481}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6BDCCDAF-2049-49D8-B726-DF14DA038754}" = lport=139 | protocol=6 | dir=in | app=system |
"{6E630F8A-C8CA-437A-A209-071AE5471A8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6F123279-8994-43F7-B5E7-7F3BF7E743DF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7238BBEA-29DA-4B3B-8BE0-47187505AFFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7969834F-69C6-4F44-AD3C-32A019F6E824}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7A6CD59B-9994-4A05-987B-8C8B2D785B52}" = lport=8383 | protocol=6 | dir=in | name=league of legends launcher |
"{7F8193D5-441F-465D-9A74-8FCAB0FAF163}" = lport=6113 | protocol=6 | dir=in | name=starcraft 2 |
"{8BE41ACC-A9CA-46DD-BA7F-03F4523AAEC8}" = lport=3390 | protocol=6 | dir=in | app=system |
"{8C11FFD8-FF8C-40C7-B6B5-605938B60838}" = lport=6885 | protocol=6 | dir=in | name=league of legends launcher |
"{8C8F371F-553F-4A0A-8BF4-3A5A05513970}" = lport=6942 | protocol=6 | dir=in | name=league of legends launcher |
"{8ED8D415-E688-481A-872B-42AF00CED054}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9C602390-0D49-4933-AB94-E90866B052E6}" = lport=8381 | protocol=17 | dir=in | name=league of legends launcher |
"{9EE482FD-2351-46E5-B29C-85648639E060}" = lport=6943 | protocol=6 | dir=in | name=league of legends launcher |
"{9FB7A5BA-7F5F-429B-A99B-C17C37D85017}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client |
"{A06EFD3B-7698-42C7-A6A4-06D6A9C572B1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A087DC0F-24DB-4F25-BCDE-3E81433AD5BB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{A2E754FF-4CED-408F-A75E-EC5E47524079}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{A4F4AA81-8113-46B5-A019-22B63AD657D9}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{A5C2B290-E2EC-4A0F-A745-F97CC1FA80B7}" = rport=139 | protocol=6 | dir=out | app=system |
"{AA88DD8F-44C3-49AD-886D-BA3A86B6C67A}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{AA8CF486-2618-438A-A818-16A777E32F3E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AB7E5AC0-ACA7-47F7-9C69-84906E49C6FE}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B2823ABF-FA4E-4810-A8BC-717D65F639D2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7638DA4-4A81-483C-A9DF-4761A532A5A0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA5D3407-E792-49A9-B616-B95CFB236D3C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C01D1D6F-88FD-49E4-B2D2-8BECA16BBEBD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4DCFD52-6EE0-41D4-9BEB-47DBB3E53D26}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C68140F2-9846-44E7-A111-95AC8861206C}" = lport=3390 | protocol=6 | dir=in | app=system |
"{C99A8AD2-5AB4-4CCC-A5BD-38C19CF1F6BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CAB25FCB-AFD8-44DB-8B32-0D67BB9DCFEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CBF65404-9F8C-4E67-AECA-02D23DF3E4D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCBC7F51-1F23-497C-B616-BDD35215E307}" = lport=445 | protocol=6 | dir=in | app=system |
"{CE9F95EE-A634-480D-9750-92800F98EC9C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D1A910CF-BDED-4971-A68E-B5E65CFA3522}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D31D5953-BA99-4CB3-B637-DC408AA81A23}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D7715FFD-764E-4854-9EAE-DB91250B26B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D8C833B6-6301-42BF-A4C4-1A3A9CA0B05B}" = lport=8382 | protocol=17 | dir=in | name=league of legends launcher |
"{E0D7F264-34D8-41CD-9D46-EB8F368284DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E1990344-1669-47D3-B92D-692177F368A4}" = lport=6979 | protocol=17 | dir=in | name=league of legends launcher |
"{EA268999-C62C-446B-B868-282EA512D224}" = lport=138 | protocol=17 | dir=in | app=system |
"{ED2FFFA2-E4ED-454A-ADFC-C4ACBB84F065}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ED9E4D32-E35E-49AF-A348-D03A9ED3DFF4}" = lport=137 | protocol=17 | dir=in | app=system |
"{EF0F24DC-B108-4567-A51E-9774A54A2A41}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F1CB4FE0-D03E-4BA6-ADE7-F7B9089E7710}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F43E8D6B-008C-474C-A7E7-A9A73B3A2E6A}" = lport=10244 | protocol=6 | dir=in | app=system |
"{F85152CE-A71B-41E5-A4A9-1253F7F45AD6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA4EC3D7-C04F-4DD3-8143-95F7BBE75CC7}" = rport=137 | protocol=17 | dir=out | app=system |
"{FC55B1C5-1891-4ADB-B8C1-1373BDD1960E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF42FB86-4C08-4422-A2BC-1A25494359F4}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFC2B039-2099-410B-B536-E42260F9EF27}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C6185F-C689-47AA-95B9-17AD0895CC54}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A5E773E-DC2B-4D23-AFA9-E1D19E4982AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0CEC9524-6BC1-41FB-8C26-3FE55EDA443C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{10E4AFA7-83AB-4C8B-A974-9F839C3A72B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{14B5A284-ED24-41B7-BCCF-291F1771CB07}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{155EBDD3-940B-4BD1-91D2-CCA82908D88A}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{18851D5A-9F6A-4948-8C2F-32BFB0EFC8AE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{1C0EA5DA-61E8-4DEF-AEFE-19AE3CD0290E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1D6AEAF9-83B1-4AE9-BE65-1DA598F7D5D8}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{22D9163F-A5FF-4F4B-BA30-CA6448659985}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FC759BB-986D-4ADB-A100-289882CAA39A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3032E277-057F-4CAE-A6A6-98F260D861C8}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{32FA169E-F336-42DF-BABB-CD702C3A92CB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{33305549-9E7B-47A5-875A-D7CADF57FA5D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{3B821E84-34F7-4D50-AAF9-4E7455A30FDB}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{3C29E6D9-6683-46BB-9F48-696391D4A116}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{3D54CFE2-6286-409F-AA2E-CA3BB1A475EF}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{3E3032BD-C867-43BB-A62E-1DA14AB2C479}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{41C5B3D3-2BC2-4CDF-B8B7-C0F3A0B9BFCF}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{42792D98-FBA0-46E3-B969-2DC7F7F86D45}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4C20AAE1-A83D-4D14-A2B0-76475982CE8F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4C928FCA-FAD7-47E0-95E1-ED515790BD1A}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{53D7BA4A-6F3B-4CF0-8C41-DE61F117CB99}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{56C390AA-A76D-413D-971C-F8B6095C38CE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F67EC7A-61FF-4692-A8F6-765378BEBB3A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{606BF9AF-7A3E-4617-B531-5B41FBB1356C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6085B615-7070-41B1-828D-F9120899FFD5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{613E9237-5B43-4461-8003-899A820F37C2}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{69209A22-575E-47DD-8B31-90380BC58BA0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{692CBEE8-6401-485A-82A9-22110F1C0210}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6C3C8D74-CF65-4456-A859-E20FD5ADA81C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6C6E4C73-16E3-4FE4-9237-F1398D15FCC9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{78666FB8-4F75-4046-84B8-D3E89C3AB92B}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7D0260AD-4093-4767-922E-B60A9402E4E2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7ED9FB72-8EAF-4AD6-9A79-3E3E8E873017}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7F8686C3-EFAA-4162-A548-0F1E2A38FFAE}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{8164BE87-81F1-48DD-BB71-8A0B3A24BD95}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8C2FFDC9-582C-4E05-A1FA-8D8B0DE3610A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8D2CF431-457D-493A-A8E5-14D459804AA5}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{95BFA1F6-B7B3-40FD-87CC-87D20115B17F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{96BC0BDF-44B5-43B7-9F67-B3B49C438D4E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{9723BDD1-BDBF-4763-A16E-835487FF6A49}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{97EC11DB-5848-473D-BDD3-9C81D07BFEA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9839C9FB-ED79-4D7B-99B6-52BB3E538EE5}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{9919F6FC-0493-4D61-AAEB-6D7397ABCA1F}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A0BA5040-C04B-43CF-9F6B-09E695D3B68A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A254C29B-2995-49CD-A383-0631B8226542}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{A3E49211-C7D4-45C8-BDFB-CE87C319CBE3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A419E8CB-82EA-4BCD-8D86-96B0D5367B5E}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A7CC5CD7-AF51-4CD6-8C5B-24C34924372D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1B55D8A-2402-4976-B33B-B7F0F1858826}" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{B297AEE8-7C43-480C-8474-4B73BC4ABA56}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BE630325-3F32-426E-B96E-4B1A7D0FCCC0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5765A39-D0CD-492D-B3C1-85F547EA5811}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6408EB1-76BA-403C-8BCE-99A60F8F94A8}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{CB457500-99FA-4F95-A2C5-FD27FE2A19C9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CBD616AE-8F2F-409F-8D95-3A964DBA56D2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC69900A-FE99-4AEB-B871-F0CB34781473}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CFFCA966-3D2A-4FD6-A804-ECE9FECA9C14}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{D379A469-FCA1-4E01-A653-573A4067F345}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D4BAA005-9D49-428C-8D67-BF50D07D75E9}" = protocol=6 | dir=out | app=system |
"{D77906B9-18CE-4E6A-878F-E0DE0309D526}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{D89F6D8D-01D4-4674-AC40-9E739733538D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{DF241890-454D-439B-B81E-F5200743BFE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DF59D404-6B6E-4F13-A27B-2FA93D8A7CB3}" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe |
"{E460D146-87AD-4401-9134-66C64A4CB953}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2B04039-D0F8-4395-9B45-2CFA1B199C1D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{F62597F0-5FD9-4B4E-ACE1-6E896DF4709D}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{FBB2CA96-FCD4-4CE8-B7E6-284C97D84752}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{FD49C02E-79D0-4FFA-8325-B1E20640F078}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{3BB7B18D-CABA-4912-AD72-5361971E087D}C:\program files (x86)\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"TCP Query User{D2EB0DA3-F689-42E3-95B1-8F5A23090C0D}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"TCP Query User{DB30CA30-0CEE-48C8-B414-98D0BF538DB8}C:\windows\syswow64\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
"UDP Query User{2A50CEC3-F917-4BE3-B9E4-B5FC12D8EA4E}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe |
"UDP Query User{634206F8-3AC8-4114-AE1D-F576B96E6641}C:\program files (x86)\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo ii\game.exe |
"UDP Query User{F1254572-B637-443D-9649-11542A98645F}C:\windows\syswow64\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dpnsvr.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0CC44ABB-62F1-FDA7-02C8-DCCC2A239DDE}" = AMD Fuel
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{119CFC4D-EB75-D47F-1209-032721858C32}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{44E3AB6B-453B-8DAE-9777-1C48F5AB8965}" = AMD Catalyst Install Manager
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{80D3CFFD-4CB5-47A1-8779-11A720A9ADB2}" = HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0074B4B3-C0D7-7A17-091A-BBA813E51049}" = Catalyst Control Center InstallProxy
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03594E81-55C6-4036-BB32-6FB27BC7A497}_is1" = Sid Meier's Civilization V - Game of the Year Edition
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13AE7598-928A-83E7-548B-44FA68242798}" = CCC Help English
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6 Demo
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{203E564A-51E6-44E5-9DF9-8D0AD66E401D}" = DJ_SF_05_D2600_Software_Min
"{211D9A2A-0ECA-7AC7-ABAA-03ED3242F33E}" = AMD VISION Engine Control Center
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 29
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{28999392-5871-4A39-863A-D2A6EA3260AF}" = League of Legends
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C33D2A4-7375-49A1-B32E-1ECD544ADA3C}" = MTXExtractor
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{5066FFF7-0029-BBA3-DD41-D71599987F1B}" = Catalyst Control Center InstallProxy
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52CF142B-7B0E-41E7-98F5-B834122523E7}_is1" = Programmer's Notepad 2
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656C0E21-331E-11DF-81CE-005056806466}" = Google Earth
"{6583D00E-0924-4950-8BE9-5D09FE70B333}" = MTX
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775290AD-C54E-418C-9564-A10836F42C1C}" = D2600
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8427F2DB-5833-4DBB-AFE9-D5358B6DF32F}" = League of Legends
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Wireless LAN Driver Installation Program for Windows7
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2BD6FF-CE8D-47B5-AD9C-0A5C2D54EB3C}" = League of Legends
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{BA688606-4B20-4982-995E-EDADC6A6817E}" = League of Legends
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C735206E-A8D7-2DC8-EADF-744C18174654}" = Acrobat.com
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.91.624
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FDE773CD-9201-4655-87F3-4E051860D47D}" = Ralink Wireless LAN v3.0.2.0 Installation Program for Windows7
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FECCC297-24D6-F2B0-2BEC-446AC0205EEB}" = Catalyst Control Center Graphics Previews Common
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Action Replay Code Manager_is1" = Action Replay Code Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVS Audio CD Creator 3.8_is1" = AVS Audio CD Creator version 3.8
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Disc Creator_is1" = AVS Disc Creator version 4.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"Battle vs. Chess_is1" = Battle vs. Chess
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"conduitEngine" = Conduit Engine
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"Dual Mode Camera_is1" = Uninstall Dual Mode Camera
"DVD Shrink_is1" = DVD Shrink 3.2
"ForceBindIP" = ForceBindIP
"GridVista" = Acer GridVista
"ICCup Launcher_is1" = ICCup Launcher
"Identity Card" = Identity Card
"ImgBurn" = ImgBurn
"Impulse" = Impulse
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"jZip" = jZip
"LManager" = Launch Manager
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Network MagicUninstall" = Network Magic
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PhoTagsExpress" = PhoTags Express
"PowerISO" = PowerISO
"Sins of a Solar Empire Rebellion (c) Stardock_is1" = Sins of a Solar Empire Rebellion (c) Stardock version 1
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"ST6UNST #1" = Hero Editor V1.04
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"Xilisoft AVI to DVD Converter" = Xilisoft AVI to DVD Converter
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2011 5:56:09 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2011 5:56:10 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2011 5:56:10 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/5/2011 5:56:10 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/6/2011 2:47:17 PM | Computer Name = Dragon | Source = Application Error | ID = 1000
Description = Faulting application name: pctsSvc.exe, version: 7.0.0.95, time stamp:
0x4af380db Faulting module name: SDAVgate.dll, version: 7.0.3.28, time stamp: 0x4b04d8c3
Exception
code: 0xc0000005 Fault offset: 0x000bcb9a Faulting process id: 0x8c4 Faulting application
start time: 0x01cc6cc474e2fd9e Faulting application path: C:\Program Files (x86)\Spyware
Doctor\pctsSvc.exe Faulting module path: C:\Program Files (x86)\Spyware Doctor\avengine\SDAVgate.dll
Report
Id: a4905364-d8b8-11e0-a3b2-0026225eedda

Error - 9/7/2011 1:18:12 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.

Error - 9/7/2011 1:31:16 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/7/2011 1:31:16 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/7/2011 1:31:18 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/7/2011 1:31:19 PM | Computer Name = Dragon | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 6/14/2012 8:31:35 PM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 8:31:29 PM - Error connecting to the internet. 8:31:29 PM - Unable
to contact server..

Error - 6/14/2012 9:31:47 PM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 9:31:42 PM - Error connecting to the internet. 9:31:42 PM - Unable
to contact server..

Error - 6/15/2012 6:55:16 AM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 6:55:16 AM - Error connecting to the internet. 6:55:16 AM - Unable
to contact server..

Error - 6/15/2012 6:55:29 AM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 6:55:21 AM - Error connecting to the internet. 6:55:21 AM - Unable
to contact server..

Error - 6/15/2012 7:55:36 AM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 7:55:36 AM - Error connecting to the internet. 7:55:36 AM - Unable
to contact server..

Error - 6/15/2012 7:55:45 AM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 7:55:41 AM - Error connecting to the internet. 7:55:41 AM - Unable
to contact server..

Error - 6/15/2012 6:53:34 PM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 6:53:21 PM - Error connecting to the internet. 6:53:21 PM - Unable
to contact server..

Error - 6/15/2012 7:53:46 PM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 7:53:40 PM - Error connecting to the internet. 7:53:40 PM - Unable
to contact server..

Error - 6/15/2012 8:53:57 PM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 8:53:52 PM - Error connecting to the internet. 8:53:52 PM - Unable
to contact server..

Error - 6/15/2012 9:54:08 PM | Computer Name = Dragon | Source = MCUpdate | ID = 0
Description = 9:54:03 PM - Error connecting to the internet. 9:54:03 PM - Unable
to contact server..

[ System Events ]
Error - 7/1/2012 8:18:20 AM | Computer Name = Dragon | Source = ipnathlp | ID = 31004
Description =

Error - 7/1/2012 8:36:26 AM | Computer Name = Dragon | Source = ipnathlp | ID = 31004
Description =

Error - 7/1/2012 12:41:07 PM | Computer Name = Dragon | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:39:04 PM on ?7/?1/?2012 was unexpected.

Error - 7/1/2012 12:41:08 PM | Computer Name = DRAGON | Source = BugCheck | ID = 1001
Description =

Error - 7/1/2012 12:41:00 PM | Computer Name = Dragon | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 7/1/2012 12:42:21 PM | Computer Name = Dragon | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
TfFsMon TFSysMon

Error - 7/1/2012 12:42:39 PM | Computer Name = Dragon | Source = ipnathlp | ID = 30013
Description =

Error - 7/1/2012 12:42:40 PM | Computer Name = Dragon | Source = Microsoft Antimalware | ID = 5101
Description = %%860 grace period has expired. Protection against viruses, spyware,
and other potentially unwanted software is disabled. Expiration Reason: %%873 Expiration
Date (UTC): ?7/?1/?2012 4:42:40 PM Error Code: 0x80092003 Error Description: An error
occurred while reading or writing to a file.

Error - 7/1/2012 12:43:04 PM | Computer Name = Dragon | Source = Service Control Manager | ID = 7023
Description = The Microsoft Antimalware Service service terminated with the following
error: %%-2147017840

Error - 7/1/2012 12:47:23 PM | Computer Name = Dragon | Source = ipnathlp | ID = 31004
Description =


< End of report >
 
Also have a flight simulator X in programs list, that I cannot uninstall. Went to the file location, and there is nothing in the folder for Microsoft Games. FYI: The Flight simulator X folder is not there, but the program is still in the list and won't uninstall. But other than this, computer seems to run fine at times, other times it is sluggish and uses a consistant 50-69% usage on the processors which does not make things fast and efficient for gamming.
 
I recently noticed a program called Babylon on my computer, researched it and it is a communications translation program. (this file type could be a trojan or virus.) Allthough cases are rare; it did however, raise my suspicion levels. ( I get random blue screens and my computer shuts itself down sometimes in normal mode - Rarely) And I believe this is from a battery that has lost its juice. Thanks for your help.
 
One last thing. This computer will not install microsoft service pack one with success. It constatantly fails when I try to install it. I wish to keep all of my files and use them and do not want to format to get success. ( have a feeling that this pack would be usefull for my computer usage percentage. ) Not sure if it is important to have, but the computer seems to think so. lol
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni
Julio Franco
Could artificial intelligence be about to take over your job?
Replies
0
Views
540
Julio Franco
Julio Franco

Latest posts

Back