Solved Computer runs slow

L

lemowill

Posts: 123   +0
Here are the logs - gmer didn't produce anything.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300m

www.malwarebytes.org

Database version: v2012.09.10.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Psycho Dunpeal :: EVANGELION [administrator]

Protection: Enabled

10/09/2012 01:06:55 AM
mbam-log-2012-09-10 (01-06-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253676
Time elapsed: 49 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 14/03/2008 02:16:31 AM
System Uptime: 08/09/2012 09:41:14 AM (39 hours ago)
.
Motherboard: Quanta | | 30D0
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-62 | Socket S1 | 800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 219 GiB total, 89.092 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 2.253 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2272: 09/09/2012 03:04:26 AM - Windows Update
.
==== Installed Programs ======================
.
Acrobat.com
ActiveCheck component for HP Active Support Library
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader X (10.1.4)
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIO_Scan
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
µTorrent
AuthenTec Fingerprint Sensor Minimum Install
Avira Free Antivirus
AviSynth 2.5
BE Limited III
Byki
Byki Express for Lemuel Williams
Call Graph
Carbonite Online Backup Setup
Cards_Calendar_OrderGift_DoMorePlugout
CCScore
CDisplay 1.8
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CleanUp!
Combined Community Codec Pack 2009-09-09
Compatibility Pack for the 2007 Office system
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeskScapes
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
DVD Suite
DVD43 Plug-in v1.0.0.5
EA Link
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ESU for Microsoft Vista
fflink
Free M4a to MP3 Converter 7.0
Free Video Flip and Rotate version 1.8.12.602
GetDataBack for FAT
Google App Engine
Google Chrome
Google Drive
Google Earth Plug-in
Google Gears
Google Talk Plugin
Google Update Helper
Haali Media Splitter
Handbrake 0.9.4
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hide My IP 5.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.7
HP Smart Web Printing
HP Update
HP User Guides 0087
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabel_Tattoo
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotosmartEssential
HPPhotoSmartPhotobookHolidayPack1
HPPhotoSmartPhotobookModernPack1
HPPhotoSmartPhotobookPlayfulPack1
HPPhotoSmartPhotobookScrapbookPack1
HPPhotoSmartPhotobookWebPack1
iPhone Configuration Utility
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Junk Mail filter update
KC Softwares SUMo
KeyHoleTV
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
LabelPrint
LightScribe Diagnostic Utility
LightScribe System Software
LogonStudio Vista
Machete Lite 3.6
Magic DVD Ripper V5.4.1
Magical Jelly Bean KeyFinder
magicJack
Malwarebytes Anti-Malware version 1.62.0.1300
Maxthon 3
Media Go
Media Go Video Playback Engine 1.84.111.07020
Mesh Runtime
Messenger Companion
Messenger Plus! 5
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (English) 2010
Microsoft Office Project Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Social Connector 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft Project 2010 Service Pack 1 (SP1)
Microsoft Project Professional 2010
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visio 2010 Service Pack 1 (SP1)
Microsoft Visio Premium 2010
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
MiniTool Partition Wizard Home Edition 7.0
Mozilla Firefox 4.0 (x86 en-US)
Mozilla Firefox 4.0b7 (x86 en-US)
MSCU for Microsoft Vista
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
muvee autoProducer 6.1
muvee Reveal Seagate Edition
My HP Games
MyPhoneExplorer
netbrdg
NetWaiting
Notepad++
Octoshape add-in for Adobe Flash Player
OfotoXMI
ooVoo
Orb Runtime libraries
PC Suite for Sony Ericsson
PDF Settings
PlayStation(R)Network Downloader
PlayStation(R)Store
Power2Go
PowerDirector
PowerISO
PS_AIO_Software_min
PS3ThemeCreator
PSP Video 9 5.04
PSSWCORE
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RockMelt
Safari
Samsung PC Studio 3 USB Driver Installer
Scan
Seagate Manager Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Segoe UI
SFR
SHARP MX-M550/620/700 Series PC-Fax Driver
SHARP PCL6 T1 Printer Driver
SHARP PS T1 Printer Driver
SHASTA
skin0001
SKINXSDK
Skype™ 5.10
SlingPlayer
Sony Ericsson Themes Creator 4.16.2.6
Sony Ericsson Update Engine
Sony Ericsson Update Service
Sony PC Companion 2.10.030
Soundman 1.7.0
SpeedFan (remove only)
Spelling Dictionaries Support For Adobe Reader 9
SPSS 16.0 for Windows
staticcr
The Core Media Player 4.0
TomTom HOME 2.7.6.2056
TomTom HOME Visual Studio Merge Modules
Toolbox
TurboTax Audit Support Center 3.0
TVersity Codec Pack 1.4
TVersity Media Server 1.9.3
Uninstall CDisplay
Universal Extractor 1.6.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
Virtual DJ - Atomix Productions
Visual C++ 8.0 Runtime Setup Package (x64)
VLC
VLC media player 1.1.11
VNC Free Edition 4.1.3
Vongo
VPRINTOL
Winamp
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinRAR archiver
WIRELESS
Xilisoft Download YouTube Video
yacib Portable Mp3
Yahoo! Messenger
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
09/09/2012 05:31:14 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the stisvc service.
09/09/2012 03:29:33 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Works 9 (KB2680317).
09/09/2012 03:01:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the W32Time service.
09/09/2012 03:01:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
08/09/2012 10:25:54 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
08/09/2012 10:18:32 PM, Error: Service Control Manager [7034] - The Biometric Authentication Service service terminated unexpectedly. It has done this 1 time(s).
08/09/2012 03:04:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
08/09/2012 03:04:09 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/09/2012 03:03:08 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanWorkstation service.
08/09/2012 02:17:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
08/09/2012 02:17:43 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/09/2012 02:17:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
08/09/2012 02:16:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Flash Player Update Service service to connect.
08/09/2012 02:16:13 PM, Error: Service Control Manager [7000] - The Adobe Flash Player Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
08/09/2012 01:51:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
07/09/2012 09:46:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the netprofm service.
07/09/2012 09:45:18 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the fdPHost service.
07/09/2012 01:29:47 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
06/09/2012 10:40:28 PM, Error: Microsoft-Windows-LanguagePackSetup [1001] - Application initialization failed. Last error: 0x80070032
06/09/2012 10:39:33 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
06/09/2012 10:37:27 PM, Error: Service Control Manager [7023] -
06/09/2012 10:36:27 PM, Error: Microsoft-Windows-HttpEvent [15021] - An error occured while using SSL configuration for socket address 0.0.0.0:4482. The error status code is contained within the returned data.
06/09/2012 09:01:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
06/09/2012 09:00:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
06/09/2012 06:11:30 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
05/09/2012 12:08:01 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer BROWNSUGAR that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}. The master browser is stopping or an election is being forced.
05/09/2012 12:01:01 AM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
05/09/2012 05:56:08 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer DARKNESS-HP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}. The master browser is stopping or an election is being forced.
04/09/2012 11:15:58 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SONY-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}. The master browser is stopping or an election is being forced.
04/09/2012 05:50:09 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on K: cannot be read.
04/09/2012 05:50:00 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on G: cannot be read.
04/09/2012 01:20:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.10.101 for the Network Card with network address 001F3A4F1537 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
03/09/2012 02:03:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Eventlog service.
03/09/2012 01:52:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

========================================

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==========================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
01:43:05.0728 11316 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
01:43:06.0572 11316 ============================================================
01:43:06.0573 11316 Current date / time: 2012/09/15 01:43:06.0572
01:43:06.0573 11316 SystemInfo:
01:43:06.0573 11316
01:43:06.0573 11316 OS Version: 6.0.6002 ServicePack: 2.0
01:43:06.0573 11316 Product type: Workstation
01:43:06.0574 11316 ComputerName: EVANGELION
01:43:06.0574 11316 UserName: Psycho Dunpeal
01:43:06.0574 11316 Windows directory: C:\Windows
01:43:06.0574 11316 System windows directory: C:\Windows
01:43:06.0574 11316 Running under WOW64
01:43:06.0574 11316 Processor architecture: Intel x64
01:43:06.0574 11316 Number of processors: 2
01:43:06.0574 11316 Page size: 0x1000
01:43:06.0574 11316 Boot type: Normal boot
01:43:06.0574 11316 ============================================================
01:43:09.0086 11316 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:43:09.0166 11316 ============================================================
01:43:09.0166 11316 \Device\Harddisk0\DR0:
01:43:09.0167 11316 MBR partitions:
01:43:09.0167 11316 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1B6D92A5
01:43:09.0167 11316 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B6D92E4, BlocksNum 0x1AEB29D
01:43:09.0167 11316 ============================================================
01:43:09.0201 11316 C: <-> \Device\Harddisk0\DR0\Partition1
01:43:09.0250 11316 D: <-> \Device\Harddisk0\DR0\Partition2
01:43:09.0251 11316 ============================================================
01:43:09.0254 11316 Initialize success
01:43:09.0254 11316 ============================================================
01:43:15.0955 15944 ============================================================
01:43:15.0956 15944 Scan started
01:43:15.0956 15944 Mode: Manual;
01:43:15.0956 15944 ============================================================
01:43:18.0399 15944 ================ Scan system memory ========================
01:43:18.0399 15944 System memory - ok
01:43:18.0403 15944 ================ Scan services =============================
01:43:18.0849 15944 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
01:43:18.0857 15944 ACPI - ok
01:43:18.0979 15944 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:43:18.0982 15944 AdobeARMservice - ok
01:43:19.0317 15944 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:43:19.0322 15944 AdobeFlashPlayerUpdateSvc - ok
01:43:19.0557 15944 [ 9137451D37BA1C325CD6C2DEF3D2D692 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:43:19.0568 15944 adp94xx - ok
01:43:19.0616 15944 [ 01F80898DF5CC7DF19B3B11351846263 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:43:19.0623 15944 adpahci - ok
01:43:19.0979 15944 [ DA001DB13FFF45DFE9109936E265B7CC ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
01:43:19.0983 15944 adpu160m - ok
01:43:20.0022 15944 [ 2B10C35C5B7C5C0C28F572E035319602 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:43:20.0026 15944 adpu320 - ok
01:43:20.0143 15944 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:43:20.0145 15944 AeLookupSvc - ok
01:43:20.0213 15944 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
01:43:20.0223 15944 AFD - ok
01:43:20.0262 15944 [ 5CCDD13BC602AE33CD8B62D33C29AB72 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:43:20.0264 15944 agp440 - ok
01:43:20.0300 15944 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
01:43:20.0303 15944 aic78xx - ok
01:43:20.0412 15944 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
01:43:20.0416 15944 ALG - ok
01:43:20.0498 15944 [ 157D0898D4B73F075CE9FA26B482DF98 ] aliide C:\Windows\system32\drivers\aliide.sys
01:43:20.0499 15944 aliide - ok
01:43:20.0549 15944 [ 970FA5059E61E30D25307B99903E991E ] amdide C:\Windows\system32\drivers\amdide.sys
01:43:20.0551 15944 amdide - ok
01:43:20.0590 15944 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
01:43:20.0592 15944 AmdK8 - ok
01:43:20.0711 15944 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
01:43:20.0714 15944 AntiVirSchedulerService - ok
01:43:20.0781 15944 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
01:43:20.0784 15944 AntiVirService - ok
01:43:20.0850 15944 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
01:43:20.0853 15944 Appinfo - ok
01:43:20.0967 15944 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:43:20.0971 15944 Apple Mobile Device - ok
01:43:21.0044 15944 [ 3DA98C07B18A676180FE7EED924D1673 ] AppMgmt C:\Windows\System32\appmgmts.dll
01:43:21.0050 15944 AppMgmt - ok
01:43:21.0173 15944 [ 2E8623F2FED998A97129A3DB919551C8 ] arc C:\Windows\system32\drivers\arc.sys
01:43:21.0176 15944 arc - ok
01:43:21.0215 15944 [ 741A003C041A3EC480A2E71AF71E9654 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:43:21.0217 15944 arcsas - ok
01:43:21.0266 15944 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:43:21.0269 15944 AsyncMac - ok
01:43:21.0337 15944 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
01:43:21.0338 15944 atapi - ok
01:43:21.0510 15944 [ 7392080816811F6500FF685B8DB66D7F ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:43:21.0532 15944 athr - ok
01:43:21.0599 15944 [ A16DA1048A7141D96A96AAAFC483E68D ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
01:43:21.0605 15944 ATSWPDRV - ok
01:43:21.0727 15944 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
01:43:21.0739 15944 AudioEndpointBuilder - ok
01:43:21.0825 15944 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
01:43:21.0835 15944 AudioSrv - ok
01:43:21.0870 15944 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
01:43:21.0873 15944 avgntflt - ok
01:43:22.0011 15944 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
01:43:22.0015 15944 avipbb - ok
01:43:22.0044 15944 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
01:43:22.0046 15944 avkmgr - ok
01:43:22.0137 15944 [ 359EA3F7F297F61F773568D6EF5635CF ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:43:22.0140 15944 AxInstSV - ok
01:43:22.0418 15944 [ A2160C5D70F3517FC7356B689ABD6FCD ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl664.sys
01:43:22.0467 15944 BCM43XV - ok
01:43:22.0630 15944 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
01:43:22.0684 15944 BFE - ok
01:43:22.0876 15944 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\System32\qmgr.dll
01:43:22.0900 15944 BITS - ok
01:43:22.0916 15944 blbdrive - ok
01:43:23.0076 15944 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
01:43:23.0086 15944 Bonjour Service - ok
01:43:23.0143 15944 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:43:23.0147 15944 bowser - ok
01:43:23.0240 15944 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
01:43:23.0241 15944 BrFiltLo - ok
01:43:23.0304 15944 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
01:43:23.0305 15944 BrFiltUp - ok
01:43:23.0351 15944 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
01:43:23.0355 15944 Browser - ok
01:43:23.0433 15944 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
01:43:23.0435 15944 Brserid - ok
01:43:23.0513 15944 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
01:43:23.0515 15944 BrSerWdm - ok
01:43:23.0588 15944 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
01:43:23.0590 15944 BrUsbMdm - ok
01:43:23.0627 15944 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
01:43:23.0630 15944 BrUsbSer - ok
01:43:23.0700 15944 [ 09F926A0D9C0BAFD8417A4307D2ED13C ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
01:43:23.0702 15944 BthEnum - ok
01:43:23.0722 15944 [ 72F70A38BB15252EB7C4DA7BA3BD4ED1 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
01:43:23.0725 15944 BTHMODEM - ok
01:43:23.0799 15944 [ BEFC5311736B475AC5B60C14FF7C775A ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:43:23.0803 15944 BthPan - ok
01:43:24.0073 15944 [ E1466882252FF51EDDE48C3F7EDA2591 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
01:43:24.0085 15944 BTHPORT - ok
01:43:24.0245 15944 [ 22E65FFD640F16968F855F5B3528D366 ] BthServ C:\Windows\System32\bthserv.dll
01:43:24.0249 15944 BthServ - ok
01:43:24.0269 15944 [ 970192CDED77A128E7E30722E5EE6B9C ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
01:43:24.0272 15944 BTHUSB - ok
01:43:24.0385 15944 [ 5C73E29F176A0A258EF2D339C1BD9E3E ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
01:43:24.0387 15944 btwaudio - ok
01:43:24.0450 15944 [ 73B4341807E3398DAC73102E4709ECB0 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
01:43:24.0453 15944 btwavdt - ok
01:43:24.0503 15944 [ DA0386AED062087147A4A9E09A23F6F1 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
01:43:24.0505 15944 btwrchid - ok
01:43:24.0582 15944 [ 942BD3CB0933FEBD194B42D4E489C246 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
01:43:24.0588 15944 CAXHWAZL - ok
01:43:24.0667 15944 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:43:24.0671 15944 cdfs - ok
01:43:24.0733 15944 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
01:43:24.0735 15944 cdrom - ok
01:43:24.0807 15944 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
01:43:24.0828 15944 CertPropSvc - ok
01:43:24.0900 15944 [ F28F00596824058BC61D5EDF434C9B82 ] circlass C:\Windows\system32\drivers\circlass.sys
01:43:24.0902 15944 circlass - ok
01:43:24.0954 15944 [ 2C0F16506BCBC80097D58099BC6BE4C0 ] CISVC C:\Windows\system32\CISVC.EXE
01:43:24.0957 15944 CISVC - ok
01:43:25.0012 15944 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
01:43:25.0022 15944 CLFS - ok
01:43:25.0132 15944 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:43:25.0136 15944 clr_optimization_v2.0.50727_32 - ok
01:43:25.0337 15944 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:43:25.0342 15944 clr_optimization_v2.0.50727_64 - ok
01:43:25.0463 15944 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:43:25.0467 15944 clr_optimization_v4.0.30319_32 - ok
01:43:25.0559 15944 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:43:25.0563 15944 clr_optimization_v4.0.30319_64 - ok
01:43:25.0623 15944 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
01:43:25.0627 15944 CmBatt - ok
01:43:25.0716 15944 [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide C:\Windows\system32\drivers\cmdide.sys
01:43:25.0718 15944 cmdide - ok
01:43:25.0771 15944 [ 5A220D86C6E0DD92EA0EA157ED3CA267 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
01:43:25.0777 15944 CnxtHdAudService - ok
01:43:25.0881 15944 [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
01:43:25.0885 15944 Com4Qlb - ok
01:43:25.0953 15944 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
01:43:25.0955 15944 Compbatt - ok
01:43:25.0987 15944 COMSysApp - ok
01:43:26.0072 15944 [ B1192DCD5B9CF46BEED0E2A9E5BCF59A ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
01:43:26.0074 15944 crcdisk - ok
01:43:26.0175 15944 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:43:26.0181 15944 CryptSvc - ok
01:43:26.0263 15944 [ F60F50C8ED3FCBE358430B95FE27D09C ] CSC C:\Windows\system32\drivers\csc.sys
01:43:26.0283 15944 CSC - ok
01:43:26.0484 15944 [ 1B5F256D31836ED2BA60B3A6C800200C ] CscService C:\Windows\System32\cscsvc.dll
01:43:26.0498 15944 CscService - ok
01:43:26.0684 15944 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
01:43:26.0714 15944 DcomLaunch - ok
01:43:26.0780 15944 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
01:43:26.0784 15944 DfsC - ok
01:43:27.0391 15944 [ C647F468F7DE343DF8C143655C5557D4 ] DFSR C:\Windows\system32\DFSR.exe
01:43:27.0465 15944 DFSR - ok
01:43:27.0629 15944 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
01:43:27.0637 15944 Dhcp - ok
01:43:27.0744 15944 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
01:43:27.0747 15944 disk - ok
01:43:27.0806 15944 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:43:27.0812 15944 Dnscache - ok
01:43:27.0884 15944 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
01:43:27.0891 15944 dot3svc - ok
01:43:28.0090 15944 [ 74C02B1717740C3B8039539E23E4B53F ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
01:43:28.0093 15944 Dot4 - ok
01:43:28.0214 15944 [ 08321D1860235BF42CF2854234337AEA ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
01:43:28.0216 15944 Dot4Print - ok
01:43:28.0325 15944 [ 4ADCCF0124F2B6911D3786A5D0E779E5 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
01:43:28.0327 15944 dot4usb - ok
01:43:28.0429 15944 [ 5BC1D876DFD53C31C5FC65D2E9614015 ] DpHost C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
01:43:28.0437 15944 DpHost - ok
01:43:28.0474 15944 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
01:43:28.0481 15944 DPS - ok
01:43:28.0565 15944 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:43:28.0567 15944 drmkaud - ok
01:43:29.0044 15944 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:43:29.0062 15944 DXGKrnl - ok
01:43:29.0207 15944 [ D57FE09B575545738A73A0C193D0616A ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
01:43:29.0211 15944 E1G60 - ok
01:43:29.0331 15944 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
01:43:29.0336 15944 EapHost - ok
01:43:29.0377 15944 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
01:43:29.0382 15944 Ecache - ok
01:43:29.0823 15944 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
01:43:29.0832 15944 ehRecvr - ok
01:43:29.0957 15944 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
01:43:29.0962 15944 ehSched - ok
01:43:30.0071 15944 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
01:43:30.0073 15944 ehstart - ok
01:43:30.0238 15944 [ 3D6298AFF3FE06C0616CE5D090A3EEAA ] elxstor C:\Windows\system32\drivers\elxstor.sys
01:43:30.0246 15944 elxstor - ok
01:43:30.0622 15944 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
01:43:30.0633 15944 EMDMgmt - ok
01:43:31.0288 15944 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
01:43:31.0298 15944 EventSystem - ok
01:43:31.0462 15944 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
01:43:31.0468 15944 exfat - ok
01:43:31.0659 15944 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:43:31.0706 15944 fastfat - ok
01:43:32.0216 15944 [ 989A776A2FF32A148FCF15C44058B129 ] Fax C:\Windows\system32\fxssvc.exe
01:43:32.0232 15944 Fax - ok
01:43:32.0418 15944 [ 61B6DBD1AD1143F008364D4E9A96B224 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
01:43:32.0420 15944 fdc - ok
01:43:32.0638 15944 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
01:43:32.0878 15944 fdPHost - ok
01:43:33.0158 15944 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
01:43:33.0248 15944 FDResPub - ok
01:43:33.0391 15944 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:43:33.0585 15944 FileInfo - ok
01:43:33.0773 15944 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:43:33.0776 15944 Filetrace - ok
01:43:34.0593 15944 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
01:43:35.0250 15944 FLEXnet Licensing Service - ok
01:43:35.0467 15944 [ 12C3D1B4D0CE49E1CE343BA2F22F15E0 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
01:43:35.0468 15944 flpydisk - ok
01:43:35.0772 15944 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:43:36.0047 15944 FltMgr - ok
01:43:37.0255 15944 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
01:43:38.0607 15944 FontCache - ok
01:43:39.0147 15944 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:43:39.0150 15944 FontCache3.0.0.0 - ok
01:43:39.0619 15944 [ 81B4A2C6C9BD17FFB6031A0A61C09764 ] FreeAgentGoNext Service C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
01:43:39.0789 15944 FreeAgentGoNext Service - ok
01:43:39.0924 15944 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
01:43:39.0926 15944 fssfltr - ok
01:43:41.0736 15944 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
01:43:41.0766 15944 fsssvc - ok
01:43:42.0013 15944 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:43:42.0047 15944 Fs_Rec - ok
01:43:42.0163 15944 [ 849E38DB7D829962D0233A0A252B60C3 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:43:42.0408 15944 fvevol - ok
01:43:42.0655 15944 [ B54520CC7B4B55134D7527B1CD3FC1F2 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:43:42.0657 15944 gagp30kx - ok
01:43:43.0488 15944 [ 58F9EE8357271A5529CCCBD35A80E599 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
01:43:43.0494 15944 GameConsoleService - ok
01:43:43.0615 15944 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:43:43.0617 15944 GEARAspiWDM - ok
01:43:43.0783 15944 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys
01:43:43.0906 15944 ggflt - ok
01:43:44.0024 15944 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys
01:43:44.0026 15944 ggsemc - ok
01:43:44.0450 15944 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
01:43:45.0062 15944 gpsvc - ok
01:43:45.0488 15944 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9baeb3641e9a0 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:43:45.0546 15944 gupdate1c9baeb3641e9a0 - ok
01:43:45.0679 15944 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:43:45.0683 15944 gupdatem - ok
01:43:46.0211 15944 [ 1103D2096037FECDDF254DBD7ED16A85 ] hcw85bda C:\Windows\system32\drivers\HCW85BDA.sys
01:43:46.0236 15944 hcw85bda - ok
01:43:46.0431 15944 [ C187C2A98D3E98000D11F86AD3C224F6 ] HdAudAddService C:\Windows\system32\drivers\CHDART64.sys
01:43:46.0436 15944 HdAudAddService - ok
01:43:46.0907 15944 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
01:43:46.0926 15944 HDAudBus - ok
01:43:47.0029 15944 [ 39F7D79B3401BE029D8451F761D30331 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
01:43:47.0031 15944 HidBth - ok
01:43:47.0159 15944 [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr C:\Windows\system32\drivers\hidir.sys
01:43:47.0161 15944 HidIr - ok
01:43:47.0263 15944 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
01:43:47.0281 15944 hidserv - ok
01:43:47.0401 15944 [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
01:43:47.0421 15944 HidUsb - ok
01:43:47.0540 15944 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
01:43:47.0599 15944 hkmsvc - ok
01:43:47.0906 15944 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
01:43:47.0909 15944 HP Health Check Service - ok
01:43:48.0063 15944 [ 8EDC820115DF1E04763B2923676EA5B2 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
01:43:48.0065 15944 HpCISSs - ok
01:43:48.0646 15944 [ A30E97371E38EF45B0757561B2796733 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
01:43:48.0651 15944 hpqcxs08 - ok
01:43:48.0753 15944 [ 0ECC54FD34D6A089C300846B011E81D6 ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
01:43:48.0848 15944 HpqKbFiltr - ok
01:43:49.0155 15944 [ E53D53D66D61794AF8160741946D0B43 ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
01:43:49.0216 15944 HpqRemHid - ok
01:43:49.0535 15944 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
01:43:49.0539 15944 hpqwmiex - ok
01:43:49.0746 15944 [ 57BA73B5B321291E5114CB21350E1EA0 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL6.SYS
01:43:49.0753 15944 HSFHWAZL - ok
01:43:50.0899 15944 [ DDA869537AE9CE501954CB7793134D96 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
01:43:50.0929 15944 HSF_DPV - ok
01:43:51.0742 15944 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:43:51.0756 15944 HTTP - ok
01:43:52.0014 15944 [ F2901763845570ECAC48E6A50EC50812 ] i2omp C:\Windows\system32\drivers\i2omp.sys
01:43:52.0016 15944 i2omp - ok
01:43:52.0402 15944 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
01:43:52.0405 15944 i8042prt - ok
01:43:52.0598 15944 [ 72C3EE7EA3CD75A772E62AE0E5DF8B8C ] iaStorV C:\Windows\system32\drivers\iastorv.sys
01:43:52.0605 15944 iaStorV - ok
01:43:53.0476 15944 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
01:43:53.0479 15944 IDriverT - ok
01:43:54.0385 15944 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:43:54.0402 15944 idsvc - ok
01:43:54.0544 15944 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:43:54.0546 15944 iirsp - ok
01:43:54.0905 15944 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
01:43:55.0151 15944 IKEEXT - ok
01:43:55.0232 15944 [ 36A266C673812878996F72B200203FBB ] intelide C:\Windows\system32\drivers\intelide.sys
01:43:55.0312 15944 intelide - ok
01:43:55.0436 15944 [ CD802075728E514548841DCC3F8B0220 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
01:43:55.0438 15944 intelppm - ok
01:43:55.0576 15944 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
01:43:55.0613 15944 IPBusEnum - ok
01:43:55.0782 15944 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:43:55.0785 15944 IpFilterDriver - ok
01:43:55.0977 15944 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:43:56.0102 15944 iphlpsvc - ok
01:43:56.0144 15944 IpInIp - ok
01:43:56.0436 15944 [ EACDBBE429C6D170BDEEE0EFFCBC317B ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
01:43:56.0439 15944 IPMIDRV - ok
01:43:56.0604 15944 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
01:43:56.0608 15944 IPNAT - ok
01:43:57.0515 15944 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:43:57.0536 15944 iPod Service - ok
01:43:57.0866 15944 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:43:58.0006 15944 IRENUM - ok
01:43:58.0233 15944 [ D3BB520B31F28C1A065CD058E762EE73 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:43:58.0235 15944 isapnp - ok
01:43:58.0548 15944 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
01:43:58.0553 15944 iScsiPrt - ok
01:43:58.0814 15944 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
01:43:58.0816 15944 iteatapi - ok
01:43:58.0863 15944 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
01:43:58.0865 15944 iteraid - ok
01:43:59.0249 15944 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
01:43:59.0251 15944 kbdclass - ok
01:43:59.0493 15944 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
01:43:59.0494 15944 kbdhid - ok
01:43:59.0681 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
01:43:59.0770 15944 KeyIso - ok
01:44:00.0183 15944 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:44:00.0451 15944 KSecDD - ok
01:44:00.0631 15944 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:44:00.0634 15944 ksthunk - ok
01:44:01.0006 15944 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
01:44:01.0147 15944 KtmRm - ok
01:44:01.0265 15944 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
01:44:01.0278 15944 LanmanServer - ok
01:44:01.0396 15944 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:44:01.0542 15944 LanmanWorkstation - ok
01:44:01.0786 15944 [ 6E7B4E75E8A226EDC8A9A8B1C3510F9B ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
01:44:01.0789 15944 LightScribeService - ok
01:44:01.0960 15944 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:44:01.0963 15944 lltdio - ok
01:44:02.0453 15944 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:44:02.0464 15944 lltdsvc - ok
01:44:02.0541 15944 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:44:02.0617 15944 lmhosts - ok
01:44:02.0829 15944 [ 1572F8D999C0AB4376AFDCE058A78DF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
01:44:02.0832 15944 LSI_FC - ok
01:44:03.0035 15944 [ 64470979C3E3C9FF60EDFB5230C56E0E ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:44:03.0038 15944 LSI_SAS - ok
01:44:03.0094 15944 [ 4CED7D3B54BFC5BBAE75C4A73C7F7428 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:44:03.0096 15944 LSI_SCSI - ok
01:44:03.0265 15944 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
01:44:03.0272 15944 luafv - ok
01:44:04.0039 15944 [ C7039D97DCD940ABA7CDF2074DE828CA ] LVcKap64 C:\Windows\system32\DRIVERS\LVcKap64.sys
01:44:04.0071 15944 LVcKap64 - ok
01:44:04.0215 15944 [ 254B2D815D90942E8AE5D84640FC8E4C ] LVCOMSer C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe
01:44:04.0251 15944 LVCOMSer - ok
01:44:04.0409 15944 [ 5AC4CD0E92449213E338CD1CBCB0FB7A ] LVMVDrv C:\Windows\system32\DRIVERS\LVMVDrv.sys
01:44:04.0453 15944 LVMVDrv - ok
01:44:04.0527 15944 [ 8D53FE6DDD9855189A823C2A6A99A65F ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys
01:44:04.0529 15944 LVPr2M64 - ok
01:44:04.0614 15944 [ EE0A3A04E1DB4FC5D376E4E5E3FDB224 ] LVPrcS64 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
01:44:04.0619 15944 LVPrcS64 - ok
01:44:04.0676 15944 [ B409D1C5FE799A8706E38653671A9688 ] LVSrvLauncher C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
01:44:04.0680 15944 LVSrvLauncher - ok
01:44:04.0724 15944 [ 0034F69D0007D3F77F6B96FA51228E85 ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
01:44:04.0729 15944 LVUSBS64 - ok
01:44:04.0786 15944 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:44:04.0792 15944 MBAMProtector - ok
01:44:05.0081 15944 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:44:05.0132 15944 MBAMScheduler - ok
01:44:05.0263 15944 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:44:05.0357 15944 MBAMService - ok
01:44:05.0402 15944 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
01:44:05.0411 15944 Mcx2Svc - ok
01:44:05.0500 15944 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
01:44:05.0556 15944 mdmxsdk - ok
01:44:05.0668 15944 [ 2F631C2939D5F2E8958935EE701D70D7 ] megasas C:\Windows\system32\drivers\megasas.sys
01:44:05.0671 15944 megasas - ok
01:44:05.0776 15944 Microsoft SharePoint Workspace Audit Service - ok
01:44:05.0825 15944 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
01:44:05.0914 15944 MMCSS - ok
01:44:05.0944 15944 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
01:44:05.0947 15944 Modem - ok
01:44:05.0984 15944 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:44:05.0994 15944 monitor - ok
01:44:06.0062 15944 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
01:44:06.0064 15944 mouclass - ok
01:44:06.0144 15944 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
01:44:06.0148 15944 mouhid - ok
01:44:06.0217 15944 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
01:44:06.0233 15944 MountMgr - ok
01:44:06.0362 15944 [ ED48EAC719EE28DB773359EB1B06E2B5 ] mpio C:\Windows\system32\drivers\mpio.sys
01:44:06.0365 15944 mpio - ok
01:44:06.0493 15944 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:44:06.0496 15944 mpsdrv - ok
01:44:06.0557 15944 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
01:44:06.0581 15944 MpsSvc - ok
01:44:06.0663 15944 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
01:44:06.0666 15944 Mraid35x - ok
01:44:06.0741 15944 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:44:06.0748 15944 MRxDAV - ok
01:44:06.0837 15944 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:44:06.0845 15944 mrxsmb - ok
01:44:06.0935 15944 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:44:06.0948 15944 mrxsmb10 - ok
01:44:06.0979 15944 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:44:07.0014 15944 mrxsmb20 - ok
01:44:07.0102 15944 [ EEADF970795148BFBB1DB3ABCC89C16B ] msahci C:\Windows\system32\drivers\msahci.sys
01:44:07.0104 15944 msahci - ok
01:44:07.0224 15944 [ 96D7C0A1B98434C6E4FF0C2E26A0E20A ] msdsm C:\Windows\system32\drivers\msdsm.sys
01:44:07.0227 15944 msdsm - ok
01:44:07.0328 15944 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
01:44:07.0334 15944 MSDTC - ok
01:44:07.0416 15944 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:44:07.0420 15944 Msfs - ok
01:44:07.0475 15944 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:44:07.0483 15944 msisadrv - ok
01:44:07.0681 15944 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:44:07.0687 15944 MSiSCSI - ok
01:44:07.0703 15944 msiserver - ok
01:44:07.0761 15944 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:44:07.0765 15944 MSKSSRV - ok
01:44:07.0862 15944 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:44:07.0881 15944 MSPCLOCK - ok
01:44:07.0915 15944 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:44:07.0919 15944 MSPQM - ok
01:44:08.0005 15944 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:44:08.0018 15944 MsRPC - ok
01:44:08.0088 15944 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
01:44:08.0091 15944 mssmbios - ok
01:44:08.0139 15944 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:44:08.0143 15944 MSTEE - ok
01:44:08.0190 15944 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
01:44:08.0197 15944 Mup - ok
01:44:08.0255 15944 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
01:44:08.0327 15944 napagent - ok
01:44:08.0429 15944 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:44:08.0436 15944 NativeWifiP - ok
01:44:08.0511 15944 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
01:44:08.0537 15944 NDIS - ok
01:44:08.0616 15944 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:44:08.0619 15944 NdisTapi - ok
01:44:08.0692 15944 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:44:08.0695 15944 Ndisuio - ok
01:44:08.0816 15944 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:44:08.0821 15944 NdisWan - ok
01:44:08.0981 15944 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:44:08.0985 15944 NDProxy - ok
01:44:09.0082 15944 [ 59267D2F0328599AA3B5408C2E06126F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
01:44:09.0091 15944 Net Driver HPZ12 - ok
01:44:09.0317 15944 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:44:09.0348 15944 NetBIOS - ok
01:44:09.0429 15944 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
01:44:09.0607 15944 netbt - ok
01:44:09.0660 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
01:44:09.0666 15944 Netlogon - ok
01:44:09.0717 15944 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
01:44:09.0733 15944 Netman - ok
01:44:09.0783 15944 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
01:44:09.0798 15944 netprofm - ok
01:44:09.0881 15944 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
 
01:44:09.0886 15944 NetTcpPortSharing - ok
01:44:09.0977 15944 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:44:09.0980 15944 nfrd960 - ok
01:44:10.0056 15944 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
01:44:10.0068 15944 NlaSvc - ok
01:44:10.0143 15944 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:44:10.0147 15944 Npfs - ok
01:44:10.0184 15944 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
01:44:10.0202 15944 nsi - ok
01:44:10.0275 15944 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:44:10.0279 15944 nsiproxy - ok
01:44:10.0751 15944 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:44:11.0098 15944 Ntfs - ok
01:44:11.0199 15944 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
01:44:11.0216 15944 Null - ok
01:44:11.0520 15944 [ 98350606682594521D56ECCB5D01ECF7 ] NVENETFD C:\Windows\system32\DRIVERS\nvmfdx64.sys
01:44:11.0551 15944 NVENETFD - ok
01:44:12.0724 15944 [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
01:44:13.0261 15944 nvlddmkm - ok
01:44:13.0376 15944 [ 840EEB44DC49317A6161961F7682CD99 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:44:13.0386 15944 nvraid - ok
01:44:13.0435 15944 [ 76B304C8156779D4D39530118ACF1D1A ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
01:44:13.0437 15944 nvsmu - ok
01:44:13.0476 15944 [ 94C5334040A5D500897F4C5FD12AEEDE ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:44:13.0479 15944 nvstor - ok
01:44:13.0634 15944 [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc C:\Windows\system32\nvvsvc.exe
01:44:13.0644 15944 nvsvc - ok
01:44:13.0685 15944 [ AA1B6C86A4763502E20B65C025F39BAD ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:44:13.0689 15944 nv_agp - ok
01:44:13.0731 15944 NwlnkFlt - ok
01:44:13.0749 15944 NwlnkFwd - ok
01:44:13.0809 15944 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
01:44:13.0812 15944 ohci1394 - ok
01:44:13.0928 15944 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:44:13.0936 15944 ose - ok
01:44:14.0723 15944 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
01:44:15.0560 15944 osppsvc - ok
01:44:15.0719 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
01:44:15.0752 15944 p2pimsvc - ok
01:44:15.0819 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
01:44:15.0839 15944 p2psvc - ok
01:44:15.0910 15944 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
01:44:15.0913 15944 Parport - ok
01:44:15.0974 15944 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:44:15.0985 15944 partmgr - ok
01:44:16.0072 15944 [ 5418D3D8A2135C533F232E3C2B83F153 ] pbfilter C:\Program Files\PeerBlock\pbfilter.sys
01:44:16.0074 15944 pbfilter - ok
01:44:16.0289 15944 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
01:44:16.0309 15944 PcaSvc - ok
01:44:16.0391 15944 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
01:44:16.0400 15944 pci - ok
01:44:16.0444 15944 [ 2657F6C0B78C36D95034BE109336E382 ] pciide C:\Windows\system32\drivers\pciide.sys
01:44:16.0448 15944 pciide - ok
01:44:16.0602 15944 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:44:16.0608 15944 pcmcia - ok
01:44:16.0678 15944 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:44:16.0692 15944 PEAUTH - ok
01:44:17.0049 15944 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:44:17.0057 15944 PerfHost - ok
01:44:17.0202 15944 [ 37EA62238E17AE88E4713D9246CA1C1C ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
01:44:17.0224 15944 PID_PEPI - ok
01:44:17.0373 15944 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
01:44:17.0402 15944 pla - ok
01:44:17.0517 15944 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:44:17.0544 15944 PlugPlay - ok
01:44:17.0570 15944 [ 5261A2FD55183AC6993145AB6662CDDF ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
01:44:17.0577 15944 Pml Driver HPZ12 - ok
01:44:17.0698 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
01:44:17.0721 15944 PNRPAutoReg - ok
01:44:17.0819 15944 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
01:44:17.0840 15944 PNRPsvc - ok
01:44:18.0005 15944 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:44:18.0024 15944 PolicyAgent - ok
01:44:18.0128 15944 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:44:18.0132 15944 PptpMiniport - ok
01:44:18.0247 15944 [ 6BC78E5F12CBB74E7930AAAA4A0DB387 ] Processor C:\Windows\system32\drivers\processr.sys
01:44:18.0249 15944 Processor - ok
01:44:18.0337 15944 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
01:44:18.0349 15944 ProfSvc - ok
01:44:18.0394 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
01:44:18.0398 15944 ProtectedStorage - ok
01:44:18.0467 15944 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
01:44:18.0490 15944 PSched - ok
01:44:18.0635 15944 [ CAEA9990B58C9A22B9DBC96E85DB3688 ] PuranDefrag C:\Windows\system32\PuranDefragS.exe
01:44:18.0750 15944 PuranDefrag - ok
01:44:18.0867 15944 [ 595A22C4CCE855E72D475835F3DF2D53 ] pwdrvio C:\Windows\system32\pwdrvio.sys
01:44:18.0874 15944 pwdrvio - ok
01:44:18.0960 15944 [ 70EB529F6FEDAC79D0A8E3BB79999277 ] pwdspio C:\Windows\system32\pwdspio.sys
01:44:18.0967 15944 pwdspio - ok
01:44:19.0071 15944 [ 4A29D25704917161BAD9B4659A248DFD ] ql2300 C:\Windows\system32\drivers\ql2300.sys
01:44:19.0091 15944 ql2300 - ok
01:44:19.0190 15944 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
01:44:19.0194 15944 ql40xx - ok
01:44:19.0379 15944 [ 2D757E14216E643E7885EBC0CFB0B906 ] QPCapSvc C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
01:44:19.0390 15944 QPCapSvc - ok
01:44:19.0424 15944 [ EA8B29EAD23DA9DA2F5DF1DA7C82E308 ] QPSched C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
01:44:19.0429 15944 QPSched - ok
01:44:19.0510 15944 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
01:44:19.0520 15944 QWAVE - ok
01:44:19.0574 15944 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:44:19.0577 15944 QWAVEdrv - ok
01:44:19.0621 15944 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:44:19.0624 15944 RasAcd - ok
01:44:19.0659 15944 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
01:44:19.0667 15944 RasAuto - ok
01:44:19.0745 15944 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:44:19.0749 15944 Rasl2tp - ok
01:44:19.0865 15944 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
01:44:19.0880 15944 RasMan - ok
01:44:19.0910 15944 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:44:19.0914 15944 RasPppoe - ok
01:44:20.0011 15944 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:44:20.0015 15944 RasSstp - ok
01:44:20.0115 15944 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:44:20.0275 15944 rdbss - ok
01:44:20.0376 15944 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
01:44:20.0425 15944 RDPCDD - ok
01:44:20.0485 15944 [ AE23E79B13FEB62939E2CA1189E71735 ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
01:44:20.0493 15944 rdpdr - ok
01:44:20.0511 15944 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
01:44:20.0515 15944 RDPENCDD - ok
01:44:20.0590 15944 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:44:20.0597 15944 RDPWD - ok
01:44:20.0661 15944 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:44:20.0667 15944 RemoteAccess - ok
01:44:20.0710 15944 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:44:20.0719 15944 RemoteRegistry - ok
01:44:20.0750 15944 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
01:44:20.0752 15944 Revoflt - ok
01:44:20.0796 15944 [ CD71E053D7260E4102D99A28F9196070 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:44:20.0829 15944 RFCOMM - ok
01:44:21.0014 15944 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
01:44:21.0024 15944 RichVideo - ok
01:44:21.0073 15944 [ E31960692CBB3A8BCDF300BC1D889E1F ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
01:44:21.0076 15944 rimmptsk - ok
01:44:21.0144 15944 [ 82356915157AB59064A24993AE5BE8AA ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
01:44:21.0147 15944 rimsptsk - ok
01:44:21.0184 15944 RimUsb - ok
01:44:21.0259 15944 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:44:21.0261 15944 RimVSerPort - ok
01:44:21.0327 15944 [ C01A92A546854A3E34103B642F0F94A1 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
01:44:21.0330 15944 rismxdp - ok
01:44:21.0456 15944 [ F913517BB2F3A73EC6B9B65E5DC7B420 ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
01:44:21.0461 15944 RMCAST - ok
01:44:21.0581 15944 [ 6A0CF73B019CBC9255E23C9192EC3702 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
01:44:21.0626 15944 ROOTMODEM - ok
01:44:21.0726 15944 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
01:44:21.0738 15944 RpcLocator - ok
01:44:22.0157 15944 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
01:44:22.0523 15944 RpcSs - ok
01:44:22.0599 15944 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:44:22.0603 15944 rspndr - ok
01:44:22.0660 15944 [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys
01:44:22.0665 15944 s0016bus - ok
01:44:22.0726 15944 [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys
01:44:22.0730 15944 s0016mdfl - ok
01:44:22.0818 15944 [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys
01:44:22.0824 15944 s0016mdm - ok
01:44:22.0880 15944 [ 301FBA4594FB5C0A469299A65106B4AA ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys
01:44:22.0884 15944 s1018bus - ok
01:44:23.0053 15944 [ D1D7C744F79710357E60FC04D125ED01 ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys
01:44:23.0076 15944 s1018mdfl - ok
01:44:23.0182 15944 [ 7DBE12CCCD837D4266B2DDD80A329C09 ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys
01:44:23.0189 15944 s1018mdm - ok
01:44:23.0357 15944 [ 065FF5E62D2D18A6D93FD925546CD549 ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys
01:44:23.0362 15944 s1018mgmt - ok
01:44:23.0443 15944 [ 5101D815BDF0D667E3D5F0EA727CAAEE ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys
01:44:23.0445 15944 s1018nd5 - ok
01:44:23.0484 15944 [ 13F220C65B444AC9BDA49DACFC3230BB ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys
01:44:23.0488 15944 s1018obex - ok
01:44:23.0575 15944 [ CE7D8BCE80211D8A35F6BD7A87791860 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys
01:44:23.0584 15944 s1018unic - ok
01:44:23.0621 15944 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
01:44:23.0625 15944 SamSs - ok
01:44:23.0753 15944 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:44:23.0758 15944 sbp2port - ok
01:44:23.0888 15944 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:44:23.0900 15944 SCardSvr - ok
01:44:23.0954 15944 [ 4DFE7ADB4188F01ACE51F9AA7C6A2924 ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys
01:44:23.0957 15944 SCDEmu - ok
01:44:24.0788 15944 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
01:44:25.0083 15944 Schedule - ok
01:44:25.0313 15944 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:44:25.0317 15944 SCPolicySvc - ok
01:44:25.0443 15944 [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
01:44:25.0447 15944 sdbus - ok
01:44:25.0568 15944 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:44:25.0578 15944 SDRSVC - ok
01:44:25.0738 15944 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
01:44:25.0747 15944 SeaPort - ok
01:44:25.0808 15944 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:44:25.0812 15944 secdrv - ok
01:44:25.0852 15944 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
01:44:25.0858 15944 seclogon - ok
01:44:25.0896 15944 [ EDE7A1D2715AAC2190D51DC07AFD44E3 ] seehcri C:\Windows\system32\DRIVERS\seehcri.sys
01:44:25.0898 15944 seehcri - ok
01:44:25.0972 15944 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\System32\sens.dll
01:44:25.0980 15944 SENS - ok
01:44:26.0016 15944 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
01:44:26.0018 15944 Serenum - ok
01:44:26.0082 15944 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
01:44:26.0086 15944 Serial - ok
01:44:26.0164 15944 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
01:44:26.0166 15944 sermouse - ok
01:44:26.0311 15944 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
01:44:26.0319 15944 SessionEnv - ok
01:44:26.0396 15944 [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
01:44:26.0456 15944 sffdisk - ok
01:44:26.0525 15944 [ 446E7CCA3325C7E0AE0FDE7F73CDD9C2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
01:44:26.0528 15944 sffp_mmc - ok
01:44:26.0582 15944 [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
01:44:26.0593 15944 sffp_sd - ok
01:44:26.0622 15944 [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
01:44:26.0626 15944 sfloppy - ok
01:44:26.0696 15944 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:44:26.0706 15944 SharedAccess - ok
01:44:26.0829 15944 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:44:26.0843 15944 ShellHWDetection - ok
01:44:26.0877 15944 [ 08DDA16573FA44F8B13AFE74597AD2E5 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
01:44:26.0880 15944 SiSRaid2 - ok
01:44:27.0091 15944 [ C52259E9DAAF3890D572D87FFEE0979E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:44:27.0094 15944 SiSRaid4 - ok
01:44:27.0159 15944 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
01:44:27.0166 15944 SkypeUpdate - ok
01:44:27.0928 15944 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
01:44:28.0169 15944 slsvc - ok
01:44:28.0349 15944 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
01:44:28.0359 15944 SLUINotify - ok
01:44:28.0528 15944 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
01:44:28.0532 15944 Smb - ok
01:44:28.0599 15944 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:44:28.0607 15944 SNMPTRAP - ok
01:44:28.0802 15944 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
01:44:28.0806 15944 Sony PC Companion - ok
01:44:28.0937 15944 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
01:44:28.0945 15944 speedfan - ok
01:44:29.0000 15944 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
01:44:29.0004 15944 spldr - ok
01:44:29.0097 15944 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
01:44:29.0112 15944 Spooler - ok
01:44:29.0197 15944 [ 602884696850C86434530790B110E8EB ] sptd C:\Windows\system32\Drivers\sptd.sys
01:44:29.0199 15944 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
01:44:29.0205 15944 sptd ( LockedFile.Multi.Generic ) - warning
01:44:29.0206 15944 sptd - detected LockedFile.Multi.Generic (1)
01:44:29.0287 15944 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
01:44:29.0352 15944 srv - ok
01:44:29.0437 15944 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:44:29.0475 15944 srv2 - ok
01:44:29.0505 15944 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:44:29.0513 15944 srvnet - ok
01:44:29.0588 15944 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:44:29.0602 15944 SSDPSRV - ok
01:44:29.0673 15944 [ 7C1BAC427EC5F9641ED769355B71A674 ] ssm_bus C:\Windows\system32\DRIVERS\ssm_bus.sys
01:44:29.0677 15944 ssm_bus - ok
01:44:29.0756 15944 [ 3B24A09EA547D1E7768E0ABD7AEA7F07 ] ssm_mdfl C:\Windows\system32\DRIVERS\ssm_mdfl.sys
01:44:29.0768 15944 ssm_mdfl - ok
01:44:29.0896 15944 [ 6F5AE233D7286EA8E42851846C6322FE ] ssm_mdm C:\Windows\system32\DRIVERS\ssm_mdm.sys
01:44:29.0900 15944 ssm_mdm - ok
01:44:29.0938 15944 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:44:29.0949 15944 SstpSvc - ok
01:44:30.0066 15944 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
01:44:30.0090 15944 stisvc - ok
01:44:30.0143 15944 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
01:44:30.0147 15944 swenum - ok
01:44:30.0213 15944 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
01:44:30.0234 15944 swprv - ok
01:44:30.0308 15944 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
01:44:30.0311 15944 Symc8xx - ok
01:44:30.0328 15944 SymIMMP - ok
01:44:30.0355 15944 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
01:44:30.0358 15944 Sym_hi - ok
01:44:30.0397 15944 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
01:44:30.0399 15944 Sym_u3 - ok
01:44:30.0460 15944 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
01:44:30.0470 15944 SynTP - ok
01:44:30.0633 15944 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
01:44:30.0824 15944 SysMain - ok
01:44:30.0877 15944 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
01:44:30.0886 15944 TabletInputService - ok
01:44:30.0943 15944 [ E965FC7627862779BA31A4FCB7D0C1EF ] tap0901 C:\Windows\system32\DRIVERS\tap0901.sys
01:44:30.0946 15944 tap0901 - ok
01:44:31.0063 15944 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
01:44:31.0112 15944 TapiSrv - ok
01:44:31.0236 15944 [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD ] tapoas C:\Windows\system32\DRIVERS\tapoas.sys
01:44:31.0238 15944 tapoas - ok
01:44:31.0300 15944 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
01:44:31.0331 15944 TBS - ok
01:44:31.0467 15944 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:44:31.0517 15944 Tcpip - ok
01:44:31.0577 15944 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
01:44:31.0610 15944 Tcpip6 - ok
01:44:31.0658 15944 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:44:31.0661 15944 tcpipreg - ok
01:44:31.0727 15944 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
01:44:31.0731 15944 TDPIPE - ok
01:44:31.0821 15944 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
01:44:31.0824 15944 TDTCP - ok
01:44:31.0899 15944 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:44:31.0904 15944 tdx - ok
01:44:32.0024 15944 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
01:44:32.0027 15944 TermDD - ok
01:44:32.0207 15944 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
01:44:32.0294 15944 TermService - ok
01:44:32.0328 15944 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
01:44:32.0339 15944 Themes - ok
01:44:32.0439 15944 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
01:44:32.0444 15944 THREADORDER - ok
01:44:32.0512 15944 [ 5F97EE54EA57AE6B857D71313D09F672 ] TlntSvr C:\Windows\System32\tlntsvr.exe
01:44:32.0520 15944 TlntSvr - ok
01:44:32.0631 15944 [ 747E60B773E95F6C93D5621B550D6865 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
01:44:32.0634 15944 TomTomHOMEService - ok
01:44:32.0683 15944 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
01:44:32.0707 15944 TrkWks - ok
01:44:32.0771 15944 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:44:32.0774 15944 TrustedInstaller - ok
01:44:32.0851 15944 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
01:44:32.0856 15944 tssecsrv - ok
01:44:32.0897 15944 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
01:44:32.0901 15944 tunmp - ok
01:44:32.0943 15944 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:44:32.0969 15944 tunnel - ok
01:44:33.0167 15944 [ E0A9B5B92097211A57FD16D27F2B3750 ] TVersityMediaServer C:\ProgramData\TVersity\Media Server\MediaServer.exe
01:44:33.0233 15944 TVersityMediaServer - ok
01:44:33.0280 15944 [ E4722DFBD6232ACF17543EF2C2DCE8D2 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:44:33.0283 15944 uagp35 - ok
01:44:33.0389 15944 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:44:33.0398 15944 udfs - ok
01:44:33.0492 15944 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:44:33.0499 15944 UI0Detect - ok
01:44:33.0546 15944 [ 5663D7696ABBE71F8C9D915C5374118A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:44:33.0550 15944 uliagpkx - ok
01:44:33.0635 15944 [ 6030B68E86A30D1B315B51C4D7778B16 ] uliahci C:\Windows\system32\drivers\uliahci.sys
01:44:33.0643 15944 uliahci - ok
01:44:33.0692 15944 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
01:44:33.0697 15944 UlSata - ok
01:44:33.0748 15944 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
01:44:33.0753 15944 ulsata2 - ok
01:44:33.0795 15944 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
01:44:33.0798 15944 umbus - ok
01:44:33.0882 15944 [ DC5E34F189B827199B9CC8481C648269 ] UmRdpService C:\Windows\System32\umrdp.dll
01:44:33.0896 15944 UmRdpService - ok
01:44:33.0967 15944 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
01:44:33.0984 15944 upnphost - ok
01:44:34.0050 15944 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
01:44:34.0053 15944 USBAAPL64 - ok
01:44:34.0091 15944 [ C6BA890DE6E41857FBE84175519CAE7D ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
01:44:34.0095 15944 usbaudio - ok
01:44:34.0157 15944 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
01:44:34.0161 15944 usbccgp - ok
01:44:34.0231 15944 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
01:44:34.0234 15944 usbcir - ok
01:44:34.0286 15944 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
01:44:34.0289 15944 usbehci - ok
01:44:34.0365 15944 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
01:44:34.0372 15944 usbhub - ok
01:44:34.0415 15944 [ E406B003A354776D317762694956B0FC ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
01:44:34.0417 15944 usbohci - ok
01:44:34.0471 15944 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
01:44:34.0474 15944 usbprint - ok
01:44:34.0532 15944 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
01:44:34.0535 15944 usbscan - ok
01:44:34.0612 15944 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:44:34.0618 15944 USBSTOR - ok
01:44:34.0662 15944 [ 7BF55D2538740B25936E93553E5D190D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
01:44:34.0664 15944 usbuhci - ok
01:44:34.0716 15944 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
01:44:34.0721 15944 usbvideo - ok
01:44:34.0781 15944 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
01:44:34.0789 15944 UxSms - ok
01:44:35.0006 15944 [ 7E8F34CB8FCDF86FE7C6696471ADAD70 ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys
01:44:35.0011 15944 VBoxDrv - ok
01:44:35.0074 15944 [ 0F1F83DBCA1BB590D585128C9E6E4A78 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
01:44:35.0078 15944 VBoxNetAdp - ok
01:44:35.0125 15944 [ B5AD50E438E12ACAEAA998852B5FE110 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
01:44:35.0130 15944 VBoxNetFlt - ok
01:44:35.0179 15944 [ DFB37C4CF3ECFC01BFD7D2CF1B4589D3 ] VBoxUSB C:\Windows\system32\Drivers\VBoxUSB.sys
01:44:35.0182 15944 VBoxUSB - ok
01:44:35.0231 15944 [ 623DB1D5355AF07FB7BE4D90C51CDA73 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
01:44:35.0234 15944 VBoxUSBMon - ok
01:44:35.0400 15944 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
01:44:35.0416 15944 vds - ok
01:44:35.0480 15944 [ 2998DC48905E9B4821AD8FD75B3E070C ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
01:44:35.0483 15944 vga - ok
01:44:35.0547 15944 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
01:44:35.0550 15944 VgaSave - ok
01:44:35.0582 15944 [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide C:\Windows\system32\drivers\viaide.sys
01:44:35.0608 15944 viaide - ok
01:44:35.0700 15944 [ C117CEDFB9BFEADB29106FDAC1358470 ] vmm C:\Windows\system32\Drivers\vmm.sys
01:44:35.0708 15944 vmm - ok
01:44:35.0752 15944 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:44:35.0768 15944 volmgr - ok
01:44:35.0858 15944 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:44:35.0874 15944 volmgrx - ok
01:44:35.0984 15944 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:44:35.0996 15944 volsnap - ok
01:44:36.0072 15944 [ 4B7F8CABBF7261796F12780E911D5F34 ] Vongo Service C:\Program Files (x86)\Vongo\VongoService.exe
01:44:36.0077 15944 Vongo Service - ok
01:44:36.0152 15944 [ BC2EA40B98B5E866D9A4F98AFB66B682 ] VPCNetS2 C:\Windows\system32\DRIVERS\VMNetSrv.sys
01:44:36.0181 15944 VPCNetS2 - ok
01:44:36.0269 15944 [ 410AE2C141142C58BC617FC2C677F8B0 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:44:36.0273 15944 vsmraid - ok
01:44:36.0416 15944 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
01:44:36.0516 15944 VSS - ok
01:44:36.0661 15944 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
01:44:36.0679 15944 W32Time - ok
01:44:36.0749 15944 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
01:44:36.0752 15944 WacomPen - ok
01:44:36.0849 15944 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:44:36.0864 15944 Wanarp - ok
01:44:36.0884 15944 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:44:36.0889 15944 Wanarpv6 - ok
01:44:37.0229 15944 [ 48EEE289DF9E4989128B2283F3EEACC6 ] wbengine C:\Windows\system32\wbengine.exe
01:44:37.0257 15944 wbengine - ok
01:44:37.0535 15944 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:44:37.0554 15944 wcncsvc - ok
01:44:37.0663 15944 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:44:37.0671 15944 WcsPlugInService - ok
01:44:37.0767 15944 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
01:44:37.0772 15944 Wd - ok
01:44:37.0936 15944 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:44:37.0968 15944 Wdf01000 - ok
01:44:38.0035 15944 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:44:38.0047 15944 WdiServiceHost - ok
01:44:38.0103 15944 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:44:38.0112 15944 WdiSystemHost - ok
01:44:38.0207 15944 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
01:44:38.0221 15944 WebClient - ok
01:44:38.0327 15944 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:44:38.0340 15944 Wecsvc - ok
01:44:38.0402 15944 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:44:38.0413 15944 wercplsupport - ok
01:44:38.0497 15944 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
01:44:38.0508 15944 WerSvc - ok
01:44:38.0526 15944 WimFltr - ok
01:44:38.0607 15944 [ 590812DD01A4FE83C6E92FDB701E59A6 ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
01:44:38.0625 15944 winachsf - ok
01:44:38.0658 15944 WinDefend - ok
01:44:38.0693 15944 WinHttpAutoProxySvc - ok
01:44:38.0784 15944 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:44:38.0794 15944 Winmgmt - ok
01:44:38.0921 15944 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
01:44:38.0971 15944 WinRM - ok
01:44:39.0105 15944 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
01:44:39.0108 15944 WinUSB - ok
01:44:39.0221 15944 [ F3EDC9909A02E6BCA863EB702D37B505 ] WinVNC4 C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe
01:44:39.0294 15944 WinVNC4 - ok
01:44:39.0500 15944 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
01:44:39.0568 15944 Wlansvc - ok
01:44:39.0660 15944 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:44:39.0662 15944 wlcrasvc - ok
01:44:40.0192 15944 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:44:40.0529 15944 wlidsvc - ok
01:44:40.0573 15944 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
01:44:40.0581 15944 WmiAcpi - ok
01:44:40.0662 15944 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:44:40.0671 15944 wmiApSrv - ok
01:44:40.0708 15944 WMPNetworkSvc - ok
01:44:40.0809 15944 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:44:40.0820 15944 WPCSvc - ok
01:44:40.0877 15944 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:44:40.0899 15944 WPDBusEnum - ok
01:44:40.0954 15944 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
01:44:40.0957 15944 WpdUsb - ok
01:44:41.0409 15944 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
01:44:41.0431 15944 WPFFontCache_v0400 - ok
01:44:41.0481 15944 [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:44:41.0484 15944 ws2ifsl - ok
01:44:41.0552 15944 [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc C:\Windows\System32\wscsvc.dll
01:44:41.0561 15944 wscsvc - ok
01:44:41.0601 15944 [ DE5F5212AB34221DD1618B5FEFE8DB6C ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
01:44:41.0604 15944 WSDPrintDevice - ok
01:44:41.0620 15944 WSearch - ok
01:44:42.0168 15944 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
01:44:42.0847 15944 wuauserv - ok
01:44:42.0948 15944 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
01:44:42.0953 15944 WUDFRd - ok
01:44:43.0076 15944 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:44:43.0091 15944 wudfsvc - ok
01:44:43.0135 15944 [ F22E443518BC599D12888DAF292A56D8 ] XAudio C:\Windows\system32\DRIVERS\xaudio64.sys
01:44:43.0154 15944 XAudio - ok
01:44:43.0266 15944 [ 963C27034BBA4AC52A13F7A3C657C708 ] XAudioService C:\Windows\system32\DRIVERS\xaudio64.exe
01:44:43.0312 15944 XAudioService - ok
01:44:43.0554 15944 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
01:44:43.0611 15944 YahooAUService - ok
01:44:43.0662 15944 [ 9284028CE534910467B83A5ED80B9A32 ] zebrbus C:\Windows\system32\DRIVERS\zebrbus.sys
01:44:43.0666 15944 zebrbus - ok
01:44:43.0715 15944 [ 0CE6A2593FCD0D5BA4241706A03E5A2C ] zebrceb C:\Windows\system32\DRIVERS\zebrceb.sys
01:44:43.0727 15944 zebrceb - ok
01:44:43.0793 15944 [ D5BDF3689B845629FE1DF8B19411C365 ] zebrmdfl C:\Windows\system32\DRIVERS\zebrmdfl.sys
01:44:43.0806 15944 zebrmdfl - ok
01:44:43.0871 15944 [ 5EDFD1C634E9371F2F5E4FDFD438EBF1 ] zebrmdm C:\Windows\system32\DRIVERS\zebrmdm.sys
01:44:43.0875 15944 zebrmdm - ok
01:44:43.0942 15944 [ F0834018F32833C32A201B8A234784ED ] zebrmdmc C:\Windows\system32\DRIVERS\zebrmdmc.sys
01:44:43.0946 15944 zebrmdmc - ok
01:44:44.0043 15944 [ 86A1DA0D04DC177C0D2B3B81777B8BEE ] zebrsce C:\Windows\system32\DRIVERS\zebrsce.sys
01:44:44.0047 15944 zebrsce - ok
01:44:44.0243 15944 [ 1CACFEF9E5DD866C5B79A135EE729E18 ] {22D78859-9CE9-4B77-BF18-AC83E81A9263} C:\Program Files (x86)\HP\QuickPlay\000.fcl
01:44:44.0255 15944 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
01:44:44.0365 15944 ================ Scan global ===============================
01:44:44.0415 15944 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
01:44:44.0527 15944 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:44:44.0630 15944 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
01:44:44.0710 15944 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
01:44:44.0815 15944 [Global] - ok
01:44:44.0819 15944 ================ Scan MBR ==================================
01:44:44.0840 15944 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
01:44:45.0336 15944 \Device\Harddisk0\DR0 - ok
01:44:45.0337 15944 ================ Scan VBR ==================================
01:44:45.0362 15944 [ 043E58A51042DCE16527B7814984F406 ] \Device\Harddisk0\DR0\Partition1
01:44:45.0383 15944 \Device\Harddisk0\DR0\Partition1 - ok
01:44:45.0430 15944 [ 3937753FA39FFF0D5B0F0A71652E119A ] \Device\Harddisk0\DR0\Partition2
01:44:45.0434 15944 \Device\Harddisk0\DR0\Partition2 - ok
01:44:45.0436 15944 ============================================================
01:44:45.0436 15944 Scan finished
01:44:45.0436 15944 ============================================================
01:44:45.0494 18312 Detected object count: 1
01:44:45.0494 18312 Actual detected object count: 1
01:44:49.0018 18312 sptd ( LockedFile.Multi.Generic ) - skipped by user
01:44:49.0019 18312 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
 
RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User : Psycho Dunpeal [Admin rights]
Mode : Scan -- Date : 09/15/2012 01:52:14
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cdloader ("C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3361550716-439296834-1023547113-1000[...]\Run : cdloader ("C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3361550716-439296834-1023547113-1000[...]\Run : MusicManager ("C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet003\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263} (\??\C:\Program Files (x86)\HP\QuickPlay\000.fcl) -> FOUND
[PROXY FF] o4669fhz.default\ 127.0.0.1:8000 -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633} : NameServer (208.122.23.22,208.122.23.23) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633} : NameServer (208.122.23.22,208.122.23.23) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
127.94.0.1client.openvpn.net
127.94.0.2openvpn-client.us.shieldexchange.com
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS542525K9SA00 ATA Device +++++
--- User ---
[MBR] b112e1b31dd2d94be6bfb9cf1807db3d
[BSP] 3364e4efa033fde283d0547f23be26e9 : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 224690 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 460165860 | Size: 13782 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-15 01:53:17
-----------------------------
01:53:17.689 OS Version: Windows x64 6.0.6002 Service Pack 2
01:53:17.690 Number of processors: 2 586 0x6802
01:53:17.696 ComputerName: EVANGELION UserName:
01:53:28.656 Initialize success
01:55:51.646 AVAST engine defs: 12091400
01:56:24.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
01:56:24.943 Disk 0 Vendor: Hitachi_HTS542525K9SA00 BBFOC32P Size: 238475MB BusType: 3
01:56:24.989 Disk 0 MBR read successfully
01:56:24.998 Disk 0 MBR scan
01:56:25.182 Disk 0 unknown MBR code
01:56:25.199 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 224690 MB offset 63
01:56:25.262 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13782 MB offset 460165860
01:56:25.615 Disk 0 scanning C:\Windows\system32\drivers
01:57:37.556 Service scanning
01:59:23.776 Modules scanning
01:59:23.798 Disk 0 trace - called modules:
01:59:23.844 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys >>UNKNOWN [0xfffffa8002a8b2c0]<<sphu.sys ataport.SYS pciide.sys
01:59:23.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002f84790]
01:59:24.275 3 CLASSPNP.SYS[fffffa6000ec5c33] -> nt!IofCallDriver -> [0xfffffa8002c62800]
01:59:24.290 5 acpi.sys[fffffa600096dfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa8002c7b940]
01:59:24.307 \Driver\atapi[0xfffffa8002c5eae0] -> IRP_MJ_CREATE -> 0xfffffa8002a8b2c0
01:59:30.501 AVAST engine scan C:\Windows
02:00:14.588 AVAST engine scan C:\Windows\system32
02:25:27.350 AVAST engine scan C:\Windows\system32\drivers
02:27:56.001 AVAST engine scan C:\Users\Psycho Dunpeal
04:11:03.959 AVAST engine scan C:\ProgramData
04:58:37.718 Scan finished successfully
08:14:45.895 Disk 0 MBR has been saved successfully to "C:\Users\Psycho Dunpeal\Desktop\MBR.dat"
08:14:46.401 The log file has been saved successfully to "C:\Users\Psycho Dunpeal\Desktop\aswMBR.txt"
 
I don't see much there.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Looks good :)

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 16/09/2012 07:04:18 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Psycho Dunpeal\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00002C09 | Country: Trinidad and Tobago | Language: ENT | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.57% Memory free
4.23 Gb Paging File | 2.30 Gb Available in Paging File | 54.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.42 Gb Total Space | 81.78 Gb Free Space | 37.27% Space Free | Partition Type: NTFS
Drive D: | 13.46 Gb Total Space | 2.26 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

Computer Name: EVANGELION | User Name: Psycho Dunpeal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/09/16 18:20:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Psycho Dunpeal\Desktop\OTL.exe
PRC - [2012/09/13 09:08:30 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/08 08:13:12 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/09 02:11:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/09 02:11:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/12/18 12:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe
PRC - [2007/12/04 14:50:22 | 000,014,376 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2007/10/19 14:18:48 | 000,113,176 | ---- | M] (Logitech Inc.) -- c:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\Yuna Software\Messenger Plus!\Detour32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/13 17:27:44 | 000,292,736 | ---- | M] (Puran Software) [Auto | Running] -- C:\Windows\SysNative\PuranDefragS.exe -- (PuranDefrag)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/04/11 03:10:58 | 000,081,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007/10/19 14:20:42 | 000,171,032 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV:64bit: - [2007/10/19 14:18:36 | 000,182,296 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2007/10/19 14:17:04 | 000,255,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSer64.exe -- (LVCOMSer)
SRV:64bit: - [2007/10/18 07:37:22 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2006/11/02 11:03:54 | 000,011,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/14 22:16:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/09 02:11:34 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/09 02:11:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2010/11/24 16:33:26 | 000,921,600 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/18 12:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/09/09 22:58:34 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV - [2007/08/31 14:15:06 | 000,176,128 | ---- | M] (Starz Entertainment Group LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Vongo\VongoService.exe -- (Vongo Service)
SRV - [2007/03/05 13:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/09 02:11:35 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/09 02:11:35 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/19 17:56:50 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/02 23:29:54 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2011/09/02 23:29:52 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2011/08/19 00:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/01/17 23:57:50 | 000,040,128 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/10/16 11:42:38 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/10/14 21:40:24 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/07/20 11:41:18 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/07/20 11:40:23 | 000,145,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdmc.sys -- (zebrmdmc)
DRV:64bit: - [2010/07/20 11:40:23 | 000,145,408 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdm.sys -- (zebrmdm)
DRV:64bit: - [2010/07/20 11:40:23 | 000,120,832 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrsce.sys -- (zebrsce)
DRV:64bit: - [2010/07/20 11:40:23 | 000,108,544 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrbus.sys -- (zebrbus)
DRV:64bit: - [2010/07/20 11:40:23 | 000,081,280 | ---- | M] (MCCI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\zebrceb.sys -- (zebrceb)
DRV:64bit: - [2010/07/20 11:40:23 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zebrmdfl.sys -- (zebrmdfl)
DRV:64bit: - [2009/12/30 12:21:24 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/25 14:24:01 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/12/25 14:24:01 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/11/10 15:35:36 | 000,139,408 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/11 01:42:21 | 000,140,288 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RMCAST.sys -- (RMCAST)
DRV:64bit: - [2009/04/11 01:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/25 11:48:00 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdm.sys -- (s1018mdm)
DRV:64bit: - [2009/03/25 11:48:00 | 000,146,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018unic.sys -- (s1018unic)
DRV:64bit: - [2009/03/25 11:48:00 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mgmt.sys -- (s1018mgmt)
DRV:64bit: - [2009/03/25 11:48:00 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018obex.sys -- (s1018obex)
DRV:64bit: - [2009/03/25 11:48:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018bus.sys -- (s1018bus)
DRV:64bit: - [2009/03/25 11:48:00 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018nd5.sys -- (s1018nd5)
DRV:64bit: - [2009/03/25 11:48:00 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1018mdfl.sys -- (s1018mdfl)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/16 12:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys -- (s0016mdm)
DRV:64bit: - [2008/05/16 12:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys -- (s0016mdfl)
DRV:64bit: - [2008/05/16 12:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0016bus.sys -- (s0016bus)
DRV:64bit: - [2008/04/27 12:09:18 | 001,133,568 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/03/14 01:56:46 | 000,073,136 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2008/03/04 03:32:46 | 000,222,720 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2008/01/19 03:11:31 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2008/01/19 02:38:16 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2007/12/12 13:12:32 | 000,095,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/12/12 13:12:32 | 000,089,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/12/12 13:12:32 | 000,019,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2007/11/01 10:22:50 | 001,481,216 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2007/11/01 10:19:46 | 000,293,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2007/11/01 10:18:32 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2007/10/19 14:16:08 | 001,599,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys -- (LVcKap64)
DRV:64bit: - [2007/10/18 07:37:10 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2007/10/11 19:58:28 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2007/10/11 19:58:16 | 002,055,192 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys -- (LVMVDrv)
DRV:64bit: - [2007/09/09 18:13:26 | 000,207,872 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CHDART64.sys -- (HdAudAddService)
DRV:64bit: - [2007/08/28 18:46:46 | 000,217,088 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys -- (ATSWPDRV)
DRV:64bit: - [2007/07/11 13:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/06/18 20:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/06/15 11:50:40 | 001,138,176 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (hcw85bda)
DRV:64bit: - [2007/05/09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/05/09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007/05/02 12:12:30 | 000,145,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssm_mdm.sys -- (ssm_mdm)
DRV:64bit: - [2007/05/02 12:12:30 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssm_bus.sys -- (ssm_bus)
DRV:64bit: - [2007/05/02 12:12:30 | 000,019,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssm_mdfl.sys -- (ssm_mdfl)
DRV:64bit: - [2007/03/26 22:48:24 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/03/19 15:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2007/02/27 19:10:38 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/02/18 01:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\vmm.sys -- (vmm)
DRV:64bit: - [2007/01/29 07:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006/10/06 22:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV)
DRV:64bit: - [2006/09/18 17:38:12 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2006/06/18 19:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/01/12 17:50:04 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/24 17:37:09] [Kernel | Auto | Running] -- C:\Program Files (x86)\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_tt&c=81&bd=Pavilion&pf=laptop
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr10/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr10/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-tt
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 AC 29 7C C8 46 CA 01 [binary data]
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes\{59B2DB53-AF80-40DD-80C5-FAE7B7079109}: "URL" = http://us.yhs.search.yahoo.com/avg/...ahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = plimus.com;www.plimus.com;regnow.com;www.regnow.com;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledAddons: TFToolbarX@torrent-finder:1.2.6
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledAddons: {75623d5d-4683-402a-b610-ac4bab767c86}:3.3.0
FF - prefs.js..extensions.enabledAddons: GameTap@gametap.com:4.0.80.1588
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202
FF - prefs.js..extensions.enabledAddons: MafiaaFire@mafiaafire.com:0.9d
FF - prefs.js..extensions.enabledAddons: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: GameTap@gametap.com:4.0.80.1588
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: TFToolbarX@torrent-finder:1.2.6
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8000
FF - prefs.js..network.proxy.type: 1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Psycho Dunpeal\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/21 17:56:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files (x86)\Google\Google Gears\Firefox\ [2010/03/06 01:04:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/29 23:47:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2010/07/22 12:53:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/02 19:34:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/25 14:25:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/30 09:59:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\components [2011/12/25 14:25:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 6\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/12/21 17:56:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2010/07/22 12:53:06 | 000,000,000 | ---D | M]

[2010/07/02 15:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions
[2010/01/30 09:40:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions\contact@callgraph.in
[2010/07/02 15:34:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2009/03/14 15:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/03/08 10:56:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions
[2009/07/21 15:22:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/25 22:32:18 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/04/10 13:45:54 | 000,000,000 | ---D | M] (Surf Canyon - Search Engine Assistant) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
[2011/03/31 22:20:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/05/13 19:40:16 | 000,000,000 | ---D | M] (GameTap) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\GameTap@gametap.com
[2009/05/24 04:01:43 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\moveplayer@movenetworks.com
[2010/12/15 15:02:55 | 000,000,000 | ---D | M] (Torrent Finder Toolbar) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\TFToolbarX@torrent-finder
[2012/03/08 10:56:58 | 000,123,007 | ---- | M] () (No name found) -- C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\MafiaaFire@mafiaafire.com.xpi
[2012/01/13 06:56:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/12 23:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/11/24 14:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2012/04/02 19:34:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RockMelt Update (Enabled) = C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Turn Off the Lights = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.6_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Photo Zoom for Facebook = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1208.30.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Beautify FB = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldngjhkgckijklngngononnejmadojce\2.1.3_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.6.7_0\
CHR - Extension: All Mangas Reader = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhjloagockgobfpopemejpgjjechcpfd\1.4.0_0\
CHR - Extension: Ambient Aurea = C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkaglmndhfgdaiaccjglghcbnfinfffa\1.0.0.11_0\
 
O1 HOSTS File: ([2012/09/16 16:27:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [PuranADT] C:\Program Files\Puran Defrag\PuranADT.exe (Puran Software)
O4:64bit: - HKLM..\Run: [SJ1XRCV] C:\Windows\SysNative\spool\drivers\x64\3\SJ1XRCV.exe (SHARP CORPORATION)
O4:64bit: - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000..\Run: [cdloader] C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000..\Run: [MusicManager] C:\Users\Psycho Dunpeal\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files (x86)\Xilisoft\Download YouTube Video\upod_link.HTM ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - Reg Error: Value error. File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\SysWow64\HMIPCore.dll (Hide My IP)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.1.104.35 200.1.104.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}: DhcpNameServer = 200.1.104.35 200.1.104.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9D328BE-1A0B-409A-9ECB-CCFCEFB99633}: NameServer = 208.122.23.22,208.122.23.23
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes3\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Psycho Dunpeal\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Psycho Dunpeal\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck PuranDefragBT -AD)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 18:20:49 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Psycho Dunpeal\Desktop\OTL.exe
[2012/09/16 17:24:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/09/16 17:00:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/16 15:11:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/09/16 15:11:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/09/16 15:11:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/09/16 15:07:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/16 15:01:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/09/16 14:09:04 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{FEA4B016-E92F-47B6-A9C1-7FF3224B024B}
[2012/09/16 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{2CF0DDAD-A8AE-49D5-BB2D-096E70FBDD58}
[2012/09/16 02:06:39 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{89116ACF-4E82-4EA4-B13B-6ACB9B6951DF}
[2012/09/15 16:38:14 | 004,754,503 | R--- | C] (Swearware) -- C:\Users\Psycho Dunpeal\Desktop\ComboFix.exe
[2012/09/15 10:48:47 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{DCFAE1D2-9B96-430D-8C25-38B5C3718FC2}
[2012/09/15 10:44:51 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{46C5FFC2-FAC7-4179-8375-F2162CDCD2A1}
[2012/09/15 01:48:57 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\RK_Quarantine
[2012/09/15 01:39:06 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Psycho Dunpeal\Desktop\TDSSKiller.exe
[2012/09/15 01:36:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Psycho Dunpeal\Desktop\aswMBR.exe
[2012/09/14 22:44:26 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{51F58B38-A89C-49A2-8BCB-30D1047EB3F6}
[2012/09/14 10:44:04 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{91BE8756-721E-44AB-AE55-8719076E1831}
[2012/09/13 22:56:15 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{8596B192-9E9A-4D43-9D54-5FC8F2867289}
[2012/09/13 22:51:53 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{C314C29E-E15E-427E-83BD-44EF965A86B3}
[2012/09/13 22:45:37 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{30C7EBF8-3CC7-4A0F-82E8-79BF757588D4}
[2012/09/13 08:26:04 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs\Music Manager
[2012/09/13 01:24:39 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{E27FC9CE-82E6-4697-AB07-5AFF2C1E3BA7}
[2012/09/13 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{AA8A5CCC-DBC2-4D6B-B191-86DC405F529D}
[2012/09/12 10:32:50 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{ECD66C08-6EE7-4231-8227-7661DEDBD8DE}
[2012/09/12 10:31:47 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{17E21624-8E0D-42CB-9C48-4170FB1C644B}
[2012/09/11 22:30:42 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{5606BFBC-209A-49B2-8087-7B3759792155}
[2012/09/11 20:24:15 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{1159D483-3982-46C6-A53B-94B640FC0739}
[2012/09/11 00:32:22 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{713B8A0D-E84E-4790-8E5A-A4ED5DB5E8A2}
[2012/09/10 12:31:26 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{8C7DBDE9-8EE6-4A4D-B08F-6FE257A58D21}
[2012/09/10 00:43:49 | 000,000,000 | R--D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs\Startup
[2012/09/10 00:43:49 | 000,000,000 | R--D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs\Administrative Tools
[2012/09/09 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{09B577FC-DD88-4225-B822-5B16F020C7B8}
[2012/09/09 03:08:34 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{9C80F33C-518E-47BD-8C8C-23A45D1A1E23}
[2012/09/08 15:08:09 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{0E9B8DCE-65D2-40AC-9683-D9A2BE90B8CF}
[2012/09/08 03:04:39 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{BBC9C72A-F2AC-4E88-AAA2-642012F67B0D}
[2012/09/08 03:03:01 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{235F73DD-BB12-4530-9DDB-B7E5E1ECF34E}
[2012/09/07 14:04:14 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{6387130C-F1AB-40D4-81B1-3543946D8408}
[2012/09/07 02:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/09/07 02:01:06 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{2126E24A-8575-4812-97A1-4E230FB369A6}
[2012/09/06 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{0C93F1FF-12DD-4D74-B557-2C2AE1EAC120}
[2012/09/06 08:49:40 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{9FEC522A-5B86-4335-98FC-54E4E63F1A2F}
[2012/09/06 08:43:46 | 000,000,000 | R--D | C] -- C:\Users\Psycho Dunpeal\Desktop\Programs
[2012/09/05 17:11:45 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\AppData\Local\{649D2DB1-7A09-407C-869B-57FE74FE4EBC}
[2012/09/01 13:14:44 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\5-Day Inferno Plan
[2012/09/01 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Psycho Dunpeal\Desktop\TurboFire Class Schedule
[2008/12/17 20:29:43 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2008/12/17 20:29:39 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2008/12/17 20:29:35 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2008/12/17 20:29:33 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe

========== Files - Modified Within 30 Days ==========

[2012/09/16 18:57:14 | 000,003,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 18:57:14 | 000,003,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/16 18:50:00 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{40F61EB5-DC92-44E6-9DEF-98D70F237627}.job
[2012/09/16 18:25:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
[2012/09/16 18:20:17 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Psycho Dunpeal\Desktop\OTL.exe
[2012/09/16 18:17:01 | 000,000,964 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
[2012/09/16 18:17:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
[2012/09/16 18:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/16 18:14:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/16 18:00:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
[2012/09/16 17:05:56 | 000,354,882 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat
[2012/09/16 17:05:56 | 000,343,936 | ---- | M] () -- C:\Windows\SysNative\prfh0804.dat
[2012/09/16 17:05:56 | 000,112,512 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat
[2012/09/16 17:05:56 | 000,112,506 | ---- | M] () -- C:\Windows\SysNative\prfc0804.dat
[2012/09/16 17:05:55 | 000,690,474 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/09/16 17:05:55 | 000,399,038 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2012/09/16 17:05:55 | 000,112,674 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2012/09/16 17:05:54 | 000,688,226 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/09/16 17:05:54 | 000,141,536 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/09/16 17:05:54 | 000,135,076 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/09/16 17:05:51 | 000,617,458 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/16 17:05:50 | 000,112,674 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/16 17:05:49 | 003,680,902 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/16 17:02:15 | 000,470,017 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/16 17:02:14 | 000,470,017 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/16 16:59:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/16 16:58:38 | 000,000,680 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012/09/16 16:56:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/16 16:54:41 | 2146,418,688 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/16 16:31:04 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/16 16:27:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/09/16 14:31:25 | 000,081,611 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\2FD7426E-3C22-4B67-A7D0-9B5D616B12FE.jpg
[2012/09/16 14:29:17 | 000,085,000 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\1C8D2D85-5DBE-434F-A96F-8782A7D08738.jpg
[2012/09/16 14:28:57 | 000,093,273 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\A043E7E5-62CC-4FA1-8CE4-8DDAE0608750.jpg
[2012/09/16 12:25:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
[2012/09/15 16:38:51 | 004,754,503 | R--- | M] (Swearware) -- C:\Users\Psycho Dunpeal\Desktop\ComboFix.exe
[2012/09/15 08:14:46 | 000,000,512 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\MBR.dat
[2012/09/15 02:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
[2012/09/15 01:36:54 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Psycho Dunpeal\Desktop\aswMBR.exe
[2012/09/15 01:36:13 | 001,378,816 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\RogueKiller.exe
[2012/09/14 12:30:04 | 000,085,221 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\5A8FB89A-8A6D-41F3-B820-CE3D4E8516AC.jpg
[2012/09/10 22:15:47 | 001,614,657 | ---- | M] () -- C:\Users\Psycho Dunpeal\Desktop\5C9B483B-462B-478F-8B3C-09C0C50C6869.jpg
[2012/09/10 18:47:45 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPsycho Dunpeal.job
[2012/09/10 13:59:41 | 000,002,009 | ---- | M] () -- C:\Users\Psycho Dunpeal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/07 18:51:22 | 000,129,024 | ---- | M] () -- C:\Users\Psycho Dunpeal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/03 23:41:26 | 000,132,480 | ---- | M] (Puran Software) -- C:\Windows\SysNative\PuranDefragBT.exe
[2012/08/24 13:28:40 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Psycho Dunpeal\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2012/09/16 15:11:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/16 15:11:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/16 15:11:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/16 15:11:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/16 15:11:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/16 14:30:22 | 000,081,611 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\2FD7426E-3C22-4B67-A7D0-9B5D616B12FE.jpg
[2012/09/16 11:10:01 | 000,093,273 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\A043E7E5-62CC-4FA1-8CE4-8DDAE0608750.jpg
[2012/09/15 08:14:45 | 000,000,512 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\MBR.dat
[2012/09/15 01:36:13 | 001,378,816 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\RogueKiller.exe
[2012/09/14 12:30:01 | 000,085,221 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\5A8FB89A-8A6D-41F3-B820-CE3D4E8516AC.jpg
[2012/09/14 08:47:15 | 000,085,000 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\1C8D2D85-5DBE-434F-A96F-8782A7D08738.jpg
[2012/09/10 22:14:42 | 001,614,657 | ---- | C] () -- C:\Users\Psycho Dunpeal\Desktop\5C9B483B-462B-478F-8B3C-09C0C50C6869.jpg
[2012/09/10 13:59:41 | 000,002,009 | ---- | C] () -- C:\Users\Psycho Dunpeal\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/07 12:56:00 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForPsycho Dunpeal.job
[2012/09/07 01:55:18 | 000,000,936 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
[2012/09/07 01:55:14 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
[2012/04/05 21:00:40 | 000,000,334 | ---- | C] () -- C:\Users\Psycho Dunpeal\openvpn-connect.json
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/06/15 11:24:28 | 003,723,220 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/03/31 21:37:25 | 000,000,763 | ---- | C] () -- C:\Users\Psycho Dunpeal\.appcfg_cookies
[2011/02/21 23:20:54 | 000,121,379 | ---- | C] () -- C:\Windows\hpoins15.dat
[2011/02/21 23:20:54 | 000,001,037 | ---- | C] () -- C:\Windows\hpomdl15.dat
[2010/12/20 16:43:32 | 000,172,128 | ---- | C] () -- C:\Windows\_isusr32.dll
[2010/12/20 16:43:32 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\_isusr2k.dll
[2010/06/23 19:58:41 | 000,000,036 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\housecall.guid.cache
[2010/05/05 00:28:11 | 000,000,022 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\kodakpcd.ini
[2009/10/06 23:48:49 | 000,000,760 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\setup_ldm.iss
[2009/06/26 23:11:19 | 000,008,772 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\d3d9caps64.dat
[2009/02/10 20:32:35 | 000,470,017 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/02/10 20:32:35 | 000,470,017 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/01/25 18:03:49 | 000,029,216 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\UserTile.png
[2008/12/06 16:11:26 | 000,000,541 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/12/06 16:02:38 | 000,007,916 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\d3d9caps.dat
[2008/12/05 01:23:47 | 000,001,268 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\wklnhst.dat
[2008/12/04 19:11:55 | 000,083,182 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\nvModes.001
[2008/12/04 17:28:45 | 000,083,182 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Roaming\nvModes.dat
[2008/12/04 15:30:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/12/04 14:25:28 | 000,129,024 | ---- | C] () -- C:\Users\Psycho Dunpeal\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2009/11/22 13:39:17 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\DigitalPersona
[2009/11/22 13:41:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Genie-soft
[2009/11/22 13:43:14 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Skinux
[2009/11/22 13:42:20 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Teleca
[2011/03/30 16:10:01 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\WildTangent
[2012/09/07 01:32:40 | 000,000,000 | ---D | M] -- C:\Users\LemTest\AppData\Roaming\DigitalPersona
[2012/09/07 02:50:55 | 000,000,000 | ---D | M] -- C:\Users\LemTest\AppData\Roaming\uTorrent
[2010/07/31 23:22:00 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\All Free 3GP Video Converter
[2010/02/02 01:48:31 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Call Graph
[2008/12/04 16:09:43 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\CiscoCAA
[2008/12/06 14:11:35 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\CoreCodec
[2010/08/08 01:18:38 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\DAEMON Tools
[2012/01/07 23:54:57 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\DAEMON Tools Lite
[2008/12/04 15:25:30 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\DigitalPersona
[2011/10/02 02:19:06 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Dropbox
[2010/07/28 17:19:55 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Eltima Software
[2011/07/13 22:23:19 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Funambol
[2010/08/09 16:21:27 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\HandBrake
[2010/08/09 02:11:05 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Hide IP NG
[2010/08/11 03:44:53 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\KC Softwares
[2011/12/07 17:51:41 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Leadertech
[2010/07/31 23:04:15 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\M3
[2010/12/23 13:08:23 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Machete Lite
[2010/10/16 00:29:37 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Maxthon2
[2011/07/16 11:41:29 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Maxthon3
[2011/05/02 23:37:31 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\mjusbsp
[2010/09/24 03:37:34 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\MxBoost
[2012/04/02 19:34:33 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\MyPhoneExplorer
[2010/10/16 13:10:48 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Notepad++
[2011/08/29 22:33:34 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\ooVoo Details
[2010/08/24 13:30:50 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\PMS
[2010/07/28 19:03:56 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Red Kawa
[2010/01/30 09:40:29 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Sedna Wireless
[2011/10/02 02:36:09 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Sony
[2009/12/25 15:10:22 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Teleca
[2008/12/05 01:23:51 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Template
[2012/09/13 03:17:03 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\TeraCopy
[2010/07/02 15:34:00 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\TomTom
[2010/01/31 13:11:19 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Transparent
[2012/09/07 19:19:51 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\uTorrent
[2010/08/09 09:36:14 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\VS Revo Group
[2009/05/28 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\WildTangent
[2010/12/11 19:27:41 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Windows Live Writer
[2011/10/02 16:55:36 | 000,000,000 | ---D | M] -- C:\Users\Psycho Dunpeal\AppData\Roaming\Xilisoft
[2012/09/16 18:17:01 | 000,000,912 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000Core.job
[2012/09/16 18:17:01 | 000,000,964 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1000UA.job
[2012/09/15 02:00:00 | 000,000,884 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002Core.job
[2012/09/16 18:00:00 | 000,000,936 | ---- | M] () -- C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3361550716-439296834-1023547113-1002UA.job
[2012/09/16 16:30:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/16 18:50:00 | 000,000,452 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40F61EB5-DC92-44E6-9DEF-98D70F237627}.job

========== Purity Check ==========


< End of report >
 
OTL Extras logfile created on: 16/09/2012 07:04:18 PM - Run 1
OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Psycho Dunpeal\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00002C09 | Country: Trinidad and Tobago | Language: ENT | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.57% Memory free
4.23 Gb Paging File | 2.30 Gb Available in Paging File | 54.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 219.42 Gb Total Space | 81.78 Gb Free Space | 37.27% Space Free | Partition Type: NTFS
Drive D: | 13.46 Gb Total Space | 2.26 Gb Free Space | 16.77% Space Free | Partition Type: NTFS

Computer Name: EVANGELION | User Name: Psycho Dunpeal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Classes\<extension>]
.html [@ = RockMeltHTML] -- C:\Users\Psycho Dunpeal\AppData\Local\RockMelt\Application\rockmelt.exe (RockMelt, Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [TVersity] -- "C:\ProgramData\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = A0 AE 1F AE 44 58 C9 01 [binary data]
"VistaSp2" = CF 1B 23 92 3B 33 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files (x86)\Vongo\VongoService.exe" = C:\Program Files (x86)\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)
"" =
"C:\Program Files (x86)\Vongo\VongoService.exe" = C:\Program Files (x86)\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files (x86)\Call Graph\CallGraph.exe" = C:\Program Files (x86)\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)
"C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files (x86)\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\Program Files (x86)\Call Graph\CallGraph.exe" = C:\Program Files (x86)\Call Graph\CallGraph.exe:*:Enabled:Call Graph -- (Sedna Wireless Pvt. Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084FDBA2-F64E-4AC5-863F-F82E318423EE}" = lport=139 | protocol=6 | dir=in | app=system |
"{08A50EC1-50A6-431C-AA62-774819529AF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1570F608-E135-4DA2-B3F9-338505B1D6B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1AC1D77C-78D3-48FF-B062-1F3CF58144E3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1E95DA46-82D9-42BA-9E41-BFECBE6B66BF}" = lport=138 | protocol=17 | dir=in | app=system |
"{235F396B-8772-445E-BE68-7606AF95C624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{287FD753-F4A7-4828-AF79-613E159E645C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{328894EF-B922-4E84-8502-7723CC9351B1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{37228EEC-8724-43C8-AC0F-2ADB80044218}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{391ED8B7-7F5A-4BEB-B766-BD3103AB44F2}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A9116CF-BFC2-45E6-BA3B-48A589994310}" = lport=10244 | protocol=6 | dir=in | app=system |
"{4755139E-8495-4632-BEF9-5D4619B4C986}" = lport=2869 | protocol=6 | dir=in | app=system |
"{51CC1BE0-DA6B-4319-8D73-4A6EA7898E7E}" = lport=137 | protocol=17 | dir=in | app=system |
"{57FC7427-4454-44E4-9BAA-B75F715D2224}" = rport=137 | protocol=17 | dir=out | app=system |
"{61F30088-CC0D-475E-8ED2-5405AF437AD9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{671F0351-B5C5-4B2F-A811-0199E27B9E53}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{672BA69C-2299-4B98-A7C6-8088E3E982E7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6909E75C-979D-434F-9CE4-0DA4B51BB5FF}" = rport=10244 | protocol=6 | dir=out | app=system |
"{6DBF2FE7-C5C7-4D31-8DE0-EFA2FBBEC8FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{752A2FAE-0FD9-4968-B48F-E7A2085DF430}" = rport=445 | protocol=6 | dir=out | app=system |
"{76D907EE-3C7B-46CD-8081-3E48E918F663}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{81D88100-4E38-4778-817E-9EB3BCD18978}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{8E005436-0A60-4597-ACFD-3576011641E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9047007B-3D40-451B-8C1C-5E91D9951901}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{913E8511-5562-4A40-A39C-97CCA18F9190}" = lport=3390 | protocol=6 | dir=in | app=system |
"{97214CEF-51DF-4A19-B3FE-028BAEEDBA00}" = rport=138 | protocol=17 | dir=out | app=system |
"{A449F2BE-3685-4D38-9866-56C5C21CD9EF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{A95D79E6-CC96-406D-8E4F-F197972C9203}" = lport=445 | protocol=6 | dir=in | app=system |
"{AACF7181-BCDD-4134-8AB2-AD70B4988107}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B85C3379-3C7F-415C-A300-8380F5EDDE53}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{BD8BCAE9-5975-4690-B13E-BC4088CF164D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{BE017871-9A92-4D79-858A-98F8D4F4455D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C8628C80-A1F6-490E-8C28-37432EB36F2A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C8DD3EE5-1ABA-4B6F-B50D-E2C5E361F315}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{CDB00E4D-0333-4836-A823-15DB9C1BA558}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D0C8DE44-0D6B-4F4A-AFA0-8C86843CC6E4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D18C96A1-C688-4C1F-BD36-B77F5354574F}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{D6D3F908-D103-4564-B22C-0148875D632E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D9A5E656-1547-4A1D-8B6B-666F76FD34BE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D9B8D247-CE63-40DA-A702-872D85127612}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E80F9945-8FA8-422E-A8A3-4C86EE4AB333}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC3AEB5A-E738-464F-938C-319F860F888E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EF8BCB2D-3057-4E62-A47A-10F56E1DE424}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{F159E57A-B7DB-407D-8B2F-3F8AF1A01B78}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2457503-B070-4C49-BFEB-F4E882800628}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F2A4BAD5-9F14-47BD-8134-93F9D05500EA}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AB2892E-CA7D-4506-A3C1-942D8D1738E6}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{0C82D38A-DEBB-4534-85E5-504A9C695A0B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15E5B6EB-2DC6-4064-A5C1-E3FBBCB9C00C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{163549EC-3518-4924-9C75-1F186F7A722C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{165C1C59-79DC-4943-8B16-2E9F70C944B6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{192E66D0-5573-4067-AF55-5BB86AF9E08A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{19ED98C1-D267-4F57-AEA0-DF585182B489}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{25A566C5-1543-41C0-A014-7EC2A91F9BB1}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{282C6F69-00D7-408D-8DC1-DF18B7C6D2F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{296D393E-5A01-40F1-9F79-73C5B0096A88}" = protocol=6 | dir=out | app=system |
"{2ADB0250-5497-49F4-A27F-5FA60FE507A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2BC7FF22-A250-44D0-B599-257C2E439533}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{2C2DCD1D-2AD0-4A3B-AEB7-7D4BE379AC48}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2E59DE41-626E-4631-A92B-FBB7980BF04E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2FA09651-2D71-48EB-9253-886D1290AB1B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{314D16E3-F867-4E0D-AE70-579C5B9681D8}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{3B82AE15-A42D-479E-89AB-EC8AD1462E29}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{3BF0033D-9A38-40A7-B2D1-150897B32F1C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C6C5DF7-A1A8-4D89-9ED4-A1942BDFAEEE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3CDB692F-24E5-4135-8846-69EA627CB281}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3EE2EF9A-1135-49C3-AA20-DC807FEF30A5}" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
"{41BFBBC7-DA12-4B57-9378-AA9CDEF05669}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{42712392-0F01-49F2-8FA6-AFEE2F12BFA8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{43D6351F-EAA6-4EA2-9BFB-1ECA2AB58FB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{541858B5-48AF-4968-9C3A-BF78BFEED329}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"{56F0F835-C795-4B8C-AC42-8E918547903C}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{5B48305D-F2FD-4EA9-909B-D124C158ACD9}" = protocol=6 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{5C95BB5D-4141-45ED-A60E-F8DC38E3D05E}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{648BBA06-DF1E-44B6-8D6A-3B15BC1D9C05}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{65E78EA1-AD04-41BB-9A18-BE5CD30B0127}" = protocol=6 | dir=out | app=system |
"{686FD117-1CFC-474A-9229-C64703A0C445}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{738BC406-D0AE-4BFB-85E1-72E4F97050C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{764C521A-C461-4607-A837-FFF4AB65C4D9}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{77C633A9-ACDA-4C36-B7D8-BD8715ACB226}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{7CBE5B07-FF39-4D7D-AFED-1D1FC38F03D1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7ECD4550-CB42-4085-92FC-C2AB473B6C7F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{83A17070-1BF9-40C4-930D-55F4984A68BD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8544F3CF-1467-4897-BE78-D49DFFA4F895}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{888842C4-7714-4FE2-BF13-E7E1C8BECDDC}" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
"{96CBFD75-6A17-480E-B302-A2370893BE1A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{9CA336BE-E8D6-477D-A2A5-071E0DBB85E1}" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{9FB8202E-9387-4EC4-80F2-CD5FBC66A908}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1695752-EB43-4A14-A547-1B76B9F974E9}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A4ABDB92-5EEA-41D5-B667-D620150CE659}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A6D4372E-5980-42A8-AAC4-0E2D5769E5FB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AA7257A2-5D88-45E1-BB92-A19ACE5FB372}" = dir=in | app=c:\program files (x86)\hp\quickplay\qp.exe |
"{ADF486CE-39CE-4738-BFAE-4488FEFEA108}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AFBF49A6-A386-4437-9E7D-525A75A615E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B717A2B3-4481-4777-BA80-8CDB56624360}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{BA50BA66-4505-4404-A080-82006585EEE0}" = dir=in | app=c:\program files (x86)\hp\quickplay\qpservice.exe |
"{BECBAF99-1B57-47AE-A569-2BE13ED80759}" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{C46AFEFB-7B9C-482B-B823-9DE4FB8955AE}" = protocol=17 | dir=in | app=c:\programdata\tversity\media server\mediaserver.exe |
"{C4A03665-5452-4BD8-A0C9-910EA79D4EE0}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{D0A189B1-A4C8-43CA-AC7A-532CCCEF03E8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D27974C0-EFF9-4F11-9D1A-82636FD3BD1D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D9A36EB5-D3F8-4E47-BDFF-C45F4CC01D21}" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
"{E2D32A75-32C4-4FC1-BE22-15843DE67523}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E3D4ECA6-B820-48AC-888D-9CAF175151BC}" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E67635A2-5FE9-4502-9018-5088597019D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EA834021-5069-42DB-9C73-E8D7AD6A4EF4}" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\tversity\media server\mediaserver.exe |
"{EB82FB63-92AA-4CCF-9D0B-D409DC458042}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EE89FEBD-43E2-42E4-897C-6DC90A341AE8}" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update engine\sony ericsson update engine.exe |
"{F3BA256B-E533-466B-A89E-4CC36BEA392E}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{F81D2A28-D27A-4123-AC8A-2C31A3595A96}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FB051389-58DB-4B1B-A6DA-779880EE8299}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FBF96793-501E-456E-B094-579017E1D13C}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"TCP Query User{07ACD7EE-EEF6-4BBA-BB9C-D912CCDA1E47}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
"TCP Query User{261A80BD-4D0C-4996-B02A-50FE6DF0A628}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{32866BE9-BF36-4C06-93E3-0938700528FB}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"TCP Query User{403BFFEA-002C-4783-B0C6-9025F89A45F3}C:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{49126CA2-F548-4EFE-A9A4-3867B97BD9C0}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
"TCP Query User{502EA871-6E75-4C72-96E5-BB750C3EE765}C:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe |
"TCP Query User{51F87DF1-7006-4218-AFA7-E16BEDE51AF4}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{62CD31B1-09DD-408A-8C06-72FDD34CA979}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"TCP Query User{785A82A9-58A7-4803-B853-A063ABC25E85}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{7BC1D8A6-7062-490E-94C4-600F8C8C42B3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{81F8ABD1-753E-47CA-A4EA-3CBAF111A6F6}C:\program files (x86)\sony\media go\mediago.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
"TCP Query User{89119939-C758-432A-B939-02FFFCB5245B}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{8C435E8D-F256-4C43-93E2-0FE53F5D721A}C:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe |
"TCP Query User{97CD1A08-93D6-4B6A-BD1F-49A3F36F927A}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"TCP Query User{A162A9F4-1226-491E-8B82-8C0603E5D207}C:\program files (x86)\call graph\callgraph.exe" = protocol=6 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe |
"TCP Query User{B63A6E2D-472F-4E2B-9AB5-D92F206A0181}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{C6D7F057-EC38-4217-9187-6CFC1E401EFE}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
"TCP Query User{CF9CEF57-D437-47CD-A06E-BBBDC004AAF3}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{D56B63F7-1222-46DD-860C-D92D9483F6B8}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{D86A5CC6-D20D-4F13-90FF-C52A4B9D7A30}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=6 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"TCP Query User{EC6953FC-F57F-4661-929E-6D4D70CD0C83}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{EE6AE75C-0602-40C5-A141-755A16E926D7}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{F4F827A5-8C9F-42C0-AF62-C9B053FCB9F9}C:\program files (x86)\realvnc\vnc4\vncviewer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\realvnc\vnc4\vncviewer.exe |
"TCP Query User{FE946B54-C732-42B1-8FC4-EDFE68F1322D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{0A3AFF44-75B2-46E3-8B07-A83184ABECDA}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{117130E6-E56B-4E78-AE34-97FA1BCAD7E2}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{11845E98-BDFD-47E6-9F8E-9338642CED54}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{1D1CDB75-169F-44DC-A829-6A7D5856FD7D}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
"UDP Query User{233FF218-CEDB-427D-AF7C-00F5A882415E}C:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\maxthon2\maxthon.exe |
"UDP Query User{3142719F-3CF4-4B07-8BEF-9708C03FC09F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4AFEAB1A-B9E2-43A1-8165-3F8EDBE908E9}C:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\rockmelt\application\rockmelt.exe |
"UDP Query User{4E613889-3266-412D-B306-9E16C29F9E67}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{54007B65-8F22-4023-B8D4-C17C3689DB86}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{54B6AB3E-3A1C-4340-BD80-D032F267A14A}C:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kodak\kodak easyshare software\bin\easyshare.exe |
"UDP Query User{5AE7DC8A-58EB-4B76-BDAC-50C997DABF27}C:\program files (x86)\realvnc\vnc4\vncviewer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\realvnc\vnc4\vncviewer.exe |
"UDP Query User{6F64AB8E-9FD2-41DD-A77D-1084E548A0DC}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{76D00219-75B1-4AF1-9B7F-59B1D9CBE6D0}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\myphoneexplorer\myphoneexplorer.exe |
"UDP Query User{8DDD6206-AAF4-4F9D-9DB5-6CB8F80B21CD}C:\program files (x86)\sony\media go\mediago.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\media go\mediago.exe |
"UDP Query User{98669BB7-5379-4007-AE58-0EA8FB412451}C:\program files (x86)\call graph\callgraph.exe" = protocol=17 | dir=in | app=c:\program files (x86)\call graph\callgraph.exe |
"UDP Query User{A279343B-C27E-489A-A454-2348110595BE}C:\program files (x86)\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\update service\update service.exe |
"UDP Query User{A4850744-1A51-4486-BDDE-2B6EBF8CF548}C:\program files (x86)\keyholetv\keyholetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\keyholetv\keyholetv.exe |
"UDP Query User{AAFC4209-47B1-461C-A7C3-1ABABB168858}C:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony ericsson\mobile4\sync manager\dxp syncml.exe |
"UDP Query User{BA759497-9799-455C-ABFF-D8ADE806AA5E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CD5C482B-A12B-4420-AB77-DA620B1BBB82}C:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{CEEF58FC-9EAD-487F-B791-4A8D9AA3B31D}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe" = protocol=17 | dir=in | app=c:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe |
"UDP Query User{D65AE374-9939-4FFD-96F5-335AFA9E725F}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{D8372218-E410-4667-99AE-46EAC5D174B0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{EA7CA599-58B8-44BA-8765-05452E092FEA}C:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\psycho dunpeal\appdata\roaming\mjusbsp\magicjack.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484)
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{02DF3F55-D68C-44A2-8EAC-9988533BF681}" = Sun VirtualBox
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6000
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{11192F89-510C-4E23-A62A-D3BEA9139596}" = HP QuickTouch 1.00 C3
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{32939827-d8e5-470a-b126-870db3c69fd0}" = Python 2.7.1 (64-bit)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCF5515-4CC4-4812-8C9A-755336AB85F8}" = Logitech Motion Detector Gadget
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.0
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{88908767-B7AD-4b0d-ACBC-FBCCF2761D31}" = HP Photosmart All-In-One Software 9.0
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{91AF9255-01D7-4F8C-960B-CA2F4C8E7C99}" = Logitech QuickCapture Gadget
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF2CB1FE-FD46-4D85-8C63-5C46E825E177}" = Logitech QuickCam
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D611B241-28A0-4937-AF86-17565CAF9807}" = PC Suite for Sony Ericsson x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.55
"Defraggler" = Defraggler
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"lvdrivers_11.50" = Logitech QuickCam Driver Package
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Puran Defrag Free Edition_is1" = Puran Defrag Free Edition 7.1
"Puran Defrag_is1" = Puran Defrag 7.5
"Recuva" = Recuva
"Revo Uninstaller Pro Retail zoo_is1" = Revo Uninstaller Pro 2.4.1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sony Ericsson" = Sony Ericsson Symbian 9 Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeraCopy_is1" = TeraCopy 2.12
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004685F7-9FB6-4789-812F-59ABB34A55AF}" = Adobe Setup
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{00C908A6-8038-4101-909C-575D8B83B57D}" = PS3ThemeCreator
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}" = PC Suite for Sony Ericsson
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{250E9609-E830-43EB-B379-DAB7546A2422}" = muvee autoProducer 6.1
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.111.07020
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4586796C-C820-41FD-81FA-BF5AD8129C13}_is1" = Uninstall CDisplay
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A227323-822D-4C45-A89A-200701051990}" = yacib Portable Mp3
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77EC0035-AFBA-4A8C-814A-6A887224C1A1}" = DeskScapes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7ECEF10B-F1C2-4FD5-861F-A3FCB4653304}" = Adobe After Effects CS3 Third Party Content
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{865DB1C9-D5E4-408B-B37D-9927E605BD2D}" = ESU for Microsoft Vista
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}" = Vongo
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPRO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.VISIO_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPRO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.VISIO_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PRJPRO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.VISIO_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPRO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.VISIO_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PRJPRO_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
"{90140000-0054-0409-0000-0000000FF1CE}_Office14.VISIO_{CDC4310F-8189-485F-B47D-D972217CE173}" = Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
"{90140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
"{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{01D8AE4B-A04D-47E5-81BF-E3F98B81B8C3}" = Microsoft Visio 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
"{90140000-00B4-0409-0000-0000000FF1CE}_Office14.PRJPRO_{18A0C151-8F8A-4B68-A960-60C464B94329}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PRJPRO_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PRJPRO_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91E4F832-C899-406D-B620-6138AFB88D14}" = Machete Lite 3.6
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-004E-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector 32-bit
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AE010403-007D-11DD-A3C1-001636EEECBD}" = Google App Engine
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D95CD7BE-A894-4F6C-B9DF-578C3CB411D4}" = VLC
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE59B901-18EA-4CB9-ADE4-291BF5C1E12E}_is1" = MiniTool Partition Wizard Home Edition 7.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF9DB6BD-09B6-419C-BA2B-CBCD05291790}" = BE Limited III
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1252473-6306-4d5d-904D-B06AA7F38161}" = PC Suite for Sony Ericsson
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1" = TurboTax Audit Support Center 3.0
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EC07DA92-5054-4F0F-AA63-6B50441AF45B}" = LightScribe Diagnostic Utility
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.030
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3675c95c239b992d5d0ee8fce969b9e" = Adobe After Effects CS3 Third Party Content
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"BE Limited III" = BE Limited III
"Call Graph" = Call Graph
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CDisplay_is1" = CDisplay 1.8
"Cisco Connect" = Cisco Connect
"CleanUp!" = CleanUp!
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DeskScapes" = DeskScapes
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DVD43 Plug-in_is1" = DVD43 Plug-in v1.0.0.5
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.12.602
"Google Chrome" = Google Chrome
"HaaliMkx" = Haali Media Splitter
"Handbrake" = Handbrake 0.9.4
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HMIP50_is1" = Hide My IP 5.3
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"KC Softwares SUMo_is1" = KC Softwares SUMo
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"KeyHoleTV" = KeyHoleTV
"LogonStudio Vista" = LogonStudio Vista
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Maxthon3" = Maxthon 3
"Messenger Plus!" = Messenger Plus! 5
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)
"MPE" = MyPhoneExplorer
"Notepad++" = Notepad++
"Office14.PRJPRO" = Microsoft Project Professional 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.VISIO" = Microsoft Visio Premium 2010
"PowerISO" = PowerISO
"PSP Video 9" = PSP Video 9 5.04
"RealVNC_is1" = VNC Free Edition 4.1.3
"SHARP MX-M550 620 700 Series PC-Fax Driver" = SHARP MX-M550/620/700 Series PC-Fax Driver
"SHARP PCL6 T1 Printer Driver" = SHARP PCL6 T1 Printer Driver
"SHARP PS T1 Printer Driver" = SHARP PS T1 Printer Driver
"Sony Ericsson Themes Creator" = Sony Ericsson Themes Creator 4.16.2.6
"Soundman_is1" = Soundman 1.7.0
"SpeedFan" = SpeedFan (remove only)
"The Core Media Player" = The Core Media Player 4.0
"TomTom HOME" = TomTom HOME 2.7.6.2056
"TVersity Codec Pack" = TVersity Codec Pack 1.4
"TVersity Media Server" = TVersity Media Server 1.9.3
"Universal Extractor_is1" = Universal Extractor 1.6.1
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Sony Ericsson Update Service
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.1.11
"WildTangent hp Master Uninstall" = My HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"MusicManager" = Music Manager
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"RockMelt" = RockMelt
"uTorrent" = µTorrent
"WinDirStat" = WinDirStat 1.1.2
"Xilisoft Download YouTube Video" = Xilisoft Download YouTube Video

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/09/2012 05:29:25 PM | Computer Name = Evangelion | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29017

Error - 15/09/2012 05:29:25 PM | Computer Name = Evangelion | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29017

Error - 16/09/2012 03:02:04 AM | Computer Name = Evangelion | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 16/09/2012 03:02:13 AM | Computer Name = Evangelion | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 16/09/2012 03:25:45 AM | Computer Name = Evangelion | Source = MsiInstaller | ID = 11606
Description =

Error - 16/09/2012 03:25:45 AM | Computer Name = Evangelion | Source = MsiInstaller | ID = 11606
Description =

Error - 16/09/2012 03:25:45 AM | Computer Name = Evangelion | Source = MsiInstaller | ID = 1024
Description =

Error - 16/09/2012 05:48:30 PM | Computer Name = Evangelion | Source = Perflib | ID = 1023
Description =

Error - 16/09/2012 05:48:39 PM | Computer Name = Evangelion | Source = Perflib | ID = 1008
Description =

Error - 16/09/2012 05:48:39 PM | Computer Name = Evangelion | Source = Perflib | ID = 1023
Description =

[ DigitalPersona Pro Events ]
Error - 01/07/2010 09:09:12 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 06/07/2010 04:43:51 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 07/07/2010 02:03:35 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 20/07/2010 01:00:04 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 22/07/2010 12:31:26 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827075
Description = Agent cannot start. Description: Found other running Agent.

Error - 15/08/2010 10:40:10 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 25/03/2011 03:55:59 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 25/03/2011 03:56:10 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 30/03/2011 08:15:52 AM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 08/09/2012 01:53:12 PM | Computer Name = Evangelion | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ System Events ]
Error - 16/09/2012 04:57:19 PM | Computer Name = Evangelion | Source = HTTP | ID = 15021
Description =

Error - 16/09/2012 04:58:52 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7023
Description =

Error - 16/09/2012 04:58:52 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7023
Description =

Error - 16/09/2012 04:59:05 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7026
Description =

Error - 16/09/2012 04:59:41 PM | Computer Name = Evangelion | Source = DCOM | ID = 10016
Description =

Error - 16/09/2012 05:02:31 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7009
Description =

Error - 16/09/2012 05:02:31 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7000
Description =

Error - 16/09/2012 05:02:31 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7000
Description =

Error - 16/09/2012 05:06:47 PM | Computer Name = Evangelion | Source = Service Control Manager | ID = 7022
Description =

Error - 16/09/2012 05:23:24 PM | Computer Name = Evangelion | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3361550716-439296834-1023547113-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3361550716-439296834-1023547113-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4411094 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 607 bytes

User: LemTest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 897172 bytes
->Google Chrome cache emptied: 9005387 bytes
->Flash cache emptied: 647 bytes

User: Psycho Dunpeal
->Temp folder emptied: 1556499 bytes
->Temporary Internet Files folder emptied: 7435030 bytes
->Java cache emptied: 14846465 bytes
->FireFox cache emptied: 48756244 bytes
->Google Chrome cache emptied: 36747088 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 871375 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1254 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: LemTest

User: Psycho Dunpeal
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LemTest
->Flash cache emptied: 0 bytes

User: Psycho Dunpeal
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.61.5 log created on 09172012_023841

Files\Folders moved on Reboot...
C:\Users\Psycho Dunpeal\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Psycho Dunpeal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC3MP1O7\01[1].htm not found!
File\Folder C:\Users\Psycho Dunpeal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC3MP1O7\ADSAdClient31[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
Java(TM) 6 Update 26
Java(TM) 6 Update 2
Java version out of Date!
Adobe Flash Player11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox 4.0b7 Firefox out of Date!
Google Chrome 20.0.1132.57
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Windows Defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0 %
````````````````````End of Log``````````````````````
Farbar Service Scanner Version: 06-08-2012
Ran by Psycho Dunpeal (administrator) on 17-09-2012 at 03:38:11
Running from "C:\Users\Psycho Dunpeal\Desktop"
Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-09-11 06:22] - [2009-04-11 03:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7
C:\Windows\System32\drivers\afd.sys
[2012-02-16 01:40] - [2012-01-03 10:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-09 17:31] - [2012-03-30 08:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A
C:\Windows\System32\dnsrslvr.dll
[2011-04-14 07:31] - [2011-03-02 12:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0
C:\Windows\System32\mpssvc.dll
[2009-09-11 07:21] - [2009-04-11 03:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C
C:\Windows\System32\bfe.dll
[2009-09-11 07:15] - [2009-04-11 03:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-09-11 07:22] - [2009-04-11 03:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1
C:\Windows\System32\wscsvc.dll
[2009-09-11 07:14] - [2009-04-11 03:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A
C:\Windows\System32\wbem\WMIsvc.dll
[2009-09-11 07:19] - [2009-04-11 03:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-09-11 06:21] - [2009-04-11 03:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C
C:\Windows\System32\es.dll
[2009-09-11 06:21] - [2009-04-11 03:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF
C:\Windows\System32\cryptsvc.dll
[2012-06-13 09:43] - [2012-04-23 12:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-09-11 06:22] - [2009-04-11 03:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF
**** End of log ****
 
# AdwCleaner v2.002 - Logfile created 09/17/2012 at 03:40:18
# Updated 16/09/2012 by Xplode
# Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
# User : Psycho Dunpeal - EVANGELION
# Boot Mode : Normal
# Running from : C:\Users\Psycho Dunpeal\Desktop\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\Viewpoint
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}
***** [Registry] *****
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v4.0 (en-US)
Profile name : default
File : C:\Users\Psycho Dunpeal\AppData\Roaming\Mozilla\Firefox\Profiles\o4669fhz.default\prefs.js
Found : user_pref("surfcanyon.inst_id", "48635958149902065897820525257387");
Found : user_pref("surfcanyon.inst_timestamp", "1302457567253");
Found : user_pref("surfcanyon.last_seen_splash", "330");
Found : user_pref("surfcanyon.partner_code", "MZ");
-\\ Google Chrome v [Unable to get version]
File : C:\Users\Psycho Dunpeal\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\LemTest\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [3637 octets] - [17/09/2012 03:40:18]
########## EOF - C:\AdwCleaner[R1].txt - [3697 octets] ##########
 
Well, I surely can't know if you won't tell me :)

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.

===========================

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

============================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

==================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

13. Please, let me know, how your computer is doing.
 
Ok, it took me while but I did the steps. However, stupidly, the resulting logs from bot adwcleaner and otl got lost... cause my computer did some weird thing with windows update and shut down a it restarted so I could not save the contents and when I uninstalled adwclener I did not know it would have deleted the log as well... so I went searching for it and could not find it, I apologize... but I got everything done. thank you very much... it runs a bit better... still takes long to boot and shut down, but I'm not sure why.
 
In this forum, we make sure, your computer is free of malware and your computer is clean :)
Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Counter-Strike 2 now available as a free upgrade from Global Offensive
Replies
7
Views
579
bandit8623
B
midian182
Blizzard may have just confirmed that Diablo IV will receive annual expansions
Replies
4
Views
426
Bobbydpue
Bobbydpue
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back