Jump to content


Photo
- - - - -

Please help! Malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 06 June 2013 - 08:31 PM

Got some crazy malware on my computer the other day after a friend used it. I found out it is some sort of ransomware with other things mixed in.

 

 

Here is my hijackthis

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:11 PM, on 1/18/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
 
Running processes:
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATK Hotkey\HControlUser.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Microsoft Pinyin IME Migration] C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
O4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Windows\system32\oodtray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: APSHook.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\asus\NB Probe\SPM\spmgr.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
 
--
End of file - 10428 bytes
 

  • Damjeabsbib, Pronattetle and CrinkiGrada like this

#2 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 June 2013 - 01:11 PM

Sorry for the delay

Can you do the following please

 

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and right click on OTL.exe and choose to "Run as Administrator"
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.


 


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#3 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 07 June 2013 - 08:03 PM

Here are both log files
 
OTL logfile created on: 6/7/2013 9:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free
9.76 Gb Paging File | 8.05 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): d:\pagefile.sys 7000 7000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 20.20 Gb Free Space | 17.35% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32
 
Computer Name: DARKO | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2012/12/06 13:14:42 | 000,056,416 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/30 16:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008/06/19 15:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\asus\ASUS CopyProtect\ASPG.exe
PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\asus\SmartLogon\sensorsrv.exe
PRC - [2008/06/13 18:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/06/03 20:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\asus\Splendid\ACMON.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/13 01:52:09 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/01 18:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007/12/04 13:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\asus\ASUS Live Update\ALU.exe
PRC - [2007/11/04 22:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\asus\NB Probe\SPM\spmgr.exe
PRC - [2007/07/05 19:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/06 13:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2005/07/06 18:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/23 19:16:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/23 19:14:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\44fb632fb043f5b251d29b0ea750d4f4\System.Windows.Forms.ni.dll
MOD - [2013/02/26 20:04:02 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/01/14 14:46:06 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
MOD - [2013/01/14 14:46:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemWebsite removed for spammingntime.Remo#\b5df40c22ab563a816103629e2ca99d4\SystemWebsite removed for spammingntime.Remoting.ni.dll
MOD - [2013/01/14 14:45:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/14 14:45:13 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/14 14:43:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/14 14:43:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/03 21:24:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/10/05 17:08:58 | 000,089,600 | ---- | M] () -- C:\Program Files\DepositFiles\DF Manager\dfexex.dll
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\asus\ASUS Live Update\ALU.exe
MOD - [2007/11/12 18:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/19 09:55:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/29 22:48:59 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 16:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/11 13:07:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 08:34:59 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\asus\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/06 13:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 06:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (alak362o)
DRV - [2013/02/11 21:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/09/30 17:59:11 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/11/06 16:59:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/10/07 20:26:48 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/07 20:26:42 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/17 14:02:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/03 02:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/02 01:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/02/05 03:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2008/01/31 07:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/09/06 04:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\asus\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}
IE - HKCU\..\SearchScopes\{8E45FEA0-1C81-ECCA-B6C9-370EF2C40746}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z001&form=ZGAIDF
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB9}: "URL" = http://www.daemon-se...m/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12
FF - prefs.js..keyword.URL: "http://www.bing.com/...&form=ZGAADF&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/02/02 15:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/13 09:04:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/16 11:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/16 11:34:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]
 
[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Extensions
[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/05/23 14:11:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions
[2009/09/11 12:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/08 17:30:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/19 11:15:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2013/01/05 15:38:47 | 000,000,000 | ---D | M] ("Coupon Companion Plugin") -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]
[2011/07/19 11:15:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]
[2010/09/30 20:20:47 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]
[2013/01/05 15:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]\chrome\content\extensionCode
[2010/09/30 20:20:47 | 000,001,919 | ---- | M] () -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\searchplugins\bing-zugo.xml
[2008/11/06 17:03:17 | 000,000,523 | ---- | M] () -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\searchplugins\daemon-search.xml
[2011/07/21 16:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/18 08:20:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/27 18:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/10/09 08:41:59 | 000,024,683 | ---- | M] (Ask.com) -- C:\Program Files\mozilla firefox\plugins\NPAskSBr.dll
[2010/05/27 18:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\27.0.1453.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Angry Birds = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: AVG Safe Search = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
CHR - Extension: Plants vs Zombies = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Google Play Books = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0\
 
O1 HOSTS File: ([2010/10/11 10:37:10 | 000,000,875 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Coupon Companion Plugin) - {11111111-1111-1111-1111-110211181104} - C:\Program Files\Coupon Companion Plugin\Coupon Companion Plugin.dll (215 Apps)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 184.63.0.68 184.63.0.69
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2ADB75B-0B68-4CB7-828E-712F16D03929}: DhcpNameServer = 184.63.0.68 184.63.0.69
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jon\Desktop\MISC\bear.jpg
O24 - Desktop BackupWallPaper: C:\Users\jon\Desktop\MISC\bear.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\AutoRun\command - "" = winampxml/winxml.exe
O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\explore\command - "" = winampxml/winxml.exe
O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\open\command - "" = winampxml/winxml.exe
O33 - MountPoints2\{945815f3-97b1-11e0-9ce9-0015aff7be25}\Shell - "" = AutoRun
O33 - MountPoints2\{945815f3-97b1-11e0-9ce9-0015aff7be25}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f7f41516-ac45-11dd-8684-0015aff7be25}\Shell - "" = AutoRun
O33 - MountPoints2\{f7f41516-ac45-11dd-8684-0015aff7be25}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/07 21:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
[2013/05/28 14:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/28 14:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/23 18:41:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/23 18:34:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/23 18:34:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/23 18:34:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/23 18:34:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/23 18:34:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/23 18:34:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/23 18:34:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/22 16:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/22 16:13:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/06 17:31:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jon\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
[2013/06/07 21:15:17 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000UA.job
[2013/06/07 21:01:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/07 20:22:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 20:22:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 19:15:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000Core.job
[2013/06/07 13:35:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/06/06 23:01:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/06 17:45:12 | 000,646,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/06 17:45:12 | 000,121,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/04 12:24:04 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013/06/04 12:24:01 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/06/04 12:22:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/01 21:54:06 | 000,007,728 | ---- | M] () -- C:\Users\jon\AppData\Local\d3d9caps.dat
[2013/06/01 21:08:51 | 000,001,025 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/28 21:33:53 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/28 14:26:58 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/28 13:19:44 | 121,061,402 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/05/23 19:11:59 | 001,817,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/28 14:26:58 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/05 15:38:46 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/06/23 13:59:13 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2012/06/23 13:58:52 | 000,081,920 | ---- | C] () -- C:\Users\jon\AppData\Roaming\ezpinst.exe
[2012/03/19 17:15:35 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/03/19 17:15:35 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/03/19 17:15:35 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/03/19 17:15:35 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/03/19 17:15:35 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/03/13 18:56:15 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2012/03/13 18:56:15 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2012/03/13 18:56:14 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2012/03/13 18:56:12 | 000,000,287 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2012/03/13 17:46:10 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/06/16 19:26:26 | 000,000,131 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/12/09 09:13:19 | 000,007,728 | ---- | C] () -- C:\Users\jon\AppData\Local\d3d9caps.dat
[2008/11/16 20:49:17 | 000,000,087 | ---- | C] () -- C:\Users\jon\AppData\Roaming\default.pls
[2008/10/16 16:38:42 | 000,001,024 | ---- | C] () -- C:\Users\jon\.rnd
[2008/10/13 16:44:40 | 000,138,056 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PnkBstrK.sys
[2008/10/10 14:57:43 | 000,027,503 | ---- | C] () -- C:\Users\jon\AppData\Roaming\UserTile.png
[2008/10/08 01:24:50 | 000,061,678 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PFP100JPR.{PB
[2008/10/08 01:24:50 | 000,012,358 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PFP100JCM.{PB
[2008/10/07 00:10:25 | 000,213,504 | ---- | C] () -- C:\Users\jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/06 17:31:52 | 000,087,608 | ---- | C] () -- C:\Users\jon\AppData\Roaming\inst.exe
[2008/10/06 17:31:52 | 000,007,887 | ---- | C] () -- C:\Users\jon\AppData\Roaming\pcouffin.cat
[2008/10/06 17:31:52 | 000,001,144 | ---- | C] () -- C:\Users\jon\AppData\Roaming\pcouffin.inf
[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >
 
 

OTL Extras logfile created on: 6/7/2013 9:47:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 40.80% Memory free
9.76 Gb Paging File | 8.05 Gb Available in Paging File | 82.52% Paging File free
Paging file location(s): d:\pagefile.sys 7000 7000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 20.20 Gb Free Space | 17.35% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32
 
Computer Name: DARKO | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-786761826-326466964-904364766-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B462C9-00C8-4819-BD66-7462ACDE60CC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0E01F701-47F2-4255-AD8E-EE1339A9C5AA}" = lport=138 | protocol=17 | dir=in | app=system | 
"{0EF27661-BD17-4A3B-981A-FDDB1C528C32}" = rport=138 | protocol=17 | dir=out | app=system | 
"{13F76425-F88D-4A0A-BC1D-B54C44C44E99}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{18164A52-9BBC-46DA-B796-AAC3AAF6F460}" = lport=445 | protocol=6 | dir=in | app=system | 
"{30AE62EF-6F64-44ED-A493-08C29D3F265A}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{352DD092-A50F-43C7-8A2D-1D4F07B1FB76}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{3F2F9B13-09D6-452D-86F4-70BE0B3603F2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{4318F2A3-3133-4764-B545-8F41D4F05D9F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{456554D1-3583-44BF-9893-FB3121190380}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{45665A8D-8EF2-485A-8594-09E3F1CD5D45}" = lport=18957 | protocol=6 | dir=in | name=bitcomet 18957 tcp | 
"{51156C29-EADB-4AB2-BA46-1C7BFFA382A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5D4C3CB0-E211-46D3-97DA-623F2CA5A045}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{6B23D044-F747-491A-9B51-203688495BBD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{74AF53AF-1E13-4170-8E6C-8A115B5C1FBE}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8ED46341-FA64-48F5-B55E-07E0973AAFE4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9E9E3C50-C499-47EE-A860-B029F925AF1F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{A195FCD4-DFA7-4843-8C99-B160379F3F97}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B8364E07-B39F-4B33-8904-CD6D3B4C45ED}" = lport=18957 | protocol=17 | dir=in | name=bitcomet 18957 udp | 
"{BD77F43B-3BFB-4CEB-8B68-4D0B7B440C5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C07C238B-CF18-467E-836B-448D2B8E4336}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C13540D4-8D3E-49EB-BC30-0EA4BD274D41}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{C8C9F523-B102-4BA5-9ADD-47083A469D33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CCF7BB05-2A88-4096-848B-A8370456F78A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D4EE886D-9F80-46BC-8D4D-91218C24B009}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DAF546EE-FAEF-4D2C-8DE4-E8AD2C9A1828}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DDB8D9B0-DD45-4E35-876E-8754A3702380}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E5EF0B83-CDB3-4A2A-B805-E8A018F3D52B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E7852801-6B9E-4F96-B810-AF4C6E141A97}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F83965F8-E032-47EE-85A2-20A84D623678}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07C06AD4-C720-48F1-9A07-4315E7AB9B03}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{08FB1A58-8B11-4467-972B-A116B117A935}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{09184C3A-06BA-4979-B6C4-070FC6C42680}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1108F534-8F8F-4A09-B6BF-1BD26B04E946}" = protocol=58 | dir=out | [email protected],-28546 | 
"{1145DC08-B6F9-4044-99F1-974B21878A18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{1266609D-7380-4660-9C2F-D602FF812701}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{138AB438-1D76-4AD9-AA9E-B79D8DE9220D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{13EDD066-154C-4C4E-B6BC-F94D740A63D4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15CC2335-0970-4B99-B0B4-37FA860731C6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B0F2922-9379-4F1A-9E77-D65B795C1645}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{21C93282-2080-413F-9C3F-7CD444D62522}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{22BD9F25-C16D-4A87-A35C-3830B5441654}" = protocol=6 | dir=in | app=d:\games\steamapps\common\alien swarm\srcds.exe | 
"{25814C2E-EAF1-4AA9-AA56-1CF881228514}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{26E72028-1C44-4A72-84E7-43A5DE7D43D5}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{2A20BB1A-90A5-4C5F-9C44-C22CF65D1E01}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | 
"{2B2B8FFF-ECF1-4019-8B48-0FBCF275A9F5}" = protocol=1 | dir=in | [email protected],-28543 | 
"{2F56DFA3-CB6D-4E79-A1DC-F8304EA7A928}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3324F778-E576-421C-BB00-F3427D7A9172}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{37E9AA3F-BB1E-4E28-A4D9-AB0A70BF2808}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{394DFB92-ED55-477E-8C0A-E16EA42FAA65}" = protocol=6 | dir=in | app=d:\games\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{396E2A50-0124-450D-9D8B-84F8D4CD50AB}" = protocol=17 | dir=in | app=d:\games\bfbc2updater.exe | 
"{3C55131A-6BE8-4203-82D6-AB6FEAA6E5DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{40A47172-8B0E-48B9-BE5F-509E93CB7D06}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{40DCD445-0999-45DE-8400-9D0CD80B925C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{42C2ACDE-0C2E-43CE-AB5E-FA2C435B59B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{43065A1A-5B96-434E-8044-41B3F6668196}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4439B019-E259-496B-84B7-52D7011D8CFE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{464FCA46-DF15-4168-81CB-EFBC00C60446}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{46C1BD81-2E57-4615-912C-96D95CAC968C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{48539187-FD9B-48D0-AC58-65A348FEE56E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4873A2D5-E0DA-441D-B694-B8A8B9FFB75F}" = protocol=6 | dir=in | app=d:\games\bfbc2updater.exe | 
"{48B3A8C7-6584-471B-9CCF-A306A6C8D1C5}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{498B9DDD-7B5F-48C0-ADF2-B21ACD49DDEB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{4C4088D8-8FB3-4469-B8B5-D4B62EE8361B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | 
"{4D565372-9940-4E81-81B7-3DBC40EEFD7D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{50069171-AD67-4F9B-8EF0-50514690ADC4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51D79620-676E-40B1-8239-CC4525C17A35}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{51FF6449-4447-4BFF-8133-40A9E8209DB1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{54FA5958-41CE-4A93-8B41-C3610FEF69B5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{5748280E-0AD2-4ED0-BED7-2AFA120C516E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{57A49E8B-FD3D-47FD-87E2-F20FBFD4C90D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{6258AD7B-682A-4C55-9409-2B5EB42C8FA0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{659284F2-4DDB-457A-95B2-80F18BBAAE3C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{66783391-3B4A-4AEE-BF60-52807CA39AD3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{670101E5-31D8-43C3-AA4F-81D9F83D8527}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{68A8BAB8-C7CC-42C3-BC52-BF304B7109B4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6B98140E-69C6-4AA7-A969-3001A8C2E064}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"{6BA2B211-729F-4AF0-99B8-3FCD4D2B71A5}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{6C8BD5B1-755F-4663-BE34-12DFE9523D43}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{71CEFDE8-9EA8-43E6-9397-84D02D3DDA41}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{734B3A66-7C0D-45D9-B6CD-BEFA0A63BAB9}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{734D312F-F5E2-4D53-B503-D824DDE1DB7C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | 
"{736D19E6-E137-45BC-B27B-128E37C93EB4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{78A8C242-56AD-497C-8CA9-E5D87360A683}" = protocol=17 | dir=in | app=d:\games\steamapps\common\alien swarm\srcds.exe | 
"{7902734C-047E-4748-AE22-B29B8FA174A5}" = protocol=17 | dir=in | app=d:\games\steamapps\common\left 4 dead\left4dead.exe | 
"{79143EE0-428C-4753-ACFC-B009AC3F45BA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{7B6A73AB-C0F4-4E33-BFE4-3A74D4F645E2}" = protocol=17 | dir=in | app=d:\games\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{7E5DFB86-F8C0-4433-B606-946CD2351A0E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{7FE5C52A-6717-451A-98D6-9FF5CC138044}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{844D48EF-9AEA-4A4D-910A-71172AE10AC2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | 
"{84B2C349-939E-4207-9D42-F50D896921CC}" = protocol=6 | dir=out | app=system | 
"{85C4CB5A-9633-4DDD-B602-1EF6E58BA34D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8759A6BD-9ED2-447E-A1AD-B3D544CEF5FB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8771D1C2-F518-4615-B7D1-D7179A6F9B63}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{877FB153-5355-4459-A14E-EF6E5ADF7AF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{88B9A68D-0207-4B85-A3A8-5B8FF7163E0E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{8975A666-7C60-49FD-9848-BF96C2C1B6DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8E40AE49-6D90-41BA-965B-5214665391B6}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{8E9E7F86-CA86-46FF-9140-1ED4A36DF8A7}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{8F3929F5-6CD0-4B75-A0DA-5D0D1F269945}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{931B72CD-AEAE-4849-B8D2-0C9331F8DA03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{935F4AB3-B181-4805-863F-A6852C3D3AAB}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{95CD2B7B-2F0D-474D-9448-7D4EA017DA31}" = protocol=6 | dir=in | app=d:\games\steamapps\darko2021\counter-strike source\hl2.exe | 
"{97591052-F926-4946-A235-DA3E129598EA}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{985297CD-A83E-4A07-8742-7187BC2E8A5B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{98E4A951-425B-44CE-B096-398A09D9DFBD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9A17322D-EC15-4CB4-9FA7-5A2F37CC3102}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9C5243D9-4F6F-4361-AB03-294A62B2B4AA}" = protocol=6 | dir=in | app=d:\games\steamapps\common\left 4 dead\left4dead.exe | 
"{9E0C0026-B3C3-4FB8-80E7-30A603D6AC0B}" = protocol=58 | dir=in | [email protected],-28545 | 
"{9E6E39F8-4761-4169-92CD-91E48FF23962}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe | 
"{9E89FC40-EA11-467D-89C4-5073F3BCCDC5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{9F65C1E3-EC1A-45A6-8CEF-D010C4002ACA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{A577D0E7-579F-4188-917A-560AA219C0FB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A921172C-727E-42E3-B562-6071E815A279}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA1456A1-27D2-4855-8BF6-DF661E1F1E03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AA9F0708-0D9E-4E41-9466-49F70AEBD05C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AB339203-F160-4C78-9A9D-7886C0B5F404}" = protocol=17 | dir=in | app=d:\games\steamapps\darko2021\counter-strike source\hl2.exe | 
"{ACA4087A-FE5F-46E4-802C-81645968BEAD}" = dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"{B5BDE513-D126-4B9D-B17E-DE83F6A30E6A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B5EC30C3-AC57-4242-87F9-6A61793AB542}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{B7829D91-1123-4381-9C26-AF96EBD5F1B0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B8EC88F4-7189-4B0D-8BCC-AFD7C01388C7}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{B9D9FFD7-66D4-454D-B32A-717BBBAD2E79}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{BF55A4E4-B74E-4C9B-8F27-43EA8518037B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF6A3BDD-D075-4E8F-A47A-622AD6381661}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C062D66C-DA30-4432-8F11-911B63BF6AD6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{C2E31DE7-0AFD-4F5B-9E31-1484F86A480B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C4932FF9-416A-4491-B97B-699CD59D6CAC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C5AFE920-4BCE-486E-9195-DC7AB4CD657A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB6CC5B0-BB54-43BD-A609-90A0EC6D104F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{CE14F2FC-28BB-41E7-B38B-F222C8B3E3E0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CED714FE-B240-476F-8081-99077DE9EE3C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0B8DF5D-6F95-4D2D-9246-00779CBA2B80}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{D2178DC7-9519-4A96-83B6-ED975672B1B4}" = protocol=1 | dir=out | [email protected],-28544 | 
"{D21C09B8-B4DE-40E4-B9E9-EC8C499D4B13}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D40AEE2F-9A64-4C8F-9A20-A12E74CC3535}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{D5C26C52-76C9-4A81-9CF4-FD87F54F3F7F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D6C698E9-6B68-4A38-9D40-D5C443030E1F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{D73186C6-D999-4A76-A882-5061B25624A6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D9073820-24A4-4F56-A6E4-BCB9EBDCEF06}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{DD56CCA1-E2C3-45CA-82BF-AEBE2EA32289}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E109F337-F1D6-4C45-A4F7-8A16752F6BA4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E185B133-2934-4FDC-8B07-289A86956FCE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E244CE5E-7012-4EB2-AECB-83F7A4792E4D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E2607982-A92D-4771-AD96-C9CD5CF0BB51}" = dir=in | app=c:\program files\hobbyist software\vlc setup helper\vlc setup helper.exe | 
"{E5FDDE13-396B-4675-A9D2-36D4F3712F30}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E67F4B80-27ED-4949-A742-8193C87D3475}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | 
"{E77F645F-DD23-4786-9283-5ED97579191B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{EB46BCFA-FC1D-44D3-A3FF-D8B35D496B5E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{EE45FE6B-C100-465A-AA78-E91A2CD92528}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{F0EC8910-12FF-449B-A291-5C14AB444B39}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F2570391-DD5F-4C72-BDA0-3887579EF417}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F3088AC2-D52C-477B-88AB-BD472334E684}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4E2A4F9-D458-4D9D-8321-420E050D761A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F5D40493-A041-4270-8DC5-039578F4D916}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6CBC5B8-3EAF-428C-A4BC-648755A6F30B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F80D0ABA-D64E-43AF-9A10-FCF99409D2DC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FC71404A-727B-4FE7-9846-9CC3D292C398}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{FC979439-45AB-463E-BFE7-408952CFB16A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{196D431A-BD3B-444C-AA76-28384FD0BD5D}D:\games\steamapps\darko2021\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\games\steamapps\darko2021\team fortress 2\hl2.exe | 
"TCP Query User{22FE4C63-2C55-405F-968B-7C3CB96D01D8}C:\program files\valve\steam\steamapps\darko2021\age of chivalry\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\age of chivalry\hl2.exe | 
"TCP Query User{45E1BB66-998D-48AB-BAE4-D257E934357D}C:\program files\valve\steam\steamapps\darko2021\zombie panic! source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\zombie panic! source\hl2.exe | 
"TCP Query User{5D84F7A6-161F-4694-BCE5-683E8B024746}C:\program files\valve\steam\steamapps\darko2021\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\counter-strike source\hl2.exe | 
"TCP Query User{7DB1A4CB-F71B-41F1-AEA8-3D7A366469C1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{8918F30D-B467-464B-BEB1-4E378C3DF653}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{8B1D1DD4-BE0E-4D05-A25B-CF03867A4620}C:\program files\valve\steam\steamapps\darko2021\synergy\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\synergy\hl2.exe | 
"TCP Query User{AC8EB5ED-D7CB-4C68-89FC-1DB7EEE60037}D:\games\farcry 2\dead space.exe" = protocol=6 | dir=in | app=d:\games\farcry 2\dead space.exe | 
"TCP Query User{B169F2D6-3DF9-435D-A7D3-5B91E8E1DE49}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{B9BA5578-0337-47BC-9430-6A265799B1F0}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
"TCP Query User{C134A713-271C-4436-99F4-E22161D182B1}D:\games\new folder\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\games\new folder\gearbox software\borderlands\binaries\borderlands.exe | 
"TCP Query User{C67D31E6-DE5D-416A-BEFF-F7830D9EA7F3}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"TCP Query User{D09D2663-7CDD-483B-9735-C446B4859470}D:\games\bfbc2game.exe" = protocol=6 | dir=in | app=d:\games\bfbc2game.exe | 
"TCP Query User{E4563B44-B7B7-4A81-84E9-F98480FE5A48}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{E6C5B59B-56E6-4F20-B8FE-EF4B108A95F0}C:\program files\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=6 | dir=in | app=c:\program files\hobbyist software\vlc setup helper\mdnsresponder.exe | 
"TCP Query User{E942A1F6-7C75-4B82-B89C-114D03C57D92}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{14E12747-3DBD-4DCF-BD1E-7F752B9074BF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{3F1D5EA0-F12D-42E0-BEF4-276E1EB7FA12}C:\program files\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero8\nero home\nerohome.exe | 
"UDP Query User{4666F010-C1C2-469C-BA4D-1E625147ECE9}C:\program files\valve\steam\steamapps\darko2021\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\counter-strike source\hl2.exe | 
"UDP Query User{4F31D161-F15D-4931-BBF6-84F5A4EA36B3}D:\games\bfbc2game.exe" = protocol=17 | dir=in | app=d:\games\bfbc2game.exe | 
"UDP Query User{643E4A29-F5CC-46C3-868B-20F408AE4072}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{7BA02B89-BA2C-4FDD-9698-5A29D667BC15}C:\program files\valve\steam\steamapps\darko2021\zombie panic! source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\zombie panic! source\hl2.exe | 
"UDP Query User{8168B742-C78F-49EF-981C-9A6BA4D4D92E}D:\games\steamapps\darko2021\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\games\steamapps\darko2021\team fortress 2\hl2.exe | 
"UDP Query User{8ECCE918-F103-4EF5-8BC7-7F50B1B2592B}D:\games\new folder\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\games\new folder\gearbox software\borderlands\binaries\borderlands.exe | 
"UDP Query User{9D3A778E-84A8-41E7-83AB-C65D04864C4C}C:\program files\valve\steam\steamapps\darko2021\age of chivalry\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\age of chivalry\hl2.exe | 
"UDP Query User{B857C17C-9A83-437B-87E7-FB7304F801B7}C:\program files\valve\steam\steamapps\darko2021\synergy\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\darko2021\synergy\hl2.exe | 
"UDP Query User{B91BD8A8-C4CA-4937-A463-1CBACB025999}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{BA717E85-A281-44E4-BD26-C83E71BFE93A}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{C3056BCA-3BC7-49E5-B5DC-8CC7E67A16C9}C:\program files\hobbyist software\vlc setup helper\mdnsresponder.exe" = protocol=17 | dir=in | app=c:\program files\hobbyist software\vlc setup helper\mdnsresponder.exe | 
"UDP Query User{C63FB5E7-9D18-4B61-A946-B1FAF8E82A6B}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{D1AD394D-4A1D-4EFD-9D62-34561F684E44}D:\games\farcry 2\dead space.exe" = protocol=17 | dir=in | app=d:\games\farcry 2\dead space.exe | 
"UDP Query User{F4BFE766-74F2-470B-9A7A-0BF5029F7F69}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software  1.12.37.1
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{024DE942-267A-4B60-A1C0-70C1163E0355}" = CCC Help Korean
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{11E568E0-3244-4BCB-875E-F334269DFDCB}" = iTunes
"{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{21E2508C-D5F4-44C6-C224-456DDA341BBB}" = CCC Help Turkish
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{32D2E8C3-452A-69E9-21CF-C55E0612C974}" = CCC Help Chinese Traditional
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40580068-9B10-40B5-9548-536CE88AB23C}" = ITECIR
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4453AA9B-867A-17DB-C429-E9A64F0FB77F}" = CCC Help Finnish
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English
"{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50C1A63E-4653-9DBE-E8E4-28DF2778BED0}" = CCC Help Polish
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56504C77-8B9F-4EB2-B33B-C5B9F50B5D64}" = AVG 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.01
"{5A89BFD5-12DB-038F-DBCE-58832B82D824}" = CCC Help Norwegian
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EF15AAF-42AC-4CF6-B4B4-C4F0D1D92122}" = Far Cry (Patch 1.4)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{85D10697-A1D4-472A-2114-E07A77019BE1}" = CCC Help Japanese
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87909077-445C-976C-0D23-D6C367B422D6}" = CCC Help Danish
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD0171B-2ED1-311C-882E-AD3EC3A77A7E}" = CCC Help Czech
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0404-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Traditional)) 2007
"{90120000-0015-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0804-0000-0000000FF1CE}" = Microsoft Office Access MUI (Chinese (Simplified)) 2007
"{90120000-0015-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0015-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0404-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Traditional)) 2007
"{90120000-0016-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0804-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Chinese (Simplified)) 2007
"{90120000-0016-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0404-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Traditional)) 2007
"{90120000-0018-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0804-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Chinese (Simplified)) 2007
"{90120000-0018-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0404-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Traditional)) 2007
"{90120000-0019-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0804-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Chinese (Simplified)) 2007
"{90120000-0019-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0404-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Traditional)) 2007
"{90120000-001A-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0804-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Chinese (Simplified)) 2007
"{90120000-001A-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0404-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Traditional)) 2007
"{90120000-001B-0404-0000-0000000FF1CE}_PROHYBRIDR_{7B317D54-6465-4DD1-9F08-41C3CD537B4E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0804-0000-0000000FF1CE}" = Microsoft Office Word MUI (Chinese (Simplified)) 2007
"{90120000-001B-0804-0000-0000000FF1CE}_PROHYBRIDR_{D3741006-6134-4F44-80B9-0000D0E3B11B}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_PROHYBRIDR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0404-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Traditional)) 2007
"{90120000-001F-0404-0000-0000000FF1CE}_PROHYBRIDR_{E4E8AF9E-0F8C-40E8-950A-CA40B7138049}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_PROHYBRIDR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_PROHYBRIDR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_PROHYBRIDR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0804-0000-0000000FF1CE}" = Microsoft Office Proof (Chinese (Simplified)) 2007
"{90120000-001F-0804-0000-0000000FF1CE}_PROHYBRIDR_{0454BB31-DAD9-400F-9E06-45B36D4BA53B}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0028-0404-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Traditional)) 2007
"{90120000-0028-0404-0000-0000000FF1CE}_PROHYBRIDR_{55F3B092-C18B-4E04-9E53-F794641B39F4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0028-0804-0000-0000000FF1CE}" = Microsoft Office IME (Chinese (Simplified)) 2007
"{90120000-0028-0804-0000-0000000FF1CE}_PROHYBRIDR_{803AB362-E418-4474-84E6-8ABFAF8D3A1E}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0404-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Traditional)) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0804-0000-0000000FF1CE}" = Microsoft Office Proofing (Chinese (Simplified)) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0404-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Traditional)) 2007
"{90120000-006E-0404-0000-0000000FF1CE}_PROHYBRIDR_{B1249A88-9E86-41F6-8942-848B01D2C316}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0804-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Chinese (Simplified)) 2007
"{90120000-006E-0804-0000-0000000FF1CE}_PROHYBRIDR_{91C1AA33-F2CE-460B-A989-1F7C0051FFCD}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9087C601-4B52-C0F0-D4EF-4C98DEC1D6B0}" = CCC Help Portuguese
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91B82CC7-F33E-211B-DFD6-0A91B637B455}" = CCC Help Greek
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{925A0B4E-F885-997B-8A74-E8E7A2FAC049}" = CCC Help French
"{925F1DB6-E86E-4378-9091-D1F68B0583C9}" = iCloud
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96B7FD92-0D96-7C04-5D1C-D6CF70202403}" = CCC Help Hungarian
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99B46780-2967-4E49-8009-9AE8FD9B612A}" = AVG 2011
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A18E4E3A-5013-E319-AB36-4FDE7483AA5D}" = CCC Help Spanish
"{A2A04DAA-094C-27EA-0CDF-E02A778FD761}" = ccc-utility
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1" = Free FLAC to MP3 Converter 1.0
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A8C4C48C-EE3D-F934-D312-99B7793E9740}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB0030F2-DA47-FABF-D3F2-903FA253D56D}" = CCC Help Thai
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEF106F8-2689-4530-925A-E1117836E8CD}" = Google SketchUp 7
"{C1611681-E8F9-4C89-A6A4-36DD0DA6E089}_is1" = DepositFiles FileManager 0.9.9.206
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8ABF7D-B3F7-D774-645B-0DCD0297D9FA}" = CCC Help German
"{CD9A1574-197A-156D-9D8C-39D68AE9B7A6}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{D7C73761-237A-2B01-6DB5-E76276223C3B}" = CCC Help Italian
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D8D4AF9A-6ADE-4B14-A7F5-BA858792729E}" = ASUS Security Protect Manager
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DD082978-011E-7058-8252-15E2E1AAFABB}" = CCC Help Dutch
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E14035D2-EE43-4C3D-AC15-1CD7B7FEC055}" = Photosynth 2.0110.317.1042
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F34D6DAE-7777-5C40-E143-8A0D6A048F75}" = ATI Catalyst Install Manager
"{F93A2813-BD5A-4A05-84E2-72A51E22A13F}" = Mega Manager
"{FA3B4B32-D753-672D-842C-946644FEFC0A}" = CCC Help Swedish
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF6FA054-25B9-1CA2-D22A-DFD87735E9F6}" = CCC Help Chinese Standard
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ant Movie Catalog_is1" = Ant Movie Catalog
"AVG" = AVG 2011
"Avi2Dvd" = Avi2Dvd 0.6.1
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CCleaner" = CCleaner (remove only)
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Comical_is1" = Comical 0.8
"ComicRack" = ComicRack v0.9.46
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Coupon Companion Plugin" = Coupon Companion Plugin
"Download Manager" = Download Manager 2.3.10
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 9_is1" = DVDFab 9.0.2.8 (01/03/2013) Qt
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.1 Home Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"FormatFactory" = FormatFactory 2.95
"Glary Utilities_is1" = Glary Utilities 2.13.0.686
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"HandBrake" = HandBrake 0.9.6
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"ImgBurn" = ImgBurn
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InvelosDVDProfiler_is1" = DVD Profiler Version 3.6.1
"JDownloader" = JDownloader
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"NewBlue 3D Explosions for Windows" = NewBlue 3D Explosions for Windows
"NewBlue 3D Transformations for Windows" = NewBlue 3D Transformations for Windows
"NewBlue Art Blends for Windows" = NewBlue Art Blends for Windows
"NewBlue Art Effects for Windows" = NewBlue Art Effects for Windows
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NewBlue Motion Blends for Windows" = NewBlue Motion Blends for Windows
"NewBlue Motion Effects for Windows" = NewBlue Motion Effects for Windows
"NewBlue Video Essentials for Windows" = NewBlue Video Essentials for Windows
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"PS3 Media Server" = PS3 Media Server
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"PunkBusterSvc" = PunkBuster Services
"RapidShare Manager" = RapidShare Manager
"Shop for HP Supplies" = Shop for HP Supplies
"SpeedFan" = SpeedFan (remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total Video Converter 3.71_is1" = Total Video Converter 3.71 100812
"TuneUp Utilities" = TuneUp Utilities
"USB2.0 1.3M UVC WebCam" = USB2.0 1.3M UVC WebCam
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VLC Setup Helper_is1" = VLC Setup Helper
"WBFS Manager 3.0" = WBFS Manager 3.0
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"iTunes Agent 1.3.4" = iTunes Agent 1.3.4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 18
 
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 19
 
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 20
 
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 21
 
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
 
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
 
Error - 6/4/2013 12:38:24 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
 
Error - 6/4/2013 12:40:38 PM | Computer Name = Darko | Source = Bonjour Service | ID = 100
Description = Client application bug: DNSServiceResolve(ec:85:2f:33:51:[email protected]::ee85:2fff:fe33:511c._apple-mobdev._tcp.local.)
 active for over two minutes. This places considerable burden on the network.
 
Error - 6/5/2013 5:23:01 PM | Computer Name = Darko | Source = Application Error | ID = 1000
Description = Faulting application ATH.exe, version 17.287.0.14, time stamp 0x4fb5bca5,
 faulting module SSLEAY32.dll, version 0.9.9.1, time stamp 0x4b6b775e, exception
 code 0xc0000005, fault offset 0x0000ca0a,  process id 0x16ec, application start time
 0x01ce62328f535526.
 
Error - 6/7/2013 9:46:05 PM | Computer Name = Darko | Source = Application Error | ID = 1000
Description = Faulting application HijackThis.exe, version 2.0.0.4, time stamp 0x4bac0c48,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x733f74b2,  process id 0x1448, application start time 0x01ce6326566c7aa0.
 
[ ASUS Security Protect Manager Events ]
Error - 4/13/2010 1:24:20 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:24:25 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:24:33 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:24:37 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:25:45 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:25:56 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:26:00 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:26:05 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 4/13/2010 1:26:11 PM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
Error - 8/20/2011 11:29:17 AM | Computer Name = Darko | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected.    User: [email protected] Credentials:
 Password   Error: (0xC516020B) The system could not log you on.  Verify your user
 name and domain are correct and then type your password again.  Letters in passwords
 must be typed using the correct case.  Verify that Caps Lock is off.
 
[ OSession Events ]
Error - 6/16/2009 9:25:11 AM | Computer Name = Darko | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 3/13/2013 11:09:24 AM | Computer Name = Darko | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1895
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 6/1/2013 5:20:12 PM | Computer Name = Darko | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 6/1/2013 5:20:12 PM | Computer Name = Darko | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 6/1/2013 5:20:12 PM | Computer Name = Darko | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 6/1/2013 5:20:35 PM | Computer Name = Darko | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 6/1/2013 5:20:44 PM | Computer Name = Darko | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 6/1/2013 5:20:54 PM | Computer Name = Darko | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 6/1/2013 9:41:49 PM | Computer Name = Darko | Source = DCOM | ID = 10005
Description = 
 
Error - 6/1/2013 10:11:33 PM | Computer Name = Darko | Source = Microsoft-Windows-ResourcePublication | ID = 1002
Description = 
 
Error - 6/4/2013 12:24:55 PM | Computer Name = Darko | Source = DCOM | ID = 10016
Description = 
 
Error - 6/4/2013 12:27:58 PM | Computer Name = Darko | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description = 
 
 
< End of report >
 

 



#4 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 07 June 2013 - 08:38 PM

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Delete.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete post the logs back here, keep me informed how things are now running


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#5 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 08 June 2013 - 06:13 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows Vista ™ Home Premium x86
Ran by jon on Sat 06/08/2013 at  8:08:04.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{22222222-2222-2222-2222-220222182204}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\system32\turegopt.exe"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Users\jon\AppData\Roaming\microsoft\windows\start menu\programs\free ride games"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\hj43tfiy.default\searchplugins\bing-zugo.xml
Successfully deleted: [Folder] C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\hj43tfiy.default\extensions\[email protected]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted the following from C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\hj43tfiy.default\prefs.js
 
user_pref("[email protected]", true);
Emptied folder: C:\Users\jon\AppData\Roaming\mozilla\firefox\profiles\hj43tfiy.default\minidumps [1 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jneaojaoiajhnemidnjhoempalnidbhj
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 06/08/2013 at  8:11:28.18
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#6 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 08 June 2013 - 06:15 AM

# AdwCleaner v2.302 - Logfile created 06/08/2013 at 07:53:28
# Updated 06/06/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : jon - DARKO
# Boot Mode : Normal
# Running from : C:\Users\jon\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
File Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\searchplugins\daemon-search.xml
File Deleted : C:\Windows\system32\conduitEngine.tmp
File Deleted : C:\Windows\Uninstall.exe
Folder Deleted : C:\Program Files\Coupon Companion Plugin
Folder Deleted : C:\Program Files\Search Toolbar
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheBflix
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\jon\AppData\Local\Coupon Companion Plugin
Folder Deleted : C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Deleted : C:\Users\jon\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\jon\AppData\LocalLow\AskSBar
Folder Deleted : C:\Users\jon\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\Conduit
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\ConduitCommon
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\ConduitEngine
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\CT2786678
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]
Folder Deleted : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\[email protected]
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{37476589-E48E-439E-A706-56189E2ED4C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AskSBar Uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16483
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v3.5.9 (en-US)
 
File : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\prefs.js
 
C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\user.js ... Deleted !
 
Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Sat Dec 01 2012 18:55:37 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129575151151403741", true);
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "23-5-2013");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Thu May 23 2013 14:11:22 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Mar 13 2012 14:27:40 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 413);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu May 23 2013 14:11:22 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156813729834876", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "12-8-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Fri Aug 12 2011 14:15:58 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsInitSetupIni", true);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.18.0.7");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.OriginalFirstVersion", "3.5.0.12");
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "Bing");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu May 23 2013 14:11:20 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu May 23 2013 14:11:20 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Thu May 23 2013 14:11:20 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1369296774");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu May 23 2013 14:11:19 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN33213532962182557");
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Mar 13 2012 14:27:40 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e.:2z527", "247E707571777278333228702A7B797B7B7E30273224262[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D6E716D6E7272746F");
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737477737478787A75242F4B4947[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT2786678.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "3C3D6C6F404374457A45487276204C7D784D25222322502A26[...]
Deleted : user_pref("CT2786678.backendstorage./[email protected]:5;", "");
Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "6F3B716F6B7141457A70767948494C494E4A504D50");
Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6E716D6E72747173737175");
Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2786678.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6E6B");
Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "547565204D617220313320323031322031343A32373A34352[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F746462616E6B2E636F6D2F6578632F68746[...]
Deleted : user_pref("CT2786678.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333133313733303230363331");
Deleted : user_pref("CT2786678.components.1000034", false);
Deleted : user_pref("CT2786678.components.1000234", false);
Deleted : user_pref("CT2786678.components.129295698017012804", false);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu May 23 2013 14:11:22 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", false);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,111,1000234,12978945045459[...]
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu May 23 2013 14:11:21 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "[email protected]");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "[email protected]");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri Aug 12 2011 14:15:58 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 13 2012 14:27:47 GMT-0400 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Mar 13 2012 14:27:39 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "b4637f22-1ac5-4709-9ebe-218a57da0a21");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Mar 13 2012 14:27:41 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "99c19bf0-9270-49a6-b2fc-e14eb69d56a2");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 23 2013 14:11:2[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu May 23 2013 14:11:28 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu May 23 2013 14:11:20 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "01dc6a76-d9da-43a5-81be-a1ace04bd61f");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Dayl[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Mar 13 2012 14:27:44 GMT-0400 (Eastern Da[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "08/12/2011 21");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Jul 21 2011 16:16:56 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Day[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Mar 13 2012 14:27:45 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Mar 13 2012 14:27:43 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("ConduitEngine.UserID", "UN50266112501409237");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 13 2012 14:27:43 GMT-0400 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Mar 13 2012 14:27:43 GMT-0400 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.3499ur3ur4hfsudfs.scode", "\n(function(){var bdomains={\"search.babylon.com\":[...]
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111387");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 13);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "d8fc2e690000000000000015afcdf804");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15410");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 13);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1711:23:56");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.5");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 70223315);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1711:23:56");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111387");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d8fc2e690000000000000015afcdf804");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "d8fc2e690000000000000015afcdf804");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15410");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:23:56");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.crossriderapp21804.adsOldValue", -1);
Deleted : user_pref("extensions.snipit.askTbInstalled", true);
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [34731 octets] - [08/06/2013 07:53:28]
 
########## EOF - C:\AdwCleaner[S1].txt - [34792 octets] ##########
 


#7 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 June 2013 - 07:24 AM

Reopen OTL.exe and choose to Run a Scan, when done, post the log that opens>> OTL.txt

 

In addition: Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Can you please keep me informed how things are now running!

 


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#8 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 08 June 2013 - 01:02 PM

OTL logfile created on: 6/8/2013 2:54:38 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\jon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 63.15% Memory free
9.75 Gb Paging File | 8.68 Gb Available in Paging File | 89.02% Paging File free
Paging file location(s): d:\pagefile.sys 7000 7000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116.44 Gb Total Space | 20.04 Gb Free Space | 17.21% Space Free | Partition Type: NTFS
Drive D: | 106.68 Gb Total Space | 1.10 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive G: | 7.39 Gb Total Space | 6.99 Gb Free Space | 94.56% Space Free | Partition Type: FAT32
 
Computer Name: DARKO | User Name: jon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
PRC - [2013/05/02 22:56:07 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2012/08/01 04:48:54 | 002,345,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/09/09 03:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/08/18 01:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011/05/23 14:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009/10/30 16:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008/06/19 15:18:12 | 000,154,168 | ---- | M] (ASUS) -- C:\Program Files\asus\ASUS CopyProtect\ASPG.exe
PRC - [2008/06/18 01:10:24 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files\asus\SmartLogon\sensorsrv.exe
PRC - [2008/06/13 18:22:14 | 000,191,032 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2008/06/03 20:29:08 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\asus\Splendid\ACMON.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008/02/13 01:52:09 | 004,915,200 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/02/01 18:17:26 | 000,233,472 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2008/01/23 13:51:28 | 000,151,552 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
PRC - [2007/12/04 13:57:06 | 002,486,272 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\asus\ASUS Live Update\ALU.exe
PRC - [2007/11/04 22:48:06 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTranAgt.exe
PRC - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/15 14:20:16 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\asus\NB Probe\SPM\spmgr.exe
PRC - [2007/07/05 19:53:44 | 001,040,384 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2007/02/06 13:29:59 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe
PRC - [2005/07/06 18:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/23 19:16:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/23 19:14:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\44fb632fb043f5b251d29b0ea750d4f4\System.Windows.Forms.ni.dll
MOD - [2013/02/26 20:04:02 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll
MOD - [2013/01/14 14:46:06 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\9b2eef59d0cfc5aff182d0951de5f040\Accessibility.ni.dll
MOD - [2013/01/14 14:46:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SystemWebsite removed for spammingntime.Remo#\b5df40c22ab563a816103629e2ca99d4\SystemWebsite removed for spammingntime.Remoting.ni.dll
MOD - [2013/01/14 14:45:30 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/14 14:45:13 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/14 14:43:55 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/14 14:43:48 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/08/03 21:24:04 | 000,270,336 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009/10/05 17:08:58 | 000,089,600 | ---- | M] () -- C:\Program Files\DepositFiles\DF Manager\dfexex.dll
MOD - [2008/09/16 21:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/08/05 02:03:04 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008/06/03 03:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008/01/23 18:34:42 | 007,766,016 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
MOD - [2008/01/12 01:40:10 | 000,098,304 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControlUser.exe
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\asus\ASUS Live Update\ALU.exe
MOD - [2007/11/12 18:41:50 | 000,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\MsgTran.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/31 16:02:52 | 007,391,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/09/19 09:55:54 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/29 22:48:59 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009/10/30 16:05:48 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009/10/30 16:01:00 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008/11/11 13:07:16 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2)
SRV - [2008/03/18 00:27:11 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 00:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2007/08/31 14:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 08:34:59 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007/08/03 15:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\asus\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007/02/06 13:29:59 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/06/21 06:13:59 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASChnl.dll -- (ASChannel)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\NSNDIS5.SYS -- (NSNDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (atjsgy5n)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2013/02/11 21:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2012/11/12 05:47:48 | 000,255,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/05/27 19:05:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/09/30 17:59:11 | 000,099,344 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdLH3.sys -- (AtiHDAudioService)
DRV - [2009/10/14 08:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/06/11 19:34:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/04/11 00:43:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BTHPRINT.SYS -- (BTHprint)
DRV - [2008/11/06 16:59:33 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008/10/07 20:26:48 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/07 20:26:42 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/17 14:02:48 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/06/03 06:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/03 02:41:51 | 000,015,928 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2008/05/29 13:21:02 | 000,015,416 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\lullaby.sys -- (lullaby)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/05/02 01:59:39 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/05 21:56:08 | 000,908,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/03/21 00:12:59 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/02/15 20:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/02/05 03:52:23 | 000,206,464 | ---- | M] (eMPIA Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etFilter.sys -- (FiltUSBET)
DRV - [2008/01/31 07:18:57 | 000,006,528 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etScan.sys -- (ScanUSBET)
DRV - [2008/01/20 22:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/12/18 20:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007/09/06 04:43:49 | 000,474,624 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\etDevice.sys -- (DCamUSBET)
DRV - [2007/08/03 00:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\asus\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007/07/30 14:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 13:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/24 14:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007/06/17 00:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/02 03:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\speedfan.sys -- (speedfan)
DRV - [2001/07/13 13:56:14 | 000,014,976 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SBKUPNT.SYS -- (SBKUPNT)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.asus.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E45FEA0-1C81-ECCA-B6C9-370EF2C40746}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z001&form=ZGAIDF
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://google.com"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.5.0.12
FF - prefs.js..keyword.URL: "http://www.bing.com/...&form=ZGAADF&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jon\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2012/02/02 15:05:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2013/04/13 09:04:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/16 11:34:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/08 07:53:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/08 21:15:10 | 000,000,000 | ---D | M]
 
[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Extensions
[2011/01/02 11:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/06/08 08:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions
[2009/09/11 12:14:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/08 17:30:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\hj43tfiy.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/07/21 16:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/18 08:20:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/27 18:18:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\USERS\JON\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HJ43TFIY.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
[2010/05/27 18:18:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Ask Toolbar Plugin Stub (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files\Download Manager\npfpdlm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\jon\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: BIODIGITAL HUMAN = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: Angry Birds = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Plants vs Zombies = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Google Play Books = C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.8_0\
 
O1 HOSTS File: ([2010/10/11 10:37:10 | 000,000,875 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (ASUS Security Protect Manager) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CognizanceTS] C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASTSVCC.dll (Cognizance Corporation)
O4 - HKLM..\Run: [HControlUser] C:\Program Files\ATK Hotkey\HcontrolUser.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2ADB75B-0B68-4CB7-828E-712F16D03929}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (APSHook.dll) - C:\Windows\System32\APSHook.dll (Cognizance Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jon\Desktop\MISC\bear.jpg
O24 - Desktop BackupWallPaper: C:\Users\jon\Desktop\MISC\bear.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\AutoRun\command - "" = winampxml/winxml.exe
O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\explore\command - "" = winampxml/winxml.exe
O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\open\command - "" = winampxml/winxml.exe
O33 - MountPoints2\{945815f3-97b1-11e0-9ce9-0015aff7be25}\Shell - "" = AutoRun
O33 - MountPoints2\{945815f3-97b1-11e0-9ce9-0015aff7be25}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f7f41516-ac45-11dd-8684-0015aff7be25}\Shell - "" = AutoRun
O33 - MountPoints2\{f7f41516-ac45-11dd-8684-0015aff7be25}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck lsdelete)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (autocheck OODBS)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/06/08 08:01:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/08 08:00:53 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/08 07:50:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\jon\Desktop\JRT.exe
[2013/06/07 21:45:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
[2013/05/28 14:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/05/28 14:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/05/28 14:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/05/23 18:41:51 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/05/23 18:34:31 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/05/23 18:34:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/05/23 18:34:31 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/05/23 18:34:31 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/05/23 18:34:30 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/05/23 18:34:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/05/23 18:34:29 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/05/22 16:13:18 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2013/05/22 16:13:15 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2008/10/06 17:31:52 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\jon\AppData\Roaming\pcouffin.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/06/08 14:53:56 | 000,890,839 | ---- | M] () -- C:\Users\jon\Desktop\SecurityCheck.exe
[2013/06/08 14:52:06 | 000,646,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/06/08 14:52:06 | 000,121,158 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/06/08 14:47:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 14:47:14 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/08 14:47:12 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/08 14:46:27 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013/06/08 14:46:24 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2013/06/08 14:45:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/08 09:28:31 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/06/08 09:15:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000UA.job
[2013/06/08 09:01:17 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/08 07:50:53 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\jon\Desktop\JRT.exe
[2013/06/08 07:49:52 | 122,496,639 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2013/06/08 07:49:18 | 000,640,135 | ---- | M] () -- C:\Users\jon\Desktop\AdwCleaner.exe
[2013/06/07 21:45:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jon\Desktop\OTL.exe
[2013/06/07 19:15:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-786761826-326466964-904364766-1000Core.job
[2013/06/07 13:35:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/06/01 21:54:06 | 000,007,728 | ---- | M] () -- C:\Users\jon\AppData\Local\d3d9caps.dat
[2013/06/01 21:08:51 | 000,001,025 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/28 14:26:58 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/05/23 19:11:59 | 001,817,728 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/08 14:53:49 | 000,890,839 | ---- | C] () -- C:\Users\jon\Desktop\SecurityCheck.exe
[2013/06/08 07:49:09 | 000,640,135 | ---- | C] () -- C:\Users\jon\Desktop\AdwCleaner.exe
[2013/05/28 14:26:58 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/05 15:38:46 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/06/23 13:59:13 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2012/06/23 13:58:52 | 000,081,920 | ---- | C] () -- C:\Users\jon\AppData\Roaming\ezpinst.exe
[2012/03/19 17:15:35 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2012/03/19 17:15:35 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2012/03/19 17:15:35 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2012/03/19 17:15:35 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2012/03/19 17:15:35 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2012/03/13 18:56:15 | 000,014,976 | ---- | C] () -- C:\Windows\System32\drivers\SBKUPNT.SYS
[2012/03/13 18:56:15 | 000,013,312 | ---- | C] () -- C:\Windows\System32\DEVLOAD.EXE
[2012/03/13 18:56:14 | 000,000,543 | ---- | C] () -- C:\Windows\SWISV3.INI
[2012/03/13 18:56:12 | 000,000,287 | ---- | C] () -- C:\Windows\SKNIFE.INI
[2012/03/13 17:46:10 | 000,002,799 | ---- | C] () -- C:\Windows\SKLANG.INI
[2011/06/16 19:26:26 | 000,000,131 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2008/12/09 09:13:19 | 000,007,728 | ---- | C] () -- C:\Users\jon\AppData\Local\d3d9caps.dat
[2008/11/16 20:49:17 | 000,000,087 | ---- | C] () -- C:\Users\jon\AppData\Roaming\default.pls
[2008/10/16 16:38:42 | 000,001,024 | ---- | C] () -- C:\Users\jon\.rnd
[2008/10/13 16:44:40 | 000,138,056 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PnkBstrK.sys
[2008/10/10 14:57:43 | 000,027,503 | ---- | C] () -- C:\Users\jon\AppData\Roaming\UserTile.png
[2008/10/08 01:24:50 | 000,061,678 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PFP100JPR.{PB
[2008/10/08 01:24:50 | 000,012,358 | ---- | C] () -- C:\Users\jon\AppData\Roaming\PFP100JCM.{PB
[2008/10/07 00:10:25 | 000,213,504 | ---- | C] () -- C:\Users\jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/06 17:31:52 | 000,087,608 | ---- | C] () -- C:\Users\jon\AppData\Roaming\inst.exe
[2008/10/06 17:31:52 | 000,007,887 | ---- | C] () -- C:\Users\jon\AppData\Roaming\pcouffin.cat
[2008/10/06 17:31:52 | 000,001,144 | ---- | C] () -- C:\Users\jon\AppData\Roaming\pcouffin.inf
[2008/07/01 22:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll
[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 02:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
 
< End of report >
 


#9 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 08 June 2013 - 01:07 PM

Here are the security results
 
 Results of screen317's Security Check version 0.99.64  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG Anti-Virus Free Edition 2011   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Out of date HijackThis  installed! 
 Spybot - Search & Destroy 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 HijackThis 2.0.2    
 TuneUp Utilities    
 TuneUp Utilities Language Pack (en-US) 
 CCleaner (remove only)   
 Java™ 6 Update 20  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
  Adobe Flash Player 10.1.102.64 Flash Player out of Date!  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox (3.5.9) Firefox out of Date!  
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgtray.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 


#10 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 08 June 2013 - 05:58 PM

how are things running on your end now???


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#11 darko2021

darko2021

    Journeyman

  • Members
  • PipPip
  • 38 posts

Posted 08 June 2013 - 07:36 PM

Much better does it look like everything is ok now?



#12 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 09 June 2013 - 12:04 PM

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then double click on it to run it

Click the START SCAN, when done
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.
=========================================================

Let's get some of your software updated and more secure
Your copy of Mozilla Firefox is outdated and insecure...
Can you open your copy of Firefox, click on HELP>>ABOUT and allow Firefox to update
Restart firefox when prompted... Keep checking for updates till you have them all
 
NEXT: Your version of Adobe Flash is outdated
Download the Adobe Flash uninstaller from the following link
http://download.macr...lash_player.exe
 
Save it to your desktop, close all open browsers
Right click on the uninstaller and choose to "Run as Admin"
Ok all prompts.. After uninstalled, delete the uninstaller
We'll update Flash in a bit
 
NEXT:
Your copies of Adobe Reader and Sun Java are outdated and insecure
Keep all browser windows closed
Access "Programs and Features" in Control Panel and uninstall your versions of Adobe Reader and Sun Java
This includes the following:
Adobe Reader 8.3.1
and Java 6 Update 20
 
reboot the computer afterwards:
Back in Windows please do the following:
 
Update Flash: Download and save the installers to the latest version of Flash
Save both these installers to desktop, close all open browser windows
Then right click on each installer, and "Run as Admin" and install each copy
One for IE, the other for other Browsers
http://download.macr...11_active_x.exe
http://download.macr...r_11_plugin.exe

You can delete the installers after updating
Go and update Sun Java from the following link
http://java.com/en/download/index.jsp
Careful when installing, ensure to uncheck the option for any additional software, such as Google chrome, mcafee security scan, etc..

After installation, update Adobe Reader from the following link:
http://get.adobe.com/reader/
Again uncheck any additional software

If you have any External hard drives or thumbdrives... Scan them with your AntiVirus software and ensure no infected files are present
 
======================================= 
Double click on OTL.exe and Run it
  • Under the Custom Scans/Fixes box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please

    :OTL
    IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope =
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\AutoRun\command - "" = winampxml/winxml.exe
    O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\explore\command - "" = winampxml/winxml.exe
    O33 - MountPoints2\{6ee29fcd-fdee-11dd-96c7-0015aff7be25}\Shell\open\command - "" = winampxml/winxml.exe
    O33 - MountPoints2\{945815f3-97b1-11e0-9ce9-0015aff7be25}\Shell - "" = AutoRun
    O33 - MountPoints2\{945815f3-97b1-11e0-9ce9-0015aff7be25}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{f7f41516-ac45-11dd-8684-0015aff7be25}\Shell - "" = AutoRun
    O33 - MountPoints2\{f7f41516-ac45-11dd-8684-0015aff7be25}\Shell\AutoRun\command - "" = F:\FarCryAutoCD.exe
    [2013/06/08 08:00:53 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/08 07:50:48 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\jon\Desktop\JRT.exe
    [2013/06/08 14:53:56 | 000,890,839 | ---- | M] () -- C:\Users\jon\Desktop\SecurityCheck.exe
    [2013/06/08 07:49:09 | 000,640,135 | ---- | C] () -- C:\Users\jon\Desktop\AdwCleaner.exe

    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyTemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

Let me know again if things are still running good please

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#13 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 17 June 2013 - 10:31 PM

No reply from topic starter in awhile, locking this topic

 


Do you want to post your own logs from FRST?
Follow the instructions posted Click Here