Jump to content

Might be infected... [logs]


v05

Recommended Posts

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Please post the contents of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself. Thanks!

Link to post
Share on other sites

Hey, thanks for the reply.. Even though a .txt file cannot infect you.. here are the two log files :)

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16453 BrowserJavaVersion: 10.9.2

Run by **MyComputerUsername** at 18:55:09 on 2013-01-13

Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.4095.2216 [GMT 0:00]

.

AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\system32\dwm.exe

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\atieclxx.exe

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\system32\WLANExt.exe

C:\WINDOWS\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files\Plantronics\GameCom780\GameCom780.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\puush\puush.exe

C:\Program Files (x86)\WhatPulse\whatpulse.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

C:\Users\**MyComputerUsername**\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\wwahost.exe

C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe

C:\Program Files\PeerBlock\peerblock.exe

C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe

C:\Users\**MyComputerUsername**\AppData\Local\Temp\Rar$EXa0.367\procexp64.exe

C:\Program Files (x86)\RAMRush\RAMRush.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe

C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit = userinit.exe,

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll

BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [puush] C:\Program Files (x86)\puush\puush.exe

uRun: [WhatPulse] "C:\Program Files (x86)\WhatPulse\whatpulse.exe"

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\**MyComputerUsername**\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\**MyComputerUsername**\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\**MyComputerUsername**\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{3498901D-731E-4233-9CB5-A9A130E5A07A} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{E57C0336-7B7C-4E8F-AF2B-288D22E8E578} : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch

x64-Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

x64-Run: [intelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

- Please note this isnt a hijack, just me avoiding my ISP block

Hosts: 93.182.132.111 thepiratebay.se

Hosts: 93.182.132.111 www.thepiratebay.se

Hosts: 93.182.132.111 thepiratebay.org

Hosts: 93.182.132.111 www.thepiratebay.org

Hosts: 93.182.132.111 piratebay.se

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7Ba84a47e4-4326-4ef8-aa1f-b679ad36e402%7D&mid=626fd34cc71b47d08652d16f6bf7990e-483b9eba199c28e3dfc2fe8ff0a1ec33b6985b61&ds=AVG&v=12.2.5.34〈=en&pr=pr&d=2012-09-12%2016%3A21%3A37&sap=ku&q=

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll

FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll

FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll

FF - ExtSQL: 2012-11-14 20:28; battlefieldplay4free@ea.com; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\battlefieldplay4free@ea.com

FF - ExtSQL: 2012-12-07 06:16; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2012-12-08 00:36; {F003DA68-8256-4b37-A6C4-350FA04494DF}; C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF - ExtSQL: 2012-12-19 17:05; jsdeobfuscator@adblockplus.org; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\jsdeobfuscator@adblockplus.org.xpi

FF - ExtSQL: 2012-12-19 17:07; {e968fc70-8f95-4ab9-9e79-304de2a71ee1}; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

FF - ExtSQL: 2012-12-19 19:16; {bb6bc1bb-f824-4702-90cd-35e2fb24f25d}; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

FF - ExtSQL: 2012-12-26 08:17; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

FF - ExtSQL: 2013-01-12 17:39; badge@darktrojan.net; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\badge@darktrojan.net.xpi

FF - ExtSQL: 2013-01-12 17:39; donottrackplus@abine.com; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\donottrackplus@abine.com

FF - ExtSQL: 2013-01-12 17:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: 2013-01-12 17:53; adblockpopups@jessehakanen.net; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\adblockpopups@jessehakanen.net.xpi

FF - ExtSQL: 2013-01-12 18:09; masterpasswordtimeoutplus@vano; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\masterpasswordtimeoutplus@vano

FF - ExtSQL: 2013-01-12 18:09; SkipScreen@SkipScreen; C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\SkipScreen@SkipScreen.xpi

FF - ExtSQL: !HIDDEN! 2012-07-18 20:10; adblockpopups@jessehakanen.net; C:\Program Files (x86)\Mozilla Firefox\extensions\adblockpopups@jessehakanen.net.xpi

FF - ExtSQL: !HIDDEN! 2012-08-31 13:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Program Files (x86)\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - ExtSQL: !HIDDEN! 2012-08-31 13:34; jsdeobfuscator@adblockplus.org; C:\Program Files (x86)\Mozilla Firefox\extensions\jsdeobfuscator@adblockplus.org.xpi

FF - ExtSQL: !HIDDEN! 2012-10-01 21:47; tilt@mozilla.com; C:\Program Files (x86)\Mozilla Firefox\extensions\tilt@mozilla.com

.

---- FIREFOX POLICIES ----

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: network.http.max-persistent-connections-per-server - 4

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\WINDOWS\System32\Drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\WINDOWS\System32\Drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\WINDOWS\System32\Drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\WINDOWS\System32\Drivers\avgrkx64.sys [2012-9-14 40800]

R0 SCMNdisP;General NDIS Protocol Driver;C:\WINDOWS\System32\Drivers\SCMNdisP.sys [2012-12-31 25312]

R1 Avgfwfd;AVG network filter service;C:\WINDOWS\System32\Drivers\avgfwd6a.sys [2012-9-4 50296]

R1 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\System32\Drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\WINDOWS\System32\Drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgwfpa;AVG Firewall Driver;C:\WINDOWS\System32\Drivers\avgwfpa.sys [2012-11-26 208736]

R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-7-4 238080]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]

R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-6 53888]

R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 IDMWFP;IDMWFP;C:\WINDOWS\System32\Drivers\idmwfp.sys [2012-11-21 165112]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-27 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-27 682344]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-25 1494144]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2013-1-9 305200]

R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\WINDOWS\System32\Drivers\bcmwlhigh664.sys [2013-1-5 1256192]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\Drivers\LEqdUsb.sys [2012-9-18 78648]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\Drivers\LHidEqd.sys [2012-9-18 15160]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2012-12-27 24176]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2012-12-24 24176]

R3 PlantronicsGC;PLTGC Interface;C:\WINDOWS\System32\Drivers\PLTGC.sys [2012-12-7 1327104]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]

S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\WINDOWS\System32\Drivers\avgboota.sys [2012-10-26 20912]

S2 BstHdAndroidSvc;BlueStacks Android Service;"C:\Program Files (x86)\BlueStacks\HD-Service.exe" BstHdAndroidSvc Android --> C:\Program Files (x86)\BlueStacks\HD-Service.exe [?]

S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe --> C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\WINDOWS\System32\Drivers\tap0901t.sys [2012-12-22 31232]

S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]

S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2012-12-22 745368]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [2012-11-13 14544]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2013-01-13 01:04:40 -------- d-----w- C:\Program Files (x86)\RAMRush

2013-01-12 21:16:39 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\Sony

2013-01-12 21:16:39 -------- d-----w- C:\Program Files\Sony

2013-01-12 21:16:39 -------- d-----w- C:\Program Files (x86)\Sony

2013-01-11 22:34:56 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2013-01-11 22:34:56 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2013-01-11 22:34:55 262704 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll

2013-01-11 22:34:55 116272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe

2013-01-11 22:34:54 74288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2013-01-11 22:34:52 19504 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll

2013-01-10 16:37:34 -------- d-----w- C:\ProgramData\BlueStacksSetup

2013-01-10 16:37:32 -------- d-----w- C:\ProgramData\BlueStacks

2013-01-10 15:20:42 80728 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2013-01-10 15:20:42 695640 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2013-01-09 21:37:59 718848 ----a-w- C:\WINDOWS\System32\BFE.DLL

2013-01-09 21:24:15 96784 ----a-w- C:\WINDOWS\SysWow64\Packet.dll

2013-01-09 21:24:15 53299 ----a-w- C:\WINDOWS\SysWow64\pthreadVC.dll

2013-01-09 21:24:15 47632 ----a-w- C:\WINDOWS\System32\drivers\npf.sys

2013-01-09 21:24:15 281104 ----a-w- C:\WINDOWS\SysWow64\wpcap.dll

2013-01-09 21:24:12 -------- d-----w- C:\Program Files (x86)\NETGEAR

2013-01-06 10:52:05 96784 ----a-w- C:\WINDOWS\SysWow64\Packcbc8.rra

2013-01-06 10:52:05 281104 ----a-w- C:\WINDOWS\SysWow64\wpcacd3f.rra

2013-01-05 18:11:28 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\ICSharpCode

2013-01-05 18:07:16 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\Red Gate

2013-01-05 17:44:44 95544 ----a-w- C:\WINDOWS\System32\bcmwlcoi.dll

2013-01-05 17:44:44 1256192 ----a-w- C:\WINDOWS\System32\drivers\bcmwlhigh664.sys

2013-01-05 17:44:43 3900928 ----a-w- C:\WINDOWS\System32\bcmihvsrv64.dll

2013-01-05 17:44:43 3566592 ----a-w- C:\WINDOWS\System32\bcmihvui64.dll

2013-01-05 17:44:43 1721576 ----a-w- C:\WINDOWS\System32\WdfCoInstaller01009.dll

2013-01-03 16:48:55 580608 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UK2000 scenery\UK2000 London City Xtreme\uninstall.exe

2013-01-03 16:47:09 137025 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal Hornet Sampler.exe

2013-01-03 16:46:05 92870 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\unRAASProfessional_Locked_FSX.exe

2013-01-03 16:46:05 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\RAASPRO

2013-01-03 16:43:14 403968 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X Extended Base\Panel_Fallback\ND\AB_ND_GDI.dll

2013-01-03 16:43:13 1003520 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X Extended Base\Panel_Fallback\DLLs\fmgs.dll

2013-01-03 16:43:12 69632 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X Extended Base\Panel_Fallback\DLLs\FBW.dll

2013-01-03 16:43:12 25600 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X Extended Base\Panel_Fallback\DLLs\AsInput.dll

2013-01-03 16:41:11 109056 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A321 Extended IAE\panel\ASC.DLL

2013-01-03 16:40:55 109056 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A321 Extended CFM\Panel\ASC.DLL

2013-01-03 16:40:35 109056 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 Extended IAE\Panel\ASC.DLL

2013-01-03 16:40:13 109056 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 Extended CFM NEO\Panel\ASC.DLL

2013-01-03 16:39:49 109056 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X Extended Base\Panel_Fallback\ASC.DLL

2013-01-03 16:39:49 109056 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\Aerosoft Airbus X A320 Extended CFM\Panel\ASC.DLL

2013-01-03 16:39:30 558320 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Flight Recorder\AS-FlightRecorderManager.exe

2013-01-03 16:39:29 237296 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Flight Recorder\AS-FlightRecorder.dll

2013-01-03 16:39:28 946176 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Airbus X Extended\AirbusXConnectExtended.exe

2013-01-03 16:39:28 877896 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Uninstall_Airbus-X-Extended.exe

2013-01-03 16:39:28 655872 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\aerosoft\Airbus X Extended\Aerosoft.AirbusX.FuelPlanner.exe

2013-01-03 16:35:14 -------- d-----w- C:\Program Files (x86)\Shockwave 3D Lights Redux

2013-01-02 23:50:38 -------- d-----w- C:\Program Files (x86)\Realtek

2013-01-02 23:50:32 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2013-01-02 23:50:32 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2013-01-02 23:50:32 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2013-01-02 23:50:32 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2013-01-02 23:50:31 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2013-01-02 23:50:31 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2013-01-02 23:50:31 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2013-01-02 23:50:31 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2013-01-02 23:50:31 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2013-01-02 23:34:09 -------- d-----w- C:\Program Files (x86)\Lua

2013-01-02 18:27:54 -------- d--h--w- C:\$SysReset

2013-01-01 20:57:13 -------- d-----w- C:\WINDOWS\System32\appmgmt

2012-12-31 16:55:43 25312 ----a-w- C:\WINDOWS\System32\drivers\SCMNdisP.sys

2012-12-31 16:34:18 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\assembly

2012-12-31 16:20:08 96784 ----a-w- C:\WINDOWS\SysWow64\Pack141f.rra

2012-12-31 13:30:10 96784 ----a-w- C:\WINDOWS\SysWow64\Pack756e.rra

2012-12-30 01:13:13 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\WhatPulse

2012-12-29 15:21:28 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\AVG2013

2012-12-29 14:46:25 -------- d-----w- C:\Program Files (x86)\FileASSASSIN

2012-12-29 14:45:02 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\Avg2013

2012-12-29 14:33:24 -------- d-----w- C:\ProgramData\TuneUp Software

2012-12-29 14:32:58 -------- d-sh--w- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-12-28 22:53:56 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\Subversion

2012-12-28 22:52:35 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\NetBeans

2012-12-28 22:52:35 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\NetBeans

2012-12-28 22:48:22 -------- d-----w- C:\Program Files\glassfish-3.1.2.2

2012-12-28 22:36:14 -------- d-----w- C:\Program Files\NetBeans 7.2.1

2012-12-28 22:28:56 -------- d-----w- C:\Users\**MyComputerUsername**\.nbi

2012-12-28 18:51:28 237992 ----a-w- C:\WINDOWS\System32\drivers\VBoxDrv.sys

2012-12-28 18:51:24 120232 ----a-w- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys

2012-12-28 18:50:54 -------- d-----w- C:\Program Files\Oracle

2012-12-28 15:56:10 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\QFX Software

2012-12-28 15:56:10 -------- d-----w- C:\ProgramData\QFX Software

2012-12-28 15:31:40 108008 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll

2012-12-27 23:56:08 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\Malwarebytes

2012-12-27 23:55:42 -------- d-----w- C:\ProgramData\Malwarebytes

2012-12-27 23:55:37 24176 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

2012-12-27 23:55:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-12-25 17:48:22 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2012-12-25 17:48:21 -------- d-----r- C:\Users\**MyComputerUsername**\SkyDrive

2012-12-25 17:48:09 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2012-12-25 17:19:40 461464 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2012-12-25 16:59:29 -------- d-----w- C:\Program Files\Microsoft Office 15

2012-12-25 11:07:22 21712 ----a-w- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS

2012-12-25 11:05:38 -------- d-----w- C:\Program Files\CPUID

2012-12-25 11:02:32 -------- d-----w- C:\ProgramData\Acer

2012-12-24 23:35:14 -------- d-----w- C:\Program Files\PeerBlock

2012-12-23 22:51:47 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\SCE

2012-12-23 19:58:15 -------- d-----w- C:\wamp2

2012-12-23 16:26:07 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center

2012-12-23 12:39:16 374777 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\UnInstUtEur.exe

2012-12-22 14:11:34 -------- d-----w- C:\Program Files (x86)\REX

2012-12-22 11:37:24 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\Tunngle

2012-12-22 11:37:24 -------- d-----w- C:\ProgramData\Tunngle

2012-12-22 11:37:23 31232 ----a-w- C:\WINDOWS\System32\drivers\tap0901t.sys

2012-12-22 11:37:19 -------- d-----w- C:\Program Files (x86)\Tunngle

2012-12-22 09:28:51 183296 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\JustFlight\SpaceShuttle\SSLauncher\mwgfx.dll

2012-12-22 09:28:02 238080 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\JustFlight\SpaceShuttle\SSLauncher\mwgfx24.dll

2012-12-22 09:27:59 1980696 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\JustFlight\SpaceShuttle\SSLauncher\SSTLaunch.exe

2012-12-21 23:17:36 -------- d-----w- C:\Program Files (x86)\FSAddon

2012-12-21 23:17:35 -------- d-----w- C:\ProgramData\FSAddon

2012-12-21 23:03:25 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\Microsoft Game Studios

2012-12-21 22:48:07 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2012-12-21 22:48:04 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games

2012-12-21 22:13:07 -------- d-----w- C:\Program Files (x86)\Microsoft Games

2012-12-21 07:45:54 362496 ----a-w- C:\WINDOWS\System32\atmfd.dll

2012-12-21 07:45:54 300032 ----a-w- C:\WINDOWS\SysWow64\atmfd.dll

2012-12-21 07:45:53 46080 ----a-w- C:\WINDOWS\System32\atmlib.dll

2012-12-21 07:45:53 35328 ----a-w- C:\WINDOWS\SysWow64\atmlib.dll

2012-12-21 06:00:45 1669632 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Captain_Sim\130\ace\ACE_130.exe

2012-12-20 12:49:43 -------- d-----w- C:\ProgramData\Microsoft Visual Studio

2012-12-20 12:47:34 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\Razer

2012-12-20 07:42:41 2562208 ----a-w- C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll

2012-12-20 07:33:32 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2012-12-20 07:32:17 -------- d-----w- C:\Program Files (x86)\Application Verifier

2012-12-20 07:32:16 -------- d-----w- C:\Program Files\Application Verifier

2012-12-20 07:32:10 -------- d-----w- C:\ProgramData\Windows App Certification Kit

2012-12-20 07:29:43 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft

2012-12-20 07:29:19 -------- d-----w- C:\ProgramData\PreEmptive Solutions

2012-12-20 07:24:00 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET

2012-12-20 07:22:46 -------- d-----w- C:\Program Files (x86)\Microsoft Web Tools

2012-12-20 07:22:12 -------- d-----w- C:\Program Files\Microsoft

2012-12-20 07:21:42 -------- d-----w- C:\Program Files\IIS Express

2012-12-20 07:21:42 -------- d-----w- C:\Program Files (x86)\IIS Express

2012-12-19 21:28:12 -------- d-----w- C:\Program Files (x86)\NuGet

2012-12-19 21:27:56 -------- d-----w- C:\Program Files (x86)\Microsoft WCF Data Services

2012-12-19 21:27:46 -------- d-----w- C:\Program Files\IIS

2012-12-19 21:27:44 -------- d-----w- C:\Program Files (x86)\IIS

2012-12-19 21:25:01 -------- d-----w- C:\Program Files (x86)\Windows Kits

2012-12-19 21:15:23 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop

2012-12-19 21:13:56 -------- d-----w- C:\Program Files (x86)\Microsoft Help Viewer

2012-12-19 21:10:27 -------- d-----w- C:\WINDOWS\SysWow64\1033

2012-12-19 21:10:14 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server

2012-12-19 21:10:13 -------- d-----w- C:\Program Files\Microsoft SQL Server

2012-12-19 21:00:33 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules

2012-12-19 20:55:38 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 11.0

2012-12-19 20:55:36 -------- d-----w- C:\WINDOWS\System32\1033

2012-12-19 20:54:57 -------- d-----w- C:\Program Files\Microsoft Visual Studio 11.0

2012-12-19 19:43:10 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\Mael

2012-12-19 19:42:50 -------- d-----w- C:\Program Files (x86)\HxD

2012-12-19 14:47:20 204200 ----a-w- C:\WINDOWS\System32\VBoxNetFltNobj.dll

2012-12-19 14:47:20 146856 ----a-w- C:\WINDOWS\System32\drivers\VBoxNetFlt.sys

2012-12-19 14:47:20 132008 ----a-w- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys

2012-12-18 17:46:10 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Local\Google

2012-12-17 17:42:02 -------- d-----w- C:\ProgramData\Package Cache

2012-12-17 17:19:15 2367528 ----a-w- C:\WINDOWS\System32\WSService.dll

2012-12-17 17:19:13 13640704 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll

2012-12-17 17:19:01 3265256 ----a-w- C:\WINDOWS\System32\drivers\evbda.sys

2012-12-17 17:17:59 1409376 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll

2012-12-17 17:16:58 459776 ----a-w- C:\WINDOWS\System32\dxgi.dll

2012-12-17 17:13:03 301568 ----a-w- C:\WINDOWS\System32\newdev.dll

2012-12-17 17:13:01 275968 ----a-w- C:\WINDOWS\SysWow64\newdev.dll

2012-12-17 17:13:00 76288 ----a-w- C:\WINDOWS\System32\newdev.exe

2012-12-17 17:12:59 74240 ----a-w- C:\WINDOWS\SysWow64\newdev.exe

2012-12-17 17:12:58 75264 ----a-w- C:\WINDOWS\System32\ndadmin.exe

2012-12-17 17:12:58 73728 ----a-w- C:\WINDOWS\SysWow64\ndadmin.exe

2012-12-17 17:12:51 446976 ----a-w- C:\WINDOWS\System32\wwansvc.dll

2012-12-17 17:12:50 68608 ----a-w- C:\WINDOWS\System32\wwanprotdim.dll

2012-12-17 07:39:22 2071511 --sha-w- C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Cookies\MSDCSC\wg50MkCcEcTG\msdcsc.exe

2012-12-17 07:30:28 -------- d-----w- C:\Users\**MyComputerUsername**\AppData\Roaming\dclogs

2012-12-15 12:53:22 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller

2012-12-15 12:33:47 -------- d-----w- C:\Program Files (x86)\FIFA 13

.

==================== Find3M ====================

.

2012-12-28 15:28:34 1081320 ----a-w- C:\WINDOWS\System32\npDeployJava1.dll

2012-12-28 15:28:32 959976 ----a-w- C:\WINDOWS\System32\deployJava1.dll

2012-12-08 00:38:16 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys

2012-12-07 04:20:09 0 ----a-w- C:\WINDOWS\ativpsrm.bin

2012-12-07 00:09:38 95208 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

2012-12-07 00:09:37 821736 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll

2012-12-07 00:09:37 746984 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll

2012-12-06 04:23:00 170496 ----a-w- C:\WINDOWS\System32\TimeBrokerServer.dll

2012-12-06 04:22:59 178176 ----a-w- C:\WINDOWS\System32\SystemEventsBrokerServer.dll

2012-12-04 04:21:42 368640 ----a-w- C:\WINDOWS\System32\sppwinob.dll

2012-12-04 03:59:08 4055552 ----a-w- C:\WINDOWS\System32\win32k.sys

2012-11-29 05:05:57 707584 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll

2012-11-29 05:05:57 1131520 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll

2012-11-28 04:21:17 44032 ----a-w- C:\WINDOWS\SysWow64\UXInit.dll

2012-11-28 04:20:59 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

2012-11-27 07:00:32 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

2012-11-27 07:00:29 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

2012-11-27 06:59:13 329960 ----a-w- C:\WINDOWS\System32\drivers\storport.sys

2012-11-27 06:39:46 1122768 ----a-w- C:\WINDOWS\System32\Taskmgr.exe

2012-11-27 04:49:20 1027152 ----a-w- C:\WINDOWS\SysWow64\Taskmgr.exe

2012-11-27 04:20:50 1048064 ----a-w- C:\WINDOWS\SysWow64\mstsc.exe

2012-11-27 04:20:42 179200 ----a-w- C:\WINDOWS\SysWow64\wpnapps.dll

2012-11-27 04:20:35 891904 ----a-w- C:\WINDOWS\SysWow64\winmde.dll

2012-11-27 04:20:31 798208 ----a-w- C:\WINDOWS\SysWow64\WebcamUi.dll

2012-11-27 04:20:29 46592 ----a-w- C:\WINDOWS\SysWow64\vds_ps.dll

2012-11-27 04:20:28 560128 ----a-w- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll

2012-11-27 04:20:23 1217536 ----a-w- C:\WINDOWS\SysWow64\storagewmi.dll

2012-11-27 04:20:15 680960 ----a-w- C:\WINDOWS\System32\vds.exe

2012-11-27 04:20:07 702464 ----a-w- C:\WINDOWS\SysWow64\nshwfp.dll

2012-11-27 04:20:07 1123840 ----a-w- C:\WINDOWS\System32\mstsc.exe

2012-11-27 04:18:59 888832 ----a-w- C:\WINDOWS\System32\nshwfp.dll

2012-11-27 04:18:39 5974528 ----a-w- C:\WINDOWS\System32\mstscax.dll

2012-11-27 04:18:25 1146880 ----a-w- C:\WINDOWS\System32\mcmde.dll

2012-11-27 04:18:13 1071104 ----a-w- C:\WINDOWS\System32\IKEEXT.DLL

2012-11-27 04:18:06 378880 ----a-w- C:\WINDOWS\System32\FWPUCLNT.DLL

2012-11-27 04:17:31 2302464 ----a-w- C:\WINDOWS\System32\authui.dll

2012-11-27 03:57:32 18432 ----a-w- C:\WINDOWS\System32\drivers\BtaMPM.sys

2012-11-27 03:56:29 31104 ----a-w- C:\WINDOWS\System32\drivers\BthAvrcpTg.sys

2012-11-27 03:55:44 29952 ----a-w- C:\WINDOWS\System32\drivers\BthhfHid.sys

2012-11-26 23:36:16 208736 ----a-w- C:\WINDOWS\System32\drivers\avgwfpa.sys

2012-11-26 04:21:18 71168 ----a-w- C:\WINDOWS\SysWow64\ncryptsslp.dll

2012-11-26 04:20:09 86016 ----a-w- C:\WINDOWS\System32\ncryptsslp.dll

2012-11-22 00:43:14 165112 ----a-w- C:\WINDOWS\System32\drivers\idmwfp.sys

2012-11-20 08:00:23 6971624 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2012-11-20 05:24:19 1164800 ----a-w- C:\WINDOWS\SysWow64\Display.dll

2012-11-20 05:24:17 36352 ----a-w- C:\WINDOWS\SysWow64\DevDispItemProvider.dll

2012-11-20 05:17:23 1184256 ----a-w- C:\WINDOWS\System32\Display.dll

2012-11-20 05:17:20 49152 ----a-w- C:\WINDOWS\System32\DevDispItemProvider.dll

2012-11-20 05:02:46 6656 ----a-w- C:\WINDOWS\SysWow64\KBDKURD.DLL

2012-11-20 04:59:26 7168 ----a-w- C:\WINDOWS\System32\KBDKURD.DLL

2012-11-20 04:56:27 27136 ----a-w- C:\WINDOWS\System32\drivers\usbohci.sys

2012-11-20 04:56:11 83456 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys

2012-11-20 04:54:31 39936 ----a-w- C:\WINDOWS\System32\drivers\hidi2c.sys

2012-11-15 23:33:24 111968 ----a-w- C:\WINDOWS\System32\drivers\avgmfx64.sys

2012-11-15 06:08:41 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

2012-11-15 06:06:34 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

2012-11-13 04:20:30 1120768 ----a-w- C:\WINDOWS\System32\msctf.dll

2012-11-13 04:19:23 890880 ----a-w- C:\WINDOWS\SysWow64\msctf.dll

2012-11-10 04:23:25 132608 ----a-w- C:\WINDOWS\SysWow64\poqexec.exe

2012-11-10 04:23:18 148480 ----a-w- C:\WINDOWS\System32\poqexec.exe

2012-11-10 04:22:40 122880 ----a-w- C:\WINDOWS\System32\VmHostAI.dll

2012-11-10 04:22:35 144384 ----a-w- C:\WINDOWS\System32\tssdisai.dll

2012-11-10 04:22:14 126976 ----a-w- C:\WINDOWS\System32\RDWebAI.dll

2012-11-10 04:20:20 135680 ----a-w- C:\WINDOWS\System32\appserverai.dll

2012-11-09 04:49:51 2048 ----a-w- C:\WINDOWS\System32\tzres.dll

2012-11-09 04:03:48 2048 ----a-w- C:\WINDOWS\SysWow64\tzres.dll

2012-11-08 04:25:36 523776 ----a-w- C:\WINDOWS\SysWow64\WSShared.dll

2012-11-08 04:25:36 143872 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll

2012-11-08 04:25:36 124928 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

2012-11-08 04:25:35 1775104 ----a-w- C:\WINDOWS\SysWow64\wininet.dll

2012-11-08 04:24:27 2881536 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll

2012-11-08 04:24:22 61440 ----a-w- C:\WINDOWS\SysWow64\iesetup.dll

2012-11-08 04:24:22 109056 ----a-w- C:\WINDOWS\SysWow64\iesysprep.dll

2012-11-08 04:24:19 75776 ----a-w- C:\WINDOWS\SysWow64\fontsub.dll

2012-11-08 04:24:06 10752 ----a-w- C:\WINDOWS\SysWow64\dciman32.dll

2012-11-08 04:22:21 641536 ----a-w- C:\WINDOWS\System32\WSShared.dll

2012-11-08 04:22:20 198656 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll

2012-11-08 04:22:20 163840 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.TestingFramework.dll

2012-11-08 04:22:19 2246656 ----a-w- C:\WINDOWS\System32\wininet.dll

2012-11-08 04:22:12 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll

2012-11-08 04:21:00 3966464 ----a-w- C:\WINDOWS\System32\jscript9.dll

2012-11-08 04:20:56 67072 ----a-w- C:\WINDOWS\System32\iesetup.dll

2012-11-08 04:20:56 136704 ----a-w- C:\WINDOWS\System32\iesysprep.dll

2012-11-08 04:20:50 96256 ----a-w- C:\WINDOWS\System32\fontsub.dll

2012-11-08 04:20:37 14336 ----a-w- C:\WINDOWS\System32\dciman32.dll

2012-11-08 04:02:16 3072 ----a-w- C:\WINDOWS\System32\lpk.dll

2012-11-08 04:01:40 3072 ----a-w- C:\WINDOWS\SysWow64\lpk.dll

2012-11-08 01:56:52 534528 ----a-w- C:\WINDOWS\SysWow64\uxtheme.dll

2012-11-06 07:52:07 445160 ----a-w- C:\WINDOWS\System32\drivers\USBHUB3.SYS

2012-11-06 07:52:04 277736 ----a-w- C:\WINDOWS\System32\drivers\msiscsi.sys

2012-11-06 07:36:23 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys

2012-11-06 07:33:46 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll

2012-11-06 07:33:46 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe

2012-11-06 07:33:45 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll

2012-11-06 07:33:45 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll

2012-11-06 07:33:30 1566432 ----a-w- C:\WINDOWS\System32\ole32.dll

2012-11-06 05:00:06 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll

2012-11-06 05:00:06 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll

2012-11-06 05:00:06 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll

2012-11-06 04:54:13 2205696 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll

.

============= FINISH: 18:57:53.77 ===============

Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro with Media Center

Boot Device: \Device\HarddiskVolume2

Install Date: 12/7/2012 4:31:03 AM

System Uptime: 1/12/2013 5:28:21 PM (25 hours ago)

.

Motherboard: Packard Bell | | WMCP78M

Processor: AMD Athlon II X3 425 Processor | Socket AM2 | 2700/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 341 GiB total, 21.382 GiB free.

E: is CDROM (CDFS)

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Coprocessor

Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_01531025&REV_A2\3&2411E6FE&0&0B

Manufacturer:

Name: Coprocessor

PNP Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_01531025&REV_A2\3&2411E6FE&0&0B

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VirtualBox Bridged Networking Driver Miniport

Device ID: ROOT\SUN_VBOXNETFLTMP\0001

Manufacturer: Oracle Corporation

Name: NETGEAR WNDA3100v2 N600 Wireless Dual Band USB Adapter #3 - VirtualBox Bridged Networking Driver Miniport

PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0001

Service: VBoxNetFlt

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: PS/2 Compatible Mouse

Device ID: ACPI\PNP0F13\4&273E059A&0

Manufacturer: Microsoft

Name: PS/2 Compatible Mouse

PNP Device ID: ACPI\PNP0F13\4&273E059A&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP23: 1/13/2013 1:51:21 AM - Scheduled Checkpoint

.

==== Hosts File Hijack ====================== - Please note this isnt a hijack, just me avoiding my ISP block

.

Hosts: 93.182.132.111 thepiratebay.se

Hosts: 93.182.132.111 www.thepiratebay.se

Hosts: 93.182.132.111 thepiratebay.org

Hosts: 93.182.132.111 www.thepiratebay.org

Hosts: 93.182.132.111 piratebay.se

Hosts: 93.182.132.111 www.piratebay.se

.

==== Installed Programs ======================

.

Tools for .Net 3.5

3D Sound Back Beta0.1

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

Adobe Reader XI

Aerosoft's - Airbus X Extended - FSX

aerosoft's - Lukla X - Mount Everest Mission

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Arctic Combat

AVG 2013

Blend for Visual Studio 2012

Blend for Visual Studio 2012 ENU resources

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CPUID CPU-Z 1.62.0

Dota 2

Dotfuscator and Analytics Community Edition

Dropbox

Entity Framework Designer for Visual Studio 2012 - enu

eReg

F/A 18 Hornet for FSX

FIFA 13

FileASSASSIN

FileZilla Client 3.6.0.2

Fraps (remove only)

Free Alarm Clock 2.5.0

FSX Mission Editor

GlassFish Server Open Source Edition 3.1.2.2

Google Chrome

Google Drive

Google Earth

Google Update Helper

Hotfix for Microsoft Outlook 2010 (KB2598374)

HxD Hex Editor version 1.7.7.0

I-Doser Premium

IIS 8.0 Express

IIS Express Application Compatibility Database for x64

IIS Express Application Compatibility Database for x86

Internet Download Manager

Java 7 Update 10 (64-bit)

Java 7 Update 9

Java Auto Updater

Java SE Development Kit 7 Update 10 (64-bit)

JavaScript Tooling

Just Flight - Space Shuttle FSX

LocalESPC

LocalESPCui for en-us

Logitech SetPoint 6.51

Lua for Windows 5.1.4-46

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5 Multi-Targeting Pack

Microsoft .NET Framework 4.5 SDK

Microsoft ASP.NET MVC 3

Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

Microsoft ASP.NET MVC 4 Runtime

Microsoft ASP.NET Web Pages

Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

Microsoft ASP.NET Web Pages 2 Runtime

Microsoft Flight Simulator X

Microsoft Flight Simulator X: Acceleration

Microsoft Help Viewer 2.0

Microsoft LightSwitch for Visual Studio 2012 Core

Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

Microsoft Mouse and Keyboard Center

Microsoft NuGet - Visual Studio 2012

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office 365 Home Premium Preview - en-us

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Portable Library Multi-Targeting Pack

Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

Microsoft Report Viewer Add-On for Visual Studio 2012

Microsoft Silverlight

Microsoft Silverlight 4 SDK

Microsoft Silverlight 5 SDK

Microsoft SkyDrive

Microsoft SQL Server 2012 Command Line Utilities

Microsoft SQL Server 2012 Data-Tier App Framework

Microsoft SQL Server 2012 Express LocalDB

Microsoft SQL Server 2012 Management Objects

Microsoft SQL Server 2012 Management Objects (x64)

Microsoft SQL Server 2012 Native Client

Microsoft SQL Server 2012 T-SQL Language Service

Microsoft SQL Server 2012 Transact-SQL Compiler Service

Microsoft SQL Server 2012 Transact-SQL ScriptDom

Microsoft SQL Server Compact 4.0 SP1 x64 ENU

Microsoft SQL Server Data Tools - enu (11.1.20627.00)

Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

Microsoft SQL Server System CLR Types

Microsoft SQL Server System CLR Types (x64)

Microsoft System CLR Types for SQL Server 2012

Microsoft System CLR Types for SQL Server 2012 (x64)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727

Microsoft Visual C++ 2012 32bit Compilers - ENU Resources

Microsoft Visual C++ 2012 Compilers

Microsoft Visual C++ 2012 Compilers - ENU Resources

Microsoft Visual C++ 2012 Core Libraries

Microsoft Visual C++ 2012 Extended Libraries

Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86-x64 Compilers

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Microsoft Visual Studio 2010 Office Developer Tools (x64)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio 2012 Devenv

Microsoft Visual Studio 2012 Devenv Resources

Microsoft Visual Studio 2012 IntelliTrace Core amd64

Microsoft Visual Studio 2012 IntelliTrace Core x86

Microsoft Visual Studio 2012 IntelliTrace Front End x86

Microsoft Visual Studio 2012 Performance Collection Tools

Microsoft Visual Studio 2012 Performance Collection Tools - ENU

Microsoft Visual Studio 2012 Preparation

Microsoft Visual Studio 2012 SharePoint Developer Tools

Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack

Microsoft Visual Studio 2012 Shell (Minimum)

Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

Microsoft Visual Studio 2012 Shell (Minimum) Resources

Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

Microsoft Visual Studio Premium 2012

Microsoft Visual Studio Premium 2012 - ENU

Microsoft Visual Studio Professional 2012

Microsoft Visual Studio Professional 2012 - ENU

Microsoft Visual Studio Team Foundation Server 2012 Object Model

Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU

Microsoft Visual Studio Team Foundation Server 2012 Storyboarding

Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

Microsoft Visual Studio Ultimate 2012

Microsoft Visual Studio Ultimate 2012 - ENU

Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

Microsoft Web Deploy 3.0

Microsoft Web Deploy dbSqlPackage Provider - enu

Microsoft Web Developer Tools - Visual Studio 2012

Microsoft Web Platform Installer 4.0

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 18.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT Redists

MSXML 4.0 SP2 Parser and SDK

NetBeans IDE 7.2.1

NETGEAR WNDA3100v2 wireless USB 2.0 adapter

NETGEAR WNDA3100v2 wireless USB 2.0 driver

No-IP DUC

Notepad++

Notification Center

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Oracle VM VirtualBox 4.2.6

PDF Settings CS6

PeerBlock 1.1 (r518)

Plantronics® GameCom 780 Software for Dolby® Headphone

PowerISO

PreEmptive Analytics Visual Studio Components

Prerequisites for SSDT

puush

RAAS Professional by FS2Crew (LOCKED)

RAMRush 1.0.6.917

Razer Game Booster

REX Essential Plus Overdrive

Sandboxie 3.76 (64-bit)

Skype Click to Call

Skype™ 6.0

Steam

Transmission Remote GUI 4.1

Tunngle beta

UK2000 London City Xtreme FSX

Ultimate Terrain X - Europe

Update for (KB2504637)

Vegas Pro 12.0 (64-bit)

Visual Studio 2010 x64 Redistributables

Visual Studio 2012 Prerequisites

Visual Studio 2012 Prerequisites - ENU Language Pack

Visual Studio 2012 Update 1 (KB2707250)

Visual Studio Extensions for Windows Library for JavaScript

WampServer 2.2

WCF Data Services 5.0 (for OData v3) Primary Components

WCF Data Services Tools for Microsoft Visual Studio 2012

WCF RIA Services V1.0 SP2

WhatPulse 1.7.1

WhatPulse version 2.0

Windows App Certification Kit Native Components

Windows App Certification Kit x64

Windows Runtime Intellisense Content - en-us

Windows Software Development Kit

Windows Software Development Kit DirectX x64 Remote

Windows Software Development Kit DirectX x86 Remote

Windows Software Development Kit for Windows Store Apps

Windows Software Development Kit for Windows Store Apps DirectX x64 Remote

Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

Windows XP Targeting with C++

WinRAR 4.20 (64-bit)

WinSCP 5.1.2

.

==== Event Viewer Messages From Past Week ========

.

1/9/2013 9:24:45 PM, Error: Service Control Manager [7030] - The WSWNDA3100v2 service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

1/9/2013 7:25:37 PM, Error: Service Control Manager [7031] - The WSWNDA3100v2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

1/9/2013 7:02:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

1/9/2013 7:01:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

1/9/2013 7:01:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

1/9/2013 6:58:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}

1/9/2013 6:56:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "Unavailable" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}

1/9/2013 6:56:40 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

1/9/2013 6:56:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

1/9/2013 6:56:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "Unavailable" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

1/9/2013 6:56:07 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

1/9/2013 10:29:41 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 10. The Windows SChannel error state is 10.

1/6/2013 1:45:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TuneUp.UtilitiesSvc with arguments "Unavailable" in order to run the server: {5EF1CF5D-87A9-434B-8786-2A08E1C30F6C}

1/6/2013 1:41:55 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The pipe has been ended.

1/13/2013 6:52:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

1/12/2013 5:29:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

1/12/2013 5:29:33 PM, Error: Service Control Manager [7001] - The BlueStacks Android Service service depends on the BlueStacks Hypervisor service which failed to start because of the following error: The system cannot find the path specified.

1/12/2013 5:29:30 PM, Error: Service Control Manager [7000] - The BlueStacks Log Rotator Service service failed to start due to the following error: The system cannot find the file specified.

1/12/2013 5:29:30 PM, Error: Service Control Manager [7000] - The BlueStacks Hypervisor service failed to start due to the following error: The system cannot find the path specified.

1/12/2013 5:25:21 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x000000000000012c, 0xfffffa8007add7c0, 0xfffff800a751a940). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 011213-62416-01.

1/11/2013 3:39:02 PM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.

1/10/2013 7:28:15 AM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is DB3WNS2010713.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

1/10/2013 6:52:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Android Service service to connect.

1/10/2013 6:52:14 PM, Error: Service Control Manager [7000] - The BlueStacks Android Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/10/2013 6:51:32 PM, Error: Microsoft-Windows-Subsys-SMSS [12] - The crash dump file could not be created due to a lack of free space on the destination drive. Increasing the amount of free space on the destination drive may help prevent this error.

1/10/2013 3:21:23 PM, Error: Schannel [36888] - A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

1/10/2013 3:21:23 PM, Error: Schannel [36884] - The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

.

==== End Of File ===========================

Link to post
Share on other sites

Hey v05,

Thank you for the logs.

What makes you think you have an infection?

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

Hey v05,

Thank you for the logs.

What makes you think you have an infection?

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

Umm windows 8 isnt supported by ComboFix, though I think I have an infection because I let my friend download some dodgy programs.

Link to post
Share on other sites

Hello v05,

My apologies.

Please try this tool instead.

Please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

What issues are on your computer?

Link to post
Share on other sites

OTL logfile created on: 1/14/2013 4:03:04 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**MyComputerUsername**\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16453)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 55.60% Memory free

7.90 Gb Paging File | 6.05 Gb Available in Paging File | 76.52% Paging File free

Paging file location(s): c:\pagefile.sys 4000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 341.45 Gb Total Space | 2.99 Gb Free Space | 0.88% Space Free | Partition Type: NTFS

Drive E: | 47.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 3.69 Gb Total Space | 0.89 Gb Free Space | 24.25% Space Free | Partition Type: FAT32

Computer Name: **MyComputerUsername**-PC | User Name: **MyComputerUsername** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/14 15:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**MyComputerUsername**\Desktop\OTL_2.exe

PRC - [2013/01/11 22:35:24 | 000,917,552 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/12/31 14:50:52 | 003,337,216 | ---- | M] () -- C:\Program Files (x86)\WhatPulse\whatpulse.exe

PRC - [2012/12/28 23:02:24 | 028,539,392 | ---- | M] (Dropbox, Inc.) -- C:\Users\**MyComputerUsername**\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/12/25 17:21:24 | 000,165,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\msosync.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

PRC - [2012/12/07 07:46:35 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe

PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2012/11/08 16:58:24 | 016,070,136 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe

PRC - [2012/10/26 12:37:58 | 003,540,416 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/09/18 18:46:38 | 008,384,800 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

PRC - [2012/09/18 18:46:16 | 000,305,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe

PRC - [2012/07/04 11:03:06 | 000,641,704 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

PRC - [2011/12/01 19:15:42 | 000,777,448 | ---- | M] () -- C:\Program Files\Plantronics\GameCom780\GameCom780.exe

PRC - [2010/05/25 12:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/14 16:00:05 | 000,086,016 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\_elementtree.pyd

MOD - [2013/01/14 16:00:05 | 000,040,448 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\_socket.pyd

MOD - [2013/01/14 16:00:04 | 001,024,024 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\windows._cacheinvalidation.pyd

MOD - [2013/01/14 16:00:04 | 000,792,576 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._gdi_.pyd

MOD - [2013/01/14 16:00:04 | 000,571,392 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\pysqlite2._sqlite.pyd

MOD - [2013/01/14 16:00:04 | 000,263,168 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32com.shell.shell.pyd

MOD - [2013/01/14 16:00:04 | 000,096,256 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32api.pyd

MOD - [2013/01/14 16:00:04 | 000,073,728 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\_ctypes.pyd

MOD - [2013/01/14 16:00:04 | 000,070,656 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._html2.pyd

MOD - [2013/01/14 16:00:04 | 000,023,040 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32ts.pyd

MOD - [2013/01/14 16:00:04 | 000,017,920 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32profile.pyd

MOD - [2013/01/14 16:00:04 | 000,011,776 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32crypt.pyd

MOD - [2013/01/14 16:00:03 | 001,169,408 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._core_.pyd

MOD - [2013/01/14 16:00:03 | 000,807,424 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._windows_.pyd

MOD - [2013/01/14 16:00:03 | 000,731,136 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._misc_.pyd

MOD - [2013/01/14 16:00:03 | 000,645,120 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\_ssl.pyd

MOD - [2013/01/14 16:00:03 | 000,354,304 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\pythoncom26.dll

MOD - [2013/01/14 16:00:03 | 000,311,808 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\_hashlib.pyd

MOD - [2013/01/14 16:00:03 | 000,110,592 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32security.pyd

MOD - [2013/01/14 16:00:03 | 000,110,592 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\pywintypes26.dll

MOD - [2013/01/14 16:00:03 | 000,036,352 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32process.pyd

MOD - [2013/01/14 16:00:03 | 000,022,528 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32pdh.pyd

MOD - [2013/01/14 16:00:02 | 001,056,256 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._controls_.pyd

MOD - [2013/01/14 16:00:02 | 000,153,088 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\pyexpat.pyd

MOD - [2013/01/14 16:00:02 | 000,121,856 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\wx._wizard.pyd

MOD - [2013/01/14 16:00:02 | 000,111,104 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32file.pyd

MOD - [2013/01/14 16:00:02 | 000,039,424 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32inet.pyd

MOD - [2013/01/14 16:00:02 | 000,017,920 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\win32event.pyd

MOD - [2013/01/14 16:00:01 | 000,585,728 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\unicodedata.pyd

MOD - [2013/01/14 16:00:01 | 000,011,776 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Temp\_MEI54842\select.pyd

MOD - [2013/01/14 09:49:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e2f7dbe3bf08df200a4cdcf2e0eb82fa\System.Runtime.Remoting.ni.dll

MOD - [2013/01/14 09:48:40 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll

MOD - [2013/01/11 22:35:23 | 003,021,872 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/01/11 17:14:08 | 005,453,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll

MOD - [2013/01/11 17:14:02 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d69481589eca8074e7ebbcafd108a2ca\System.Windows.Forms.ni.dll

MOD - [2013/01/11 17:13:51 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll

MOD - [2013/01/11 17:13:11 | 007,988,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll

MOD - [2013/01/11 17:13:02 | 011,494,912 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll

MOD - [2012/12/31 14:50:52 | 003,337,216 | ---- | M] () -- C:\Program Files (x86)\WhatPulse\whatpulse.exe

MOD - [2012/12/25 17:00:05 | 000,340,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll

MOD - [2012/12/25 17:00:05 | 000,307,976 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2012/12/07 07:46:35 | 000,565,480 | ---- | M] () -- C:\Program Files (x86)\puush\puush.exe

MOD - [2012/09/18 18:46:38 | 008,384,800 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WNDA3100v2.exe

MOD - [2012/09/18 09:34:04 | 000,278,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvcLib.dll

MOD - [2012/05/23 09:25:08 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\WhatPulse\libgcc_s_dw2-1.dll

MOD - [2012/05/23 09:25:08 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\WhatPulse\mingwm10.dll

MOD - [2011/12/01 19:16:00 | 000,150,760 | ---- | M] () -- C:\Program Files\Plantronics\GameCom780\VMixPLGC.dll

MOD - [2011/12/01 19:15:42 | 000,777,448 | ---- | M] () -- C:\Program Files\Plantronics\GameCom780\GameCom780.exe

========== Services (SafeList) ==========

SRV:64bit: - [2012/12/16 11:25:38 | 000,123,664 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2012/12/06 04:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)

SRV:64bit: - [2012/12/06 04:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV:64bit: - [2012/11/06 04:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)

SRV:64bit: - [2012/11/06 04:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2012/10/01 07:22:52 | 000,359,224 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2012/09/20 09:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)

SRV:64bit: - [2012/09/20 06:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)

SRV:64bit: - [2012/09/20 06:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)

SRV:64bit: - [2012/09/11 18:13:02 | 001,494,144 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)

SRV:64bit: - [2012/07/26 03:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV:64bit: - [2012/07/26 03:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)

SRV:64bit: - [2012/07/26 03:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)

SRV:64bit: - [2012/07/26 03:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)

SRV:64bit: - [2012/07/26 03:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)

SRV:64bit: - [2012/07/26 03:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)

SRV:64bit: - [2012/07/26 03:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)

SRV:64bit: - [2012/07/26 03:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)

SRV:64bit: - [2012/07/26 03:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)

SRV:64bit: - [2012/07/26 03:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV:64bit: - [2012/07/26 03:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)

SRV:64bit: - [2012/07/26 03:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)

SRV:64bit: - [2012/07/26 03:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\efssvc.dll -- (EFS)

SRV:64bit: - [2012/07/26 03:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)

SRV:64bit: - [2012/07/26 03:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)

SRV:64bit: - [2012/07/26 03:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV:64bit: - [2012/07/26 03:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)

SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)

SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)

SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)

SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)

SRV:64bit: - [2012/07/26 00:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)

SRV:64bit: - [2012/07/04 09:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)

SRV:64bit: - [2012/07/04 06:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2013/01/11 22:35:23 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/01/09 21:26:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/20 12:55:36 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/12/10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)

SRV - [2012/11/26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/11/09 19:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/11/06 04:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/09/18 18:46:16 | 000,305,200 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe -- (WSWNDA3100v2)

SRV - [2012/07/26 03:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)

SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)

SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)

SRV - [2012/05/13 19:39:06 | 000,022,016 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp2\bin\apache\apache2.2.22\bin\httpd.exe -- (wampapache)

SRV - [2012/04/19 15:45:02 | 009,693,696 | ---- | M] () [On_Demand | Stopped] -- c:\wamp2\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld)

SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VBoxNetAdp.sys -- (VBoxNetAdp)

DRV:64bit: - [2012/12/16 11:25:34 | 000,202,632 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/11/27 07:00:32 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2012/11/27 03:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV:64bit: - [2012/11/27 03:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)

DRV:64bit: - [2012/11/26 23:36:16 | 000,208,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)

DRV:64bit: - [2012/11/22 00:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\idmwfp.sys -- (IDMWFP)

DRV:64bit: - [2012/11/20 04:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)

DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/11/06 07:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV:64bit: - [2012/11/06 07:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)

DRV:64bit: - [2012/11/06 03:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)

DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/12 08:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/10/11 07:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)

DRV:64bit: - [2012/10/11 07:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)

DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/20 07:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV:64bit: - [2012/09/20 07:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)

DRV:64bit: - [2012/09/20 07:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV:64bit: - [2012/09/20 07:55:29 | 000,028,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV:64bit: - [2012/09/20 07:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2012/09/20 07:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2012/09/20 07:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)

DRV:64bit: - [2012/09/18 09:32:32 | 000,078,648 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2012/09/18 09:32:32 | 000,075,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2012/09/18 09:32:32 | 000,061,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2012/09/18 09:32:32 | 000,015,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)

DRV:64bit: - [2012/08/24 07:56:56 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\scdemu.sys -- (SCDEmu)

DRV:64bit: - [2012/07/26 05:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/07/26 05:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)

DRV:64bit: - [2012/07/26 05:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV:64bit: - [2012/07/26 05:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)

DRV:64bit: - [2012/07/26 05:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)

DRV:64bit: - [2012/07/26 05:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)

DRV:64bit: - [2012/07/26 05:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)

DRV:64bit: - [2012/07/26 05:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)

DRV:64bit: - [2012/07/26 05:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)

DRV:64bit: - [2012/07/26 05:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2012/07/26 05:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2012/07/26 05:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV:64bit: - [2012/07/26 05:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2012/07/26 05:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV:64bit: - [2012/07/26 05:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)

DRV:64bit: - [2012/07/26 05:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2012/07/26 05:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)

DRV:64bit: - [2012/07/26 05:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2012/07/26 05:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2012/07/26 04:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)

DRV:64bit: - [2012/07/26 04:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV:64bit: - [2012/07/26 04:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)

DRV:64bit: - [2012/07/26 04:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)

DRV:64bit: - [2012/07/26 04:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)

DRV:64bit: - [2012/07/26 03:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)

DRV:64bit: - [2012/07/26 02:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)

DRV:64bit: - [2012/07/26 02:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV:64bit: - [2012/07/26 02:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)

DRV:64bit: - [2012/07/26 02:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)

DRV:64bit: - [2012/07/26 02:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)

DRV:64bit: - [2012/07/26 02:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)

DRV:64bit: - [2012/07/26 02:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)

DRV:64bit: - [2012/07/26 02:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)

DRV:64bit: - [2012/07/26 02:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV:64bit: - [2012/07/26 02:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)

DRV:64bit: - [2012/07/26 02:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)

DRV:64bit: - [2012/07/26 02:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)

DRV:64bit: - [2012/07/26 02:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)

DRV:64bit: - [2012/07/26 02:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/26 02:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV:64bit: - [2012/07/26 02:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)

DRV:64bit: - [2012/07/26 02:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/07/26 02:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)

DRV:64bit: - [2012/07/26 02:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)

DRV:64bit: - [2012/07/26 02:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)

DRV:64bit: - [2012/07/26 02:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)

DRV:64bit: - [2012/07/26 02:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)

DRV:64bit: - [2012/07/26 02:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV:64bit: - [2012/07/26 02:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)

DRV:64bit: - [2012/07/26 02:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)

DRV:64bit: - [2012/07/04 06:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/07/04 05:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/06/02 14:31:55 | 001,855,520 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netr28ux.sys -- (netr28ux)

DRV:64bit: - [2012/06/02 14:31:52 | 000,344,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nvmf6264.sys -- (NVNET)

DRV:64bit: - [2012/03/06 00:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)

DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2011/11/05 00:47:58 | 001,327,104 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\PLTGC.sys -- (PlantronicsGC)

DRV:64bit: - [2010/02/03 11:20:32 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\npf.sys -- (NPF)

DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tap0901t.sys -- (tap0901t)

DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\SCMNdisP.sys -- (SCMNdisP)

DRV - [2012/11/13 21:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)

DRV - [2012/07/13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/?rd=1&ucc=GB&dcc=GB&opt=0

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en-GB;q=0.7,en;q=0.3

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 D8 C3 BE 36 D4 CD 01 [binary data]

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: tilt%40mozilla.com:1.0.1

FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.31

FF - prefs.js..extensions.enabledAddons: %7BF003DA68-8256-4b37-A6C4-350FA04494DF%7D:6.5

FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3

FF - prefs.js..extensions.enabledAddons: %7Bbb6bc1bb-f824-4702-90cd-35e2fb24f25d%7D:1.5.1.1

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5

FF - prefs.js..extensions.enabledAddons: https-everywhere%40eff.org:3.1.2

FF - prefs.js..extensions.enabledAddons: %7B5F590AA2-1221-4113-A6F4-A4BB62414FAC%7D:0.45.6.20100202.1

FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.8.3

FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17

FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120910

FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5

FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205

FF - prefs.js..extensions.enabledAddons: masterpasswordtimeoutplus%40vano:1.21

FF - prefs.js..extensions.enabledAddons: SkipScreen%40SkipScreen:0.7.0

FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0

FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Ba84a47e4-4326-4ef8-aa1f-b679ad36e402%7D&mid=626fd34cc71b47d08652d16f6bf7990e-483b9eba199c28e3dfc2fe8ff0a1ec33b6985b61&ds=AVG&v=12.2.5.34〈=en&pr=pr&d=2012-09-12%2016%3A21%3A37&sap=ku&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012/12/08 00:36:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 22:35:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\**MyComputerUsername**\AppData\Roaming\IDM\idmmzcc5 [2012/12/07 07:42:36 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 22:35:24 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\**MyComputerUsername**\AppData\Roaming\IDM\idmmzcc5 [2012/12/07 07:42:36 | 000,000,000 | ---D | M]

[2012/12/08 19:21:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Extensions

[2012/08/29 15:38:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Extensions\net.openvpn.client

[2013/01/12 18:09:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions

[2012/12/19 19:16:36 | 000,000,000 | ---D | M] (Cookies Manager+) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}

[2012/11/14 20:28:35 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\battlefieldplay4free@ea.com

[2013/01/12 17:39:40 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\donottrackplus@abine.com

[2013/01/09 22:24:58 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\https-everywhere@eff.org

[2013/01/12 18:09:59 | 000,000,000 | ---D | M] (Master Password+) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\masterpasswordtimeoutplus@vano

[2012/10/01 20:47:10 | 000,000,000 | ---D | M] (Tilt) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\Firefox\Profiles\d147akgm.default-1349124146980\extensions\tilt@mozilla.com

[2013/01/12 17:53:16 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\adblockpopups@jessehakanen.net.xpi

[2013/01/12 17:39:10 | 000,010,186 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\badge@darktrojan.net.xpi

[2012/12/19 17:05:42 | 000,040,827 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\jsdeobfuscator@adblockplus.org.xpi

[2013/01/12 18:09:59 | 000,071,037 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\SkipScreen@SkipScreen.xpi

[2012/10/19 18:18:51 | 000,087,353 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi

[2012/12/23 10:39:49 | 000,345,457 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\{7CA9CF31-1C73-46CD-8377-85AB71EA771F}.xpi

[2013/01/12 17:52:21 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012/12/26 08:17:38 | 000,243,496 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi

[2012/12/19 17:07:47 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi

[2012/12/05 15:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\**MyComputerUsername**\AppData\Roaming\mozilla\firefox\profiles\d147akgm.default-1349124146980\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js

[2013/01/11 22:35:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/01/11 22:35:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/01/11 22:35:01 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

[2013/01/11 22:35:01 | 000,000,000 | ---D | M] (WOT) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2013/01/11 22:35:01 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2013/01/11 22:34:59 | 000,000,000 | ---D | M] (Ghostery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@ghostery.com

[2013/01/11 22:35:00 | 000,000,000 | ---D | M] (Tilt) -- C:\Program Files (x86)\Mozilla Firefox\extensions\tilt@mozilla.com

[2012/07/18 19:10:38 | 000,043,131 | ---- | M] () (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.XPI

[2012/12/08 00:36:01 | 000,000,000 | ---D | M] (Logitech SetPoint) -- C:\PROGRAM FILES\LOGITECH\SETPOINTP\LOGISMOOTHFIREFOXEXT

[2012/12/07 07:42:36 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\**MyComputerUsername**\APPDATA\ROAMING\IDM\IDMMZCC5

[2013/01/11 22:35:24 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/11/29 05:27:41 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2012/10/12 06:37:58 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/10/12 06:37:58 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Internet Download Manager Plugin (Enabled) = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.25.1_0\IDMGCExt.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll

CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\SysWOW64\npDeployJava1.dll

CHR - Extension: Google Drive = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Logitech SetPoint = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.51.8_0\

CHR - Extension: IDM Integration = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.12.25.1_0\

CHR - Extension: Gmail = C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/30 20:15:30 | 000,001,772 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 127.0.0.1

O1 - Hosts: 93.182.132.111 thepiratebay.se

O1 - Hosts: 93.182.132.111 www.thepiratebay.se

O1 - Hosts: 93.182.132.111 thepiratebay.org

O1 - Hosts: 93.182.132.111 www.thepiratebay.org

O1 - Hosts: 93.182.132.111 piratebay.se

O1 - Hosts: 93.182.132.111 www.piratebay.se

O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)

O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [GamecomSound] C:\Program Files\Plantronics\GameCom780\GameCom780.exe ()

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [intelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\WINDOWS\SysNative\LogiLDA.dll (Logitech, Inc.)

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\WINDOWS\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe File not found

O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKCU..\Run: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)

O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)

O4 - HKCU..\Run: [puush] C:\Program Files (x86)\puush\puush.exe ()

O4 - HKCU..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)

O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKCU..\Run: [WhatPulse] C:\Program Files (x86)\WhatPulse\whatpulse.exe ()

O4 - Startup: C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\**MyComputerUsername**\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()

O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Microsoft Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3498901D-731E-4233-9CB5-A9A130E5A07A}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E57C0336-7B7C-4E8F-AF2B-288D22E8E578}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Security Packages - (livessp) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2010/10/01 06:14:36 | 000,358,880 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2006/05/29 08:27:40 | 000,000,047 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{32ce4390-4025-11e2-be65-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{32ce4390-4025-11e2-be65-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2010/10/01 06:14:36 | 000,358,880 | R--- | M] (NETGEAR Inc.)

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)

NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)

NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)

NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: VIDC.FPS1 - C:\WINDOWS\SysWow64\frapsvid.dll (Beepa P/L)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

Link to post
Share on other sites

========== Files/Folders - Created Within 30 Days ==========

[2013/01/14 15:46:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\**MyComputerUsername**\Desktop\OTL_2.exe

[2013/01/13 17:16:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie

[2013/01/13 01:04:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAMRush

[2013/01/13 01:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RAMRush

[2013/01/12 21:31:08 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Publish Providers

[2013/01/12 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

[2013/01/12 21:16:39 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\Sony

[2013/01/12 21:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony

[2013/01/12 21:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sony

[2013/01/12 21:16:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony

[2013/01/12 21:15:34 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Sony

[2013/01/11 22:34:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/01/11 15:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/01/10 16:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks

[2013/01/10 16:37:34 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup

[2013/01/10 16:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks

[2013/01/10 15:20:42 | 000,695,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2013/01/10 15:20:42 | 000,080,728 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2013/01/09 21:38:27 | 001,131,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll

[2013/01/09 21:38:25 | 000,707,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.dll

[2013/01/09 21:38:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml6r.dll

[2013/01/09 21:38:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msxml6r.dll

[2013/01/09 21:38:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msxml3r.dll

[2013/01/09 21:38:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msxml3r.dll

[2013/01/09 21:38:22 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll

[2013/01/09 21:38:22 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TimeBrokerServer.dll

[2013/01/09 21:38:16 | 005,974,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll

[2013/01/09 21:38:15 | 001,096,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll

[2013/01/09 21:38:14 | 005,088,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll

[2013/01/09 21:38:14 | 001,146,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mcmde.dll

[2013/01/09 21:38:13 | 003,245,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll

[2013/01/09 21:38:13 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll

[2013/01/09 21:38:13 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll

[2013/01/09 21:38:12 | 001,536,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storagewmi.dll

[2013/01/09 21:38:12 | 001,122,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Taskmgr.exe

[2013/01/09 21:38:12 | 001,027,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Taskmgr.exe

[2013/01/09 21:38:10 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll

[2013/01/09 21:38:10 | 000,955,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebcamUi.dll

[2013/01/09 21:38:10 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll

[2013/01/09 21:38:10 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WebcamUi.dll

[2013/01/09 21:38:10 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserLanguagesCpl.dll

[2013/01/09 21:38:10 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usbmon.dll

[2013/01/09 21:38:09 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnapps.dll

[2013/01/09 21:38:06 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storport.sys

[2013/01/09 21:38:00 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserLanguagesCpl.dll

[2013/01/09 21:38:00 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\sdbus.sys

[2013/01/09 21:38:00 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpsd.sys

[2013/01/09 21:37:59 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSDMon.dll

[2013/01/09 21:37:59 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wpnapps.dll

[2013/01/09 21:37:59 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe

[2013/01/09 21:37:57 | 001,217,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\storagewmi.dll

[2013/01/09 21:37:57 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe

[2013/01/09 21:37:56 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstsc.exe

[2013/01/09 21:37:56 | 000,888,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\nshwfp.dll

[2013/01/09 21:37:56 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\nshwfp.dll

[2013/01/09 21:37:55 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vdsutil.dll

[2013/01/09 21:37:54 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FWPUCLNT.DLL

[2013/01/09 21:37:54 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\FWPUCLNT.DLL

[2013/01/09 21:37:54 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll

[2013/01/09 21:37:54 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vdsldr.exe

[2013/01/09 21:37:52 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vds_ps.dll

[2013/01/09 21:37:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\vds_ps.dll

[2013/01/09 21:37:52 | 000,031,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthAvrcpTg.sys

[2013/01/09 21:37:52 | 000,029,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BthhfHid.sys

[2013/01/09 21:37:52 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys

[2013/01/09 21:37:48 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncryptsslp.dll

[2013/01/09 21:37:48 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ncryptsslp.dll

[2013/01/09 21:37:47 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll

[2013/01/09 21:24:15 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysWow64\wpcap.dll

[2013/01/09 21:24:15 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysWow64\Packet.dll

[2013/01/09 21:24:15 | 000,047,632 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysNative\drivers\npf.sys

[2013/01/09 21:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNDA3100v2 Genie

[2013/01/09 21:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NETGEAR

[2013/01/06 10:52:05 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysWow64\wpcacd3f.rra

[2013/01/06 10:52:05 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysWow64\Packcbc8.rra

[2013/01/05 18:11:28 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\ICSharpCode

[2013/01/05 18:07:16 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\Red Gate

[2013/01/05 17:44:44 | 001,256,192 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\drivers\bcmwlhigh664.sys

[2013/01/05 17:44:44 | 000,095,544 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\bcmwlcoi.dll

[2013/01/05 17:44:43 | 003,900,928 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\bcmihvsrv64.dll

[2013/01/05 17:44:43 | 003,566,592 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\bcmihvui64.dll

[2013/01/05 17:44:43 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WdfCoInstaller01009.dll

[2013/01/04 15:50:45 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\Screen_Grabs

[2013/01/04 15:48:26 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\borg

[2013/01/03 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Documents\AerosoftFlightRecorder

[2013/01/03 16:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery

[2013/01/03 16:48:00 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games

[2013/01/03 16:47:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS2Crew2012

[2013/01/03 16:46:05 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\RAASPRO

[2013/01/03 16:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft

[2013/01/03 16:35:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shockwave 3D Lights Redux

[2013/01/03 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shockwave 3D Lights Redux

[2013/01/02 23:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek

[2013/01/02 23:50:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2013/01/02 23:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lua

[2013/01/02 23:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lua

[2013/01/02 22:52:29 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\Eminem

[2013/01/02 18:27:54 | 000,000,000 | -H-D | C] -- C:\$SysReset

[2013/01/01 20:57:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\appmgmt

[2012/12/31 16:55:43 | 000,025,312 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\SysNative\drivers\SCMNdisP.sys

[2012/12/31 16:34:18 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\assembly

[2012/12/31 16:20:08 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysWow64\Pack141f.rra

[2012/12/31 13:30:10 | 000,096,784 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\SysWow64\Pack756e.rra

[2012/12/30 15:12:27 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\InstallShield

[2012/12/30 01:13:13 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\WhatPulse

[2012/12/29 15:21:28 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\AVG2013

[2012/12/29 14:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

[2012/12/29 14:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN

[2012/12/29 14:45:02 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\Avg2013

[2012/12/29 14:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software

[2012/12/29 14:32:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

[2012/12/29 13:26:26 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Documents\Amnesia

[2012/12/29 11:00:54 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\slender-8maps

[2012/12/28 22:53:56 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Subversion

[2012/12/28 22:53:17 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Documents\NetBeansProjects

[2012/12/28 22:52:35 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\NetBeans

[2012/12/28 22:52:35 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\NetBeans

[2012/12/28 22:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\glassfish-3.1.2.2

[2012/12/28 22:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans

[2012/12/28 22:36:14 | 000,000,000 | ---D | C] -- C:\Program Files\NetBeans 7.2.1

[2012/12/28 22:28:56 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\.nbi

[2012/12/28 21:22:52 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\FBPwn-beta-0.1.8

[2012/12/28 18:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox

[2012/12/28 18:51:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\DRVSTORE

[2012/12/28 18:50:54 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle

[2012/12/28 15:56:10 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\QFX Software

[2012/12/28 15:56:10 | 000,000,000 | ---D | C] -- C:\ProgramData\QFX Software

[2012/12/28 15:32:12 | 000,308,200 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe

[2012/12/28 15:31:40 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe

[2012/12/28 15:31:40 | 000,108,008 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll

[2012/12/28 15:31:39 | 000,188,392 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe

[2012/12/28 15:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/12/27 23:56:08 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Malwarebytes

[2012/12/27 23:55:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/12/27 23:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/12/27 23:55:37 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys

[2012/12/27 23:55:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/12/27 23:50:51 | 000,300,832 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\**MyComputerUsername**\Desktop\Tcpview.exe

[2012/12/27 13:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2012/12/25 17:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive

[2012/12/25 17:48:21 | 000,000,000 | R--D | C] -- C:\Users\**MyComputerUsername**\SkyDrive

[2012/12/25 17:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive

[2012/12/25 17:03:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

[2012/12/25 16:59:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office 15

[2012/12/25 11:07:22 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS

[2012/12/25 11:05:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID

[2012/12/25 11:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID

[2012/12/25 11:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Acer

[2012/12/25 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\dvdcss

[2012/12/24 23:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock

[2012/12/24 23:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock

[2012/12/23 22:51:47 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\SCE

[2012/12/23 20:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer

[2012/12/23 19:58:15 | 000,000,000 | ---D | C] -- C:\wamp2

[2012/12/23 16:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center

[2012/12/23 16:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Mouse and Keyboard Center

[2012/12/23 12:54:37 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software

[2012/12/22 14:11:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential Plus Overdrive

[2012/12/22 14:11:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REX

[2012/12/22 11:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

[2012/12/22 11:37:24 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Tunngle

[2012/12/22 11:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle

[2012/12/22 11:37:23 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\WINDOWS\SysNative\drivers\tap0901t.sys

[2012/12/22 11:37:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle

[2012/12/22 11:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle

[2012/12/22 09:28:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Just Flight

[2012/12/21 23:18:09 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Missions

[2012/12/21 23:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSAddon

[2012/12/21 23:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FSAddon

[2012/12/21 23:17:35 | 000,000,000 | ---D | C] -- C:\ProgramData\FSAddon

[2012/12/21 23:03:25 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\Microsoft Game Studios

[2012/12/21 22:48:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0

[2012/12/21 22:48:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games

[2012/12/21 22:13:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games

[2012/12/21 22:05:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012/12/21 15:23:49 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\FSX

[2012/12/21 07:45:54 | 000,362,496 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll

[2012/12/21 07:45:54 | 000,300,032 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll

[2012/12/21 07:45:53 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll

[2012/12/21 07:45:53 | 000,035,328 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll

[2012/12/20 12:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio

[2012/12/20 12:47:34 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\Razer

[2012/12/20 12:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer

[2012/12/20 12:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer

[2012/12/20 12:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer

[2012/12/20 07:37:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/12/20 07:36:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2012/12/20 07:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK

[2012/12/20 07:35:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK

[2012/12/20 07:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition

[2012/12/20 07:32:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier

[2012/12/20 07:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier

[2012/12/20 07:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit

[2012/12/20 07:30:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits

[2012/12/20 07:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft

[2012/12/20 07:29:19 | 000,000,000 | ---D | C] -- C:\ProgramData\PreEmptive Solutions

[2012/12/20 07:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/12/20 07:24:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET

[2012/12/20 07:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools

[2012/12/20 07:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2012/12/20 07:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\IIS Express

[2012/12/20 07:21:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS Express

[2012/12/19 21:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet

[2012/12/19 21:27:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services

[2012/12/19 21:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\IIS

[2012/12/19 21:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS

[2012/12/19 21:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits

[2012/12/19 21:15:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop

[2012/12/19 21:13:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer

[2012/12/19 21:10:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1033

[2012/12/19 21:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server

[2012/12/19 21:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server

[2012/12/19 21:00:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules

[2012/12/19 20:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012

[2012/12/19 20:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0

[2012/12/19 20:55:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\1033

[2012/12/19 20:55:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\symbols

[2012/12/19 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0

[2012/12/19 20:54:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs

[2012/12/19 19:43:10 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\Mael

[2012/12/19 19:42:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HxD Hex Editor

[2012/12/19 19:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HxD

[2012/12/19 14:47:20 | 000,204,200 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\VBoxNetFltNobj.dll

[2012/12/19 14:47:20 | 000,132,008 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys

[2012/12/18 17:48:34 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\Desktop\Cloud 2

[2012/12/18 17:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

[2012/12/18 17:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/12/18 17:46:10 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Local\Google

[2012/12/17 17:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

[2012/12/17 17:19:15 | 002,367,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSService.dll

[2012/12/17 17:19:13 | 013,640,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll

[2012/12/17 17:19:01 | 003,265,256 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\drivers\evbda.sys

[2012/12/17 17:18:55 | 014,259,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll

[2012/12/17 17:18:54 | 010,791,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll

[2012/12/17 17:18:47 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcMon.exe

[2012/12/17 17:18:42 | 003,847,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll

[2012/12/17 17:18:39 | 003,964,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSAT.exe

[2012/12/17 17:18:36 | 011,875,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll

[2012/12/17 17:18:34 | 000,533,224 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys

[2012/12/17 17:18:31 | 001,513,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vssapi.dll

[2012/12/17 17:18:29 | 001,825,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll

[2012/12/17 17:18:24 | 001,739,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RacEngn.dll

[2012/12/17 17:18:24 | 001,019,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MsSpellCheckingFacility.dll

[2012/12/17 17:18:22 | 002,219,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll

[2012/12/17 17:18:22 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll

[2012/12/17 17:18:21 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uDWM.dll

[2012/12/17 17:18:20 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\provcore.dll

[2012/12/17 17:18:20 | 000,389,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MMDevAPI.dll

[2012/12/17 17:18:16 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ncsi.dll

[2012/12/17 17:18:13 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlroamextension.dll

[2012/12/17 17:18:12 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSATAPI.dll

[2012/12/17 17:18:07 | 000,995,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll

[2012/12/17 17:18:06 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll

[2012/12/17 17:18:05 | 001,590,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll

[2012/12/17 17:18:05 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll

[2012/12/17 17:18:05 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IPHLPAPI.DLL

[2012/12/17 17:18:03 | 001,743,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll

[2012/12/17 17:18:03 | 000,709,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MsSpellCheckingFacility.dll

[2012/12/17 17:18:02 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFPlay.dll

[2012/12/17 17:18:00 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dnsapi.dll

[2012/12/17 17:18:00 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe

[2012/12/17 17:17:57 | 000,866,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll

[2012/12/17 17:17:57 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapi.dll

[2012/12/17 17:17:56 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\taskeng.exe

[2012/12/17 17:17:56 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidcredprov.dll

[2012/12/17 17:17:56 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rascfg.dll

[2012/12/17 17:17:55 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsrcsnk.dll

[2012/12/17 17:17:55 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll

[2012/12/17 17:17:55 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascfg.dll

[2012/12/17 17:17:54 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcdsrv.dll

[2012/12/17 17:17:52 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\USBXHCI.SYS

[2012/12/17 17:17:52 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wintrust.dll

[2012/12/17 17:17:52 | 000,249,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnprv.dll

[2012/12/17 17:17:51 | 001,400,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll

[2012/12/17 17:17:50 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VAN.dll

[2012/12/17 17:17:50 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlroamextension.dll

[2012/12/17 17:17:50 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinSATAPI.dll

[2012/12/17 17:17:49 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSClient.dll

[2012/12/17 17:17:47 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe

[2012/12/17 17:17:47 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapibase.dll

[2012/12/17 17:17:44 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl

[2012/12/17 17:17:44 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll

[2012/12/17 17:17:44 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll

[2012/12/17 17:17:43 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll

[2012/12/17 17:17:41 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhengine.dll

[2012/12/17 17:17:41 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSSync.dll

[2012/12/17 17:17:41 | 000,028,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpiowin32.sys

[2012/12/17 17:17:40 | 000,166,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSClient.dll

[2012/12/17 17:17:39 | 000,333,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe

[2012/12/17 17:17:39 | 000,120,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\msgpioclx.sys

[2012/12/17 17:17:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PackageStateRoaming.dll

[2012/12/17 17:17:38 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\appwiz.cpl

[2012/12/17 17:17:38 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFPlay.dll

[2012/12/17 17:17:38 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSSync.dll

[2012/12/17 17:17:36 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll

[2012/12/17 17:17:35 | 001,369,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RacEngn.dll

[2012/12/17 17:17:35 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmredir.dll

[2012/12/17 17:17:35 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TpmTasks.dll

[2012/12/17 17:17:34 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll

[2012/12/17 17:17:34 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProximityService.dll

[2012/12/17 17:17:33 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PackageStateRoaming.dll

[2012/12/17 17:17:32 | 000,533,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\provcore.dll

[2012/12/17 17:17:32 | 000,256,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msvproc.dll

[2012/12/17 17:17:32 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setbcdlocale.dll

[2012/12/17 17:17:29 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.dll

[2012/12/17 17:17:29 | 000,027,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\avrt.dll

[2012/12/17 17:17:27 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll

[2012/12/17 17:17:27 | 000,480,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VAN.dll

[2012/12/17 17:17:27 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\microsoft-windows-kernel-power-events.dll

[2012/12/17 17:17:26 | 000,449,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsrcsnk.dll

[2012/12/17 17:17:26 | 000,062,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dumpfve.sys

[2012/12/17 17:17:24 | 002,007,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\batmeter.dll

[2012/12/17 17:17:24 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\FWPKCLNT.SYS

[2012/12/17 17:17:24 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys

[2012/12/17 17:17:23 | 002,016,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\batmeter.dll

[2012/12/17 17:17:23 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfdisk.dll

[2012/12/17 17:17:22 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe

[2012/12/17 17:17:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll

[2012/12/17 17:17:20 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys

[2012/12/17 17:17:20 | 000,212,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\UCX01000.SYS

[2012/12/17 17:17:19 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfdisk.dll

[2012/12/17 17:17:18 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\svchost.exe

[2012/12/17 17:17:17 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll

[2012/12/17 17:17:16 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wlidcredprov.dll

[2012/12/17 17:17:14 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhevents.dll

[2012/12/17 17:17:13 | 001,342,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll

[2012/12/17 17:17:13 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll

[2012/12/17 17:17:10 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll

[2012/12/17 17:17:10 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfnet.dll

[2012/12/17 17:17:09 | 000,437,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfh264enc.dll

[2012/12/17 17:17:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvproc.dll

[2012/12/17 17:17:08 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfh264enc.dll

[2012/12/17 17:17:08 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe

[2012/12/17 17:17:07 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpksetup.exe

[2012/12/17 17:17:07 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevPropMgr.dll

[2012/12/17 17:17:06 | 000,699,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.dll

[2012/12/17 17:17:05 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwm.exe

[2012/12/17 17:17:04 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\drvinst.exe

[2012/12/17 17:17:01 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcfg.dll

[2012/12/17 17:17:01 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drvinst.exe

[2012/12/17 17:16:58 | 000,459,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll

[2012/12/17 17:16:58 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DAFWSD.dll

[2012/12/17 17:16:56 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll

[2012/12/17 17:16:56 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfnet.dll

[2012/12/17 17:16:55 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsrchapi.dll

[2012/12/17 17:16:54 | 001,701,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll

[2012/12/17 17:16:53 | 000,588,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webio.dll

[2012/12/17 17:16:53 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfos.dll

[2012/12/17 17:16:51 | 000,417,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webio.dll

[2012/12/17 17:16:50 | 000,280,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcat.dll

[2012/12/17 17:16:49 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsvc.dll

[2012/12/17 17:16:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CscMig.dll

[2012/12/17 17:16:44 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpremove.exe

[2012/12/17 17:16:43 | 000,163,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspicli.dll

[2012/12/17 17:16:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptdlg.dll

[2012/12/17 17:16:41 | 000,137,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhshl.dll

[2012/12/17 17:16:40 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasdiag.dll

[2012/12/17 17:16:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasdiag.dll

[2012/12/17 17:16:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptdlg.dll

[2012/12/17 17:16:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhmanagew.exe

[2012/12/17 17:16:39 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhlisten.dll

[2012/12/17 17:16:38 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcleanup.dll

[2012/12/17 17:16:37 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vsstrace.dll

[2012/12/17 17:16:36 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsrchph.dll

[2012/12/17 17:16:33 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhtask.dll

[2012/12/17 17:16:33 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sdbinst.exe

[2012/12/17 17:16:33 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sdbinst.exe

[2012/12/17 17:16:31 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasmxs.dll

[2012/12/17 17:16:30 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ndptsp.tsp

[2012/12/17 17:16:29 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasmxs.dll

[2012/12/17 17:16:28 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhautoplay.dll

[2012/12/17 17:16:27 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasser.dll

[2012/12/17 17:16:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ndptsp.tsp

[2012/12/17 17:16:25 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfctrs.dll

[2012/12/17 17:16:25 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfctrs.dll

[2012/12/17 17:16:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\perfproc.dll

[2012/12/17 17:16:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfos.dll

[2012/12/17 17:16:25 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rasser.dll

[2012/12/17 17:16:24 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\perfproc.dll

[2012/12/17 17:16:21 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kmddsp.tsp

[2012/12/17 17:16:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\kmddsp.tsp

[2012/12/17 17:16:21 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspisrv.dll

[2012/12/17 17:16:20 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhsvcctl.dll

[2012/12/17 17:16:19 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LangCleanupSysprepAction.dll

[2012/12/17 17:16:19 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\eventcls.dll

[2012/12/17 17:16:19 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\eventcls.dll

[2012/12/17 17:16:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MUILanguageCleanup.dll

[2012/12/17 17:16:16 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spwmp.dll

[2012/12/17 17:16:16 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpksetupproxyserv.dll

[2012/12/17 17:16:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\spwmp.dll

[2012/12/17 17:16:15 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shimeng.dll

[2012/12/17 17:16:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxmasf.dll

[2012/12/17 17:16:14 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdxm.ocx

[2012/12/17 17:16:14 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdxm.ocx

[2012/12/17 17:16:14 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dxmasf.dll

[2012/12/17 17:16:11 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll

[2012/12/17 17:16:07 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmploc.DLL

[2012/12/17 17:16:06 | 009,374,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmploc.DLL

[2012/12/17 17:13:03 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\newdev.dll

[2012/12/17 17:13:01 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\newdev.dll

[2012/12/17 17:13:00 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\newdev.exe

[2012/12/17 17:12:59 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\newdev.exe

[2012/12/17 17:12:58 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ndadmin.exe

[2012/12/17 17:12:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ndadmin.exe

[2012/12/17 17:12:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wwanprotdim.dll

[2012/12/17 07:30:28 | 000,000,000 | ---D | C] -- C:\Users\**MyComputerUsername**\AppData\Roaming\dclogs

[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/14 16:07:38 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/14 16:01:05 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/01/14 15:59:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/01/14 15:58:57 | 3434,754,048 | -HS- | M] () -- C:\hiberfil.sys

[2013/01/14 15:51:28 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/14 15:46:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**MyComputerUsername**\Desktop\OTL_2.exe

[2013/01/14 15:26:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2013/01/13 22:10:46 | 000,142,739 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Batman.The.Dark.Knight.2008.1080p.BluRay.x264.YIFY.EN.srt

[2013/01/13 17:16:19 | 000,001,794 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini

[2013/01/13 10:35:02 | 000,077,396 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Taken.2.2012.UNRATED.EXTENDED.720p.BluRay.x264-DAA.eng.srt

[2013/01/12 17:24:54 | 481,971,740 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP

[2013/01/11 15:39:40 | 000,000,976 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/01/10 19:14:53 | 005,059,576 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/01/09 23:13:00 | 001,901,654 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI

[2013/01/09 23:13:00 | 000,832,254 | ---- | M] () -- C:\WINDOWS\SysNative\perfh015.dat

[2013/01/09 23:13:00 | 000,753,016 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat

[2013/01/09 23:13:00 | 000,178,022 | ---- | M] () -- C:\WINDOWS\SysNative\perfc015.dat

[2013/01/09 23:13:00 | 000,146,266 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat

[2013/01/09 21:24:12 | 000,000,950 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

[2013/01/09 21:24:12 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk

[2013/01/06 13:49:03 | 000,012,288 | ---- | M] () -- C:\WINDOWS\SysNative\umstartup.etl

[2013/01/04 17:56:11 | 001,145,382 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Tempmusic.ogg

[2013/01/04 17:56:09 | 000,088,189 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\Tempbg.jpg

[2013/01/04 16:29:18 | 000,060,034 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Taken.2.2012.UNRATED.EXTENDdED.720p.BluRay.x264-DAA.srt

[2013/01/04 08:39:36 | 000,002,009 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Taken.2.Non-English.srt

[2012/12/30 15:26:20 | 071,685,009 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\WNDA3100v2_Win8 Beta Driver.zip

[2012/12/30 15:25:52 | 105,288,626 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\WNDA3100v2_V2.1.0.3.zip

[2012/12/29 15:41:36 | 000,001,023 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2012/12/29 14:51:35 | 000,001,024 | ---- | M] () -- C:\.rnd

[2012/12/29 14:00:16 | 000,001,791 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\PeerBlock.lnk

[2012/12/29 06:46:49 | 4072,448,959 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\The.Dark.Knight.Rises.2012.BluRay.1080p.DTS.x264-CHD.mkv

[2012/12/28 19:07:36 | 000,001,111 | ---- | M] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk

[2012/12/28 15:30:05 | 000,108,008 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\WindowsAccessBridge-64.dll

[2012/12/28 15:29:05 | 000,308,200 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaws.exe

[2012/12/28 15:29:04 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\javaw.exe

[2012/12/28 15:28:55 | 000,188,392 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\java.exe

[2012/12/28 15:28:34 | 001,081,320 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\npDeployJava1.dll

[2012/12/28 15:28:32 | 000,959,976 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\deployJava1.dll

[2012/12/26 13:25:14 | 000,001,063 | ---- | M] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2012/12/25 11:07:22 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\SysWow64\drivers\DrvAgent64.SYS

[2012/12/23 23:08:03 | 000,000,222 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Arctic Combat.url

[2012/12/22 22:25:27 | 000,000,132 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\Adobe PNG Format CS6 Prefs

[2012/12/22 14:28:20 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\REX Essential Plus Overdrive.lnk

[2012/12/22 11:37:23 | 000,001,030 | ---- | M] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk

[2012/12/22 11:37:23 | 000,001,006 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk

[2012/12/21 23:06:09 | 000,000,136 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Microsoft Flight Simulator.lnk

[2012/12/19 20:55:28 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf

[2012/12/19 19:42:51 | 000,000,920 | ---- | M] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk

[2012/12/19 14:47:20 | 000,204,200 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\VBoxNetFltNobj.dll

[2012/12/19 14:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysNative\drivers\VBoxNetAdp.sys

[2012/12/18 23:32:58 | 000,695,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

[2012/12/18 23:32:58 | 000,080,728 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

[2012/12/18 17:28:35 | 000,001,062 | ---- | M] () -- C:\Users\**MyComputerUsername**\Desktop\Cloud.lnk

[2012/12/16 08:28:20 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll

[2012/12/16 08:20:01 | 000,035,328 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll

[2012/12/16 08:08:33 | 000,362,496 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll

[2012/12/16 07:57:09 | 000,300,032 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll

[2012/12/15 21:33:07 | 000,000,600 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Local\PUTTY.RND

[2012/12/15 21:33:03 | 000,000,600 | ---- | M] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\winscp.rnd

[2 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/13 21:10:54 | 000,142,739 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Batman.The.Dark.Knight.2008.1080p.BluRay.x264.YIFY.EN.srt

[2013/01/13 09:49:59 | 000,060,034 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Taken.2.2012.UNRATED.EXTENDdED.720p.BluRay.x264-DAA.srt

[2013/01/13 09:35:01 | 000,077,396 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Taken.2.2012.UNRATED.EXTENDED.720p.BluRay.x264-DAA.eng.srt

[2013/01/13 09:32:47 | 000,002,009 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Taken.2.Non-English.srt

[2013/01/11 15:39:40 | 000,000,976 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/01/11 15:35:42 | 3434,754,048 | -HS- | C] () -- C:\hiberfil.sys

[2013/01/10 19:13:02 | 481,971,740 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP

[2013/01/10 18:51:37 | 005,059,576 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT

[2013/01/09 21:24:15 | 000,053,299 | ---- | C] () -- C:\WINDOWS\SysWow64\pthreadVC.dll

[2013/01/09 21:24:12 | 000,000,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNDA3100v2 Genie.lnk

[2013/01/09 21:24:12 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\NETGEAR WNDA3100v2 Genie.lnk

[2013/01/06 13:49:03 | 000,012,288 | ---- | C] () -- C:\WINDOWS\SysNative\umstartup.etl

[2013/01/04 17:56:09 | 000,088,189 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Local\Tempbg.jpg

[2012/12/30 15:23:11 | 071,685,009 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\WNDA3100v2_Win8 Beta Driver.zip

[2012/12/30 15:22:06 | 105,288,626 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\WNDA3100v2_V2.1.0.3.zip

[2012/12/29 11:06:36 | 001,145,382 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Local\Tempmusic.ogg

[2012/12/28 18:51:29 | 000,001,111 | ---- | C] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk

[2012/12/28 18:13:59 | 4072,448,959 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\The.Dark.Knight.Rises.2012.BluRay.1080p.DTS.x264-CHD.mkv

[2012/12/26 13:25:14 | 000,001,063 | ---- | C] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2012/12/25 17:48:20 | 000,002,237 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

[2012/12/24 23:35:15 | 000,001,791 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\PeerBlock.lnk

[2012/12/23 23:08:03 | 000,000,222 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Arctic Combat.url

[2012/12/22 22:00:28 | 000,000,132 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\Adobe PNG Format CS6 Prefs

[2012/12/22 14:28:20 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\REX Essential Plus Overdrive.lnk

[2012/12/22 11:37:23 | 000,001,030 | ---- | C] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\Tunngle beta.lnk

[2012/12/22 11:37:23 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk

[2012/12/21 23:06:09 | 000,000,136 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Microsoft Flight Simulator.lnk

[2012/12/20 17:28:26 | 000,000,291 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Computer.lnk

[2012/12/20 07:22:18 | 000,002,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk

[2012/12/19 20:55:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf

[2012/12/19 19:42:51 | 000,000,920 | ---- | C] () -- C:\Users\**MyComputerUsername**\Application Data\Microsoft\Internet Explorer\Quick Launch\HxD.lnk

[2012/12/18 20:40:02 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2012/12/18 17:46:27 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/12/18 17:46:26 | 000,000,914 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/12/18 17:28:21 | 000,001,062 | ---- | C] () -- C:\Users\**MyComputerUsername**\Desktop\Cloud.lnk

[2012/12/17 17:16:36 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll

[2012/12/17 17:16:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\SysNative\OEMLicense.dll

[2012/12/12 20:29:40 | 000,001,794 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini

[2012/12/07 20:45:03 | 000,000,600 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Local\PUTTY.RND

[2012/12/07 06:00:11 | 000,000,402 | ---- | C] () -- C:\WINDOWS\PLTGC.ini.cfl

[2012/12/07 05:59:53 | 000,000,432 | ---- | C] () -- C:\WINDOWS\PLTGC.ini.imi

[2012/12/07 05:59:52 | 000,003,489 | ---- | C] () -- C:\WINDOWS\PLTGC.ini.cfg

[2012/12/07 05:59:23 | 000,000,447 | ---- | C] () -- C:\WINDOWS\PLTGC.ini

[2012/12/07 04:20:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/12/07 00:15:21 | 000,000,600 | ---- | C] () -- C:\Users\**MyComputerUsername**\AppData\Roaming\winscp.rnd

[2012/11/25 12:37:24 | 000,000,117 | ---- | C] () -- C:\Users\**MyComputerUsername**\SciTE.session

[2012/11/25 12:37:24 | 000,000,117 | ---- | C] () -- C:\Users\**MyComputerUsername**\SciTE.recent

[2012/11/25 11:11:25 | 000,003,919 | ---- | C] () -- C:\Users\**MyComputerUsername**\SciTEStartup.lua

[2012/11/08 17:52:09 | 000,552,960 | ---- | C] () -- C:\WINDOWS\SysWow64\RAASAUDIO32.dll

[2012/10/25 14:47:36 | 000,001,181 | ---- | C] () -- C:\Users\**MyComputerUsername**\FSX.lnk

[2012/07/26 08:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat

[2012/07/26 08:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT

[2012/07/26 07:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/26 01:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll

[2012/07/25 20:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2012/07/25 20:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll

[2012/07/20 20:00:19 | 000,000,032 | ---- | C] () -- C:\Users\**MyComputerUsername**\jagex_cl_runescape_LIVE.dat

[2012/07/04 05:34:16 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat

[2012/07/04 05:34:16 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat

[2012/06/02 14:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

[2012/04/19 03:39:10 | 000,028,672 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll

[2011/09/12 22:06:16 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2012/12/09 12:52:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/11/06 04:19:27 | 019,789,824 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/11/06 04:20:00 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 03:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 03:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 03:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >

[2012/12/29 14:51:35 | 000,001,024 | ---- | M] () -- C:\.rnd

[2013/01/12 22:39:28 | 000,002,158 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2009/06/10 21:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2012/06/02 14:30:55 | 000,000,001 | -HS- | M] () -- C:\BOOTNXT

[2009/08/15 14:16:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/06/10 21:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012/09/03 11:49:53 | 000,006,218 | ---- | M] () -- C:\hcwDriverInstall.txt

[2013/01/14 15:58:57 | 3434,754,048 | -HS- | M] () -- C:\hiberfil.sys

[2011/12/22 10:30:02 | 000,002,157 | ---- | M] () -- C:\hotfix.txt

[2012/12/07 05:03:18 | 000,001,487 | ---- | M] () -- C:\icon.gif

[2011/06/12 14:13:48 | 000,000,360 | -H-- | M] () -- C:\IPH.PH

[2012/08/15 15:56:32 | 000,001,914 | ---- | M] () -- C:\khalinstall.log

[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2011/09/20 18:00:22 | 000,262,144 | ---- | M] () -- C:\ntuser.dat

[2011/09/20 18:00:22 | 000,005,120 | -HS- | M] () -- C:\ntuser.dat.LOG1

[2011/07/20 18:00:13 | 000,000,000 | -HS- | M] () -- C:\ntuser.dat.LOG2

[2011/08/23 18:00:09 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{0283ad8a-cd95-11e0-8113-005056c00008}.TM.blf

[2011/08/23 18:00:09 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{0283ad8a-cd95-11e0-8113-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/08/23 18:00:09 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{0283ad8a-cd95-11e0-8113-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/09/18 18:00:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{028f2624-e1e7-11e0-85bf-e73d37075746}.TM.blf

[2011/09/18 18:00:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{028f2624-e1e7-11e0-85bf-e73d37075746}.TMContainer00000000000000000001.regtrans-ms

[2011/09/18 18:00:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{028f2624-e1e7-11e0-85bf-e73d37075746}.TMContainer00000000000000000002.regtrans-ms

[2011/09/07 18:00:05 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{1a081776-d966-11e0-bb82-9955bd454218}.TM.blf

[2011/09/07 18:00:05 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{1a081776-d966-11e0-bb82-9955bd454218}.TMContainer00000000000000000001.regtrans-ms

[2011/09/07 18:00:05 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{1a081776-d966-11e0-bb82-9955bd454218}.TMContainer00000000000000000002.regtrans-ms

[2011/08/01 18:00:10 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{59e43f82-bc65-11e0-93b0-005056c00008}.TM.blf

[2011/08/01 18:00:10 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{59e43f82-bc65-11e0-93b0-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/08/01 18:00:10 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{59e43f82-bc65-11e0-93b0-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/09/06 18:00:05 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{5d4ce420-d89d-11e0-b733-dba5a30a6e1a}.TM.blf

[2011/09/06 18:00:05 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5d4ce420-d89d-11e0-b733-dba5a30a6e1a}.TMContainer00000000000000000001.regtrans-ms

[2011/09/06 18:00:05 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5d4ce420-d89d-11e0-b733-dba5a30a6e1a}.TMContainer00000000000000000002.regtrans-ms

[2011/09/17 18:00:07 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{5ef13176-e14c-11e0-a5a0-ca39c58fbb32}.TM.blf

[2011/09/17 18:00:07 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5ef13176-e14c-11e0-a5a0-ca39c58fbb32}.TMContainer00000000000000000001.regtrans-ms

[2011/09/17 18:00:07 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{5ef13176-e14c-11e0-a5a0-ca39c58fbb32}.TMContainer00000000000000000002.regtrans-ms

[2011/08/14 18:00:09 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{69f718f5-c682-11e0-9392-e49e3e1d5268}.TM.blf

[2011/08/14 18:00:09 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{69f718f5-c682-11e0-9392-e49e3e1d5268}.TMContainer00000000000000000001.regtrans-ms

[2011/08/14 18:00:09 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{69f718f5-c682-11e0-9392-e49e3e1d5268}.TMContainer00000000000000000002.regtrans-ms

[2011/08/07 18:00:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{71bdc0ab-c11d-11e0-941c-005056c00008}.TM.blf

[2011/08/07 18:00:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{71bdc0ab-c11d-11e0-941c-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/08/07 18:00:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{71bdc0ab-c11d-11e0-941c-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/08/24 18:00:04 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{9324e8b5-ce4d-11e0-b102-005056c00008}.TM.blf

[2011/08/24 18:00:04 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{9324e8b5-ce4d-11e0-b102-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/08/24 18:00:04 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{9324e8b5-ce4d-11e0-b102-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/07/20 18:00:13 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{9b3eb5da-b2f0-11e0-96dc-005056c00008}.TM.blf

[2011/07/20 18:00:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{9b3eb5da-b2f0-11e0-96dc-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/07/20 18:00:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{9b3eb5da-b2f0-11e0-96dc-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/09/12 18:00:08 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{b357e9c3-dd50-11e0-b4a9-b8c4e7747f21}.TM.blf

[2011/09/12 18:00:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{b357e9c3-dd50-11e0-b4a9-b8c4e7747f21}.TMContainer00000000000000000001.regtrans-ms

[2011/09/12 18:00:08 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{b357e9c3-dd50-11e0-b4a9-b8c4e7747f21}.TMContainer00000000000000000002.regtrans-ms

[2011/08/04 18:00:20 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{c2a80518-be81-11e0-8c07-005056c00008}.TM.blf

[2011/08/04 18:00:20 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{c2a80518-be81-11e0-8c07-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/08/04 18:00:20 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{c2a80518-be81-11e0-8c07-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/08/02 18:00:16 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{d3dbeb2d-bd0d-11e0-95e2-005056c00008}.TM.blf

[2011/08/02 18:00:16 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d3dbeb2d-bd0d-11e0-95e2-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/08/02 18:00:16 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{d3dbeb2d-bd0d-11e0-95e2-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/08/26 19:04:43 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{dc0980aa-cfe7-11e0-916b-ac2ff3ca635c}.TM.blf

[2011/08/26 19:04:43 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{dc0980aa-cfe7-11e0-916b-ac2ff3ca635c}.TMContainer00000000000000000001.regtrans-ms

[2011/08/26 19:04:43 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{dc0980aa-cfe7-11e0-916b-ac2ff3ca635c}.TMContainer00000000000000000002.regtrans-ms

[2011/07/22 18:00:12 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{e599e845-b443-11e0-ab51-005056c00008}.TM.blf

[2011/07/22 18:00:12 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{e599e845-b443-11e0-ab51-005056c00008}.TMContainer00000000000000000001.regtrans-ms

[2011/07/22 18:00:12 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{e599e845-b443-11e0-ab51-005056c00008}.TMContainer00000000000000000002.regtrans-ms

[2011/08/25 18:00:11 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{ef4e1b1b-cf19-11e0-8f79-db43294c66a1}.TM.blf

[2011/08/25 18:00:11 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{ef4e1b1b-cf19-11e0-8f79-db43294c66a1}.TMContainer00000000000000000001.regtrans-ms

[2011/08/25 18:00:11 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{ef4e1b1b-cf19-11e0-8f79-db43294c66a1}.TMContainer00000000000000000002.regtrans-ms

[2011/08/18 18:00:10 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f14b346c-c987-11e0-b26a-a5110f3f2ba6}.TM.blf

[2011/08/18 18:00:10 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f14b346c-c987-11e0-b26a-a5110f3f2ba6}.TMContainer00000000000000000001.regtrans-ms

[2011/08/18 18:00:10 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f14b346c-c987-11e0-b26a-a5110f3f2ba6}.TMContainer00000000000000000002.regtrans-ms

[2013/01/14 15:59:00 | 4194,304,000 | -HS- | M] () -- C:\pagefile.sys

[2013/01/14 15:59:01 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2012/08/26 17:05:44 | 000,147,756 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_26.08.2012_18.02.33_log.txt

[2011/09/01 17:43:42 | 016,217,952 | ---- | M] (Microsoft Corporation) -- C:\VS10SP1-KB2581206.exe

[2012/05/15 20:11:25 | 000,000,077 | ---- | M] () -- C:\wepkeys.txt

[2011/11/19 19:09:14 | 000,116,633 | ---- | M] () -- C:\wubildr

[2011/11/19 19:09:14 | 000,008,192 | ---- | M] () -- C:\wubildr.mbr

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

I've been getting afew .net errors on shutdown, and it seems like my computers running slowwer.

Link to post
Share on other sites

Extra's

OTL Extras logfile created on: 1/14/2013 4:03:04 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**MyComputerUsername**\Desktop

64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16453)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 55.60% Memory free

7.90 Gb Paging File | 6.05 Gb Available in Paging File | 76.52% Paging File free

Paging file location(s): c:\pagefile.sys 4000 6000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 341.45 Gb Total Space | 2.99 Gb Free Space | 0.88% Space Free | Partition Type: NTFS

Drive E: | 47.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive H: | 3.69 Gb Total Space | 0.89 Gb Free Space | 24.25% Space Free | Partition Type: FAT32

Computer Name: **MyComputerUsername**-PC | User Name: **MyComputerUsername** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{05A9FF3E-A59B-4ABF-A1C2-DFB2D36021C0}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{1558FFD3-E7E8-4E20-B132-14C8859163F9}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{1F542EF5-7514-4857-9C74-3CA4C8EF6738}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{250CAE70-9B4D-4159-BC5E-E5AC294E3EBF}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{336DB1AA-9FE8-4D9B-89E7-A0FEE24D9329}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{4147C0B2-B8D7-4D73-A40D-F2374C20FE6A}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{4DB1F877-0168-4AC0-98B3-CEC802B8A258}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |

"{5D090652-254F-4578-8388-2EDA5FBEE32A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{74F1B51F-9D5A-4F63-9819-3D8631343F7B}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{75DA8E95-F6E9-4A28-888C-F04C10F09C59}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{AC125136-7554-4925-8F20-01AEFDBCA6C7}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{AC506CE5-D6B7-407B-84C4-4180554E2A53}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{BA04B7D1-FFF5-4D38-97C1-1CF6F5E47FD5}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{BBA150B0-4A73-4D74-98E3-C436246DB474}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

"{C1D1E980-FD6D-4729-9373-9EC4B1CB9A5E}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0117DC1C-F0A1-49C0-B8BF-1DCBC853D148}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{03F1E9DF-B19D-4E0D-8A15-7222C09927C1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{0701C378-B1BF-4C5F-8B06-4FC29AE7447B}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{0735AA58-14FD-4DD2-82F1-71FD0C34AC7A}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{0B956BC1-39CF-46B1-8523-5CC637EDE4E2}" = dir=out | name=@{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{0BFB70F9-1466-495F-A5D0-A09FBBCC7270}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{0CB16ED2-F973-4034-A3A4-469B3A8B4A67}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{0CCEF0D2-4C1A-4B9B-A6EE-E1D51470AA93}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{1019E11C-91BE-414A-BCD0-CBA31DA70A51}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{12B91191-5B3E-495F-A18F-1B1E57741613}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |

"{15E6735B-0066-4D2D-B361-610F2A027D7E}" = dir=out | name=norton satellite |

"{160784BB-B978-4978-B740-76DAA9C68AB8}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |

"{161540B3-C097-42D2-8373-6ED6FA2B624E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{18D11D90-A666-4308-B2C4-13F33AB3F64C}" = protocol=17 | dir=in | app=c:\program files (x86)\fifa 13\game\fifa13.exe |

"{19B4CE31-0772-47B3-A7C5-0FF38103D317}" = dir=out | name=code writer |

"{1DC19019-D8CA-409A-AFBB-4AE990EB28C4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{201C2088-3376-4D62-B8B9-F17815F1BCCA}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{248EBAD0-68D5-4B62-89D6-EBCD7A7E73BB}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{25A0B2B6-C90D-4409-8D4B-F510B6E9E38F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{25D4585D-11DD-4A5D-AAB5-5BFDA62BF2E4}" = dir=out | name=wikipedia |

"{2B77D70A-C55D-4807-BBBB-235B785398AB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{2B7FFEC9-7202-4EC9-ADEB-7B7BC2282AEE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |

"{2EE2EAE1-C02E-489D-A34E-ACDC5C59E050}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{33F92B64-440B-43FF-A42B-FDB3D717F403}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{36E57F72-C8B7-4C22-B55A-B03376BB634C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |

"{4391A3C2-3ABA-495F-ABED-FA22B8A86290}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{439256D4-07C1-4D02-B4D0-6315F5252BE0}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{47A5B173-80E3-4B53-B582-8A305E8DB5F3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{4A0057D4-D457-4A3D-8C59-5C06839ED8A4}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{4F051B51-AB59-49F6-8EEB-3B2C015732A4}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{599D751B-9BB9-415C-9B53-421422CE5B4B}" = protocol=17 | dir=in | app=c:\users\**MyComputerUsername**\appdata\roaming\dropbox\bin\dropbox.exe |

"{5E354230-C797-48A4-8330-7EF95B59440A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\simolimo12\garrysmod\hl2.exe |

"{60CF61E9-15CB-4307-B83B-E5FC9EF8661E}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{724F66BB-D368-4646-98B4-9988D5207387}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{729E9633-01D0-4C00-A536-1DDA8BCB6361}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{7699F4A5-6741-4B63-8B43-DB1467CC625A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{7BBE40C9-AAF6-4DD5-83D5-CB6EED8347AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{7BCFAA7E-2BCE-4915-93ED-6B30E6103C5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |

"{7EA687F4-D725-479E-AACB-922DE9F7D5DB}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |

"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{84C75182-6C4C-49D8-A66F-5B610A1922D3}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{875C6563-5578-40F8-A9F6-673B0AA7B913}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{92DB9D01-6E5E-4897-866D-7BBED6781572}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |

"{950CB3CA-7EC4-4567-8BAF-A487AAC8C3B2}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe |

"{95BC33D3-5661-4EF6-A5B5-932582BC7B11}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{970CE6A2-E5F0-449F-B530-0528201030AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{9713A4CF-E6FE-4453-A265-630C345546C3}" = protocol=6 | dir=in | app=c:\users\**MyComputerUsername**\appdata\roaming\dropbox\bin\dropbox.exe |

"{977B5E74-B2CA-4A1D-89E8-32A83AB92AA5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{98843586-CEAF-43AE-8DB1-154EB6F85CC1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{9C90B0C0-E6C4-4432-9C2B-8DE5FD7EC39D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{9FA06A70-DCC1-4E64-8332-E437C4B554A3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{A306BD1B-180A-4396-9090-9E4D5448C7A5}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{A44358A6-6764-4924-9E4F-5F0915443FFB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |

"{A5F56685-CA23-402D-B508-F33DE7A051D0}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |

"{A642E303-62E9-4C92-BF89-4AD717BB2BF5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{AF2E58C5-20AB-46B4-B29B-C65E99555829}" = protocol=6 | dir=in | app=c:\program files (x86)\fifa 13\game\fifa13.exe |

"{B078DE1C-DBBA-4325-AA9B-43CEDD72B5AD}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |

"{B658AB42-21A8-43F1-9AEA-AC417BA214F1}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |

"{B721EC11-D0BE-4E13-81AE-D6ADE832DC2E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{B98D8B0D-ECE4-4F72-91DC-FA68576EA170}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |

"{BBC83027-15E1-45BA-8753-98B80398B4E3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |

"{C17B3700-087C-4BDB-AE21-BD3CA003A3CE}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{CA48B56A-3000-47EB-8840-5D9C90295396}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\simolimo12\garrysmod\hl2.exe |

"{CAEA5BC1-A4BE-4B31-86DD-9560CE5978FE}" = dir=out | name=google search |

"{CD02B9F4-3AD6-4B76-94F9-FFBDAD3954C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{CD6B2B37-D48A-4480-81CE-CFB1CBD70B59}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{CEB37449-9D3E-42A8-9A4A-3C43770B9D22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{CFBE41F2-2E5F-4A15-BF0C-CCD1003E1263}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{D5FBCDBA-31AB-430B-9C83-882EFE8D1ACA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{DB1F734D-42C8-4738-AD5A-402D368DFF9C}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |

"{E21AF28D-67D2-4206-A960-ECFCA1730128}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{EAE2BBAD-6D78-4CB8-8F04-A9202B0D7F19}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{EE773E88-0016-4F9E-A98B-C1C3FE41A252}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{EF01ED38-3383-41AA-819C-3632831FDCC0}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{F3B66F3D-78B5-4786-9B90-567359C5BE64}" = dir=in | app=c:\users\**MyComputerUsername**\appdata\local\microsoft\skydrive\skydrive.exe |

"{F5F275CA-2473-434B-A74A-87D7724EEACF}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe |

"{F766F14B-0993-4DF4-B259-F00B71221161}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{F84A7F37-B53A-4B63-859B-5C26E33EB680}" = dir=out | name=windows 8 developers news |

"{FBC0134E-BC23-4FB7-BB64-6C6B31D5EA16}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"TCP Query User{3140C7BF-EFE9-423E-B02B-8CF23D58F4EB}C:\program files (x86)\steam\steamapps\simolimo12\garrysmod\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\simolimo12\garrysmod\hl2.exe |

"UDP Query User{B507E177-F4F5-488A-8509-8BE904513825}C:\program files (x86)\steam\steamapps\simolimo12\garrysmod\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\simolimo12\garrysmod\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0B497B28-5243-3329-9F10-DBB18E0963E6}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106

"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom

"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack

"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB

"{16ED1FB0-CB3D-30C8-92AD-3519BE59E809}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{21BB1293-1213-F5DF-D20E-BB9675C434C3}" = AMD Accelerated Video Transcoding

"{24C3AEE0-4BCE-3190-8EE0-BBA0BF72CAC1}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)

"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote

"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding

"{2F83BADD-4B83-0913-6996-D129ED5FD762}" = ccc-utility64

"{324EF6E6-9879-24CD-3E1B-147B1B90AD00}" = AMD Media Foundation Decoders

"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework

"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components

"{4701DEDE-1888-49E0-BAE5-857875924CA2}" = Microsoft SQL Server System CLR Types (x64)

"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{50150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU

"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)

"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites

"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools

"{64A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10 (64-bit)

"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU

"{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center

"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express

"{829E8E72-C14D-3B1F-A179-0D0A8D10C734}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model

"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)

"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists

"{8C49F61F-FCA6-A096-3E92-71128D8425ED}" = AMD Catalyst Install Manager

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++

"{9C9BB05F-A0EA-41DA-B7B9-C916250C36E4}" = JavaScript Tooling

"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities

"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64

"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6

"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service

"{BFAB7835-55A2-41CD-AE66-F673BCA4E49F}" = AVG 2013

"{C1278275-4862-C865-7DBC-A116C4BB837A}" = AMD Drag and Drop Transcoding

"{D1E10AF3-129A-8C50-3511-7BE192551E1A}" = AMD Fuel

"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727

"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0

"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)

"{F80A6636-B3CB-4246-912F-50DA19F0683A}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64

"{F91E2EF2-CD31-4727-816F-F73F772F5FE6}" = AVG 2013

"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)

"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86

"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU

"AVG" = AVG 2013

"CPUID CPU-Z_is1" = CPUID CPU-Z 1.62.0

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

"Microsoft Office Professional 15 (Technical Preview) - en-us" = Microsoft Office 365 Home Premium Preview - en-us

"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

"nbi-glassfish-mod-3.1.2.23.2" = GlassFish Server Open Source Edition 3.1.2.2

"nbi-nb-base-7.2.1.0.201210100934" = NetBeans IDE 7.2.1

"Sandboxie" = Sandboxie 3.76 (64-bit)

"sp6" = Logitech SetPoint 6.51

"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012

"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64

"{028D9983-D201-41E1-AD97-BD64CD062422}" = Just Flight - Space Shuttle FSX

"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components

"{0ECCA7BA-19CE-0F7F-6652-EED1FAD7CC49}" = CCC Help Czech

"{1117D1E5-D9F8-49DB-D8A1-E266BCC89B9C}" = CCC Help Russian

"{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU

"{1410622D-CB02-412C-B55A-735CB77D40A3}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources

"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012

"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive

"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5

"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK

"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK

"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU

"{1BB61F91-77F7-9EF1-9C7D-36701E70ECF0}" = CCC Help Dutch

"{1C7FB1F8-E7FF-7D8E-95B9-E007126CBC73}" = CCC Help Greek

"{1D0773A5-D1B4-24F7-C717-8C35E9FD750B}" = CCC Help Danish

"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component

"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote

"{238A283E-D591-4D47-B63F-917EAD8FC986}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86

"{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation

"{25DD8FD0-07DE-98E2-1D60-BE935C363C63}" = CCC Help Chinese Traditional

"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9

"{26BB4500-04A7-11C7-0E93-168004253F38}" = CCC Help Korean

"{26D63A44-D3A2-4C39-B558-602B5F26C575}" = Microsoft Visual Studio 2012 IntelliTrace Core x86

"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources

"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components

"{2D2B62BD-0F67-42B0-BE66-866D7B63663F}" = Microsoft Visual C++ 2012 Compilers - ENU Resources

"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update

"{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries

"{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106

"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv

"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition

"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources

"{39DB116F-E088-486F-B13C-8925ECE7A6E5}" = 3D Sound Back Beta0.1

"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2

"{3C7839E7-21F4-49E0-B4D5-AC8ED818CCB0}" = NETGEAR WNDA3100v2 wireless USB 2.0 adapter

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{409D321C-47A0-D570-DB39-54B7F30BED95}" = CCC Help Thai

"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote

"{43C6BA0A-A298-D103-1425-3F8260F1A15C}" = CCC Help Spanish

"{45E1DDD6-F0B3-F82A-A055-A87275904619}" = CCC Help Turkish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E7AE84C-431F-F3B2-ECBC-CAD2F1C61F8D}" = CCC Help French

"{4F4B9983-2EC4-4CBF-A587-B2EBFE8A6B12}" = FSX Mission Editor

"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources

"{57D782D7-49FD-48DE-AB47-A690A1519A2D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools

"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012

"{59D87F40-6C4B-4F80-A42B-FAA0E6EAFAB6}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools

"{5A893648-0883-4027-B85B-C6F84BD9F41C}" = JavaScript Tooling

"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack

"{5E591A43-4424-417D-946D-C0A7559989A1}" = Microsoft Visual C++ 2012 x86-x64 Compilers

"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit

"{619976AC-89EE-4312-9772-17AF4024D91D}" = AMD VISION Engine Control Center

"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages

"{6902342D-D3C8-316A-B44B-48024F3EBAB8}" = Microsoft Visual C++ 2012 Extended Libraries

"{698E1D29-890E-492A-826E-273F423CB5D2}" = Catalyst Control Center Localization All

"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

"{6D1BFFEB-E7BE-D616-55EC-6A9BE7B8649F}" = CCC Help Swedish

"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service

"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer

"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools

"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth

"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{719284C0-44B2-2D87-1B0C-2C608869316F}" = CCC Help Hungarian

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72A8CA9D-4DAA-7A25-2251-C9DFD42156AB}" = CCC Help English

"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core

"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6

"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)

"{794BF30D-0035-497B-B1C4-A41454483019}" = aerosoft's - Lukla X - Mount Everest Mission

"{7CD50476-F4AD-7664-C0E7-28429E58BE0C}" = CCC Help German

"{7CF5BC92-CC36-4F92-9962-E84DAAFAFFBD}" = Microsoft Visual C++ 2012 Compilers

"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)

"{80888246-E4CC-434E-930A-4891EB8AF29D}" = Visual Studio Extensions for Windows Library for JavaScript

"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies

"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.5.0

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90BE1F21-89DF-1942-B0C5-D2C4F27EF6B8}" = CCC Help Japanese

"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012

"{93ABEFF9-A4B1-FCA6-3680-5DC4DFFAFFD8}" = CCC Help Portuguese

"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime

"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"{95CC8D5F-90A1-4285-9B2D-8D0FBCFD8D0D}_is1" = WhatPulse version 2.0

"{982E7D4A-22A4-3031-064B-1025ACB101EB}" = CCC Help Finnish

"{9F30A684-44DC-4BDF-89ED-70F9021B851F}" = REX Essential Plus Overdrive

"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13

"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools

"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types

"{A5BD84AE-D340-4C7B-A272-412AE146ECC8}" = NETGEAR WNDA3100v2 wireless USB 2.0 driver

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI

"{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu

"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources

"{B585A11C-4F6E-3532-97D4-3670FE94600D}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries

"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B96FCD4F-6EDD-4258-8A6D-0FCEA8445E3E}" = Microsoft Web Developer Tools - Visual Studio 2012

"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack

"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu

"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core

"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush

"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack

"{C6418568-02B0-1263-6442-6C45CAAA5514}" = CCC Help Polish

"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us

"{C9DEC19E-B1A6-51DB-6238-CD2F42F2A526}" = CCC Help Norwegian

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU

"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps

"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects

"{DC6B3DF3-897E-EAC3-10AF-39908F333885}" = Catalyst Control Center Graphics Previews Common

"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3

"{DEC42A57-C791-660A-C88F-6B2A31C165B8}" = CCC Help Chinese Standard

"{DF56EB5C-7E7A-D405-1B01-ECC0CAD8E709}" = Catalyst Control Center InstallProxy

"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK

"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU

"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu

"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU

"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0

"{EB3C9064-9140-4279-9E51-965119402151}" = Plantronics® GameCom 780 Software for Dolby® Headphone

"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F13FADA9-0337-52A8-3D8D-9C0F52DCC928}" = CCC Help Italian

"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++

"{f9024a51-ab45-4a46-b597-ce12f74963c7}" = Microsoft Visual Studio Ultimate 2012

"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)

"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework

"{FBBC8076-BB21-4E06-9FA0-309AEF6E35EE}" = Microsoft ASP.NET Web Pages 2 Runtime

"{FDAD2767-11CA-4D38-9CC4-48770CE3CC7B}" = Notification Center

"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0

"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Airbus X Extended - FSX" = Aerosoft's - Airbus X Extended - FSX

"FileASSASSIN" = FileASSASSIN

"FileZilla Client" = FileZilla Client 3.6.0.2

"FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}" = Microsoft Flight Simulator X: Acceleration

"Fraps" = Fraps (remove only)

"Google Chrome" = Google Chrome

"HxD Hex Editor_is1" = HxD Hex Editor version 1.7.7.0

"I-Doser" = I-Doser Premium

"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X

"Internet Download Manager" = Internet Download Manager

"Lua_is1" = Lua for Windows 5.1.4-46

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0

"Mozilla Firefox 18.0 (x86 en-US)" = Mozilla Firefox 18.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NoIPDUC" = No-IP DUC

"Notepad++" = Notepad++

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PowerISO" = PowerISO

"RAAS Professional by FS2Crew (LOCKED)" = RAAS Professional by FS2Crew (LOCKED)

"RAMRush_is1" = RAMRush 1.0.6.917

"Steam App 212370" = Arctic Combat

"Steam App 570" = Dota 2

"transgui_is1" = Transmission Remote GUI 4.1

"Tunngle beta_is1" = Tunngle beta

"UK2000 London City Xtreme FSX" = UK2000 London City Xtreme FSX

"WampServer 2_is1" = WampServer 2.2

"WhatPulse" = WhatPulse 1.7.1

"winscp3_is1" = WinSCP 5.1.2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"F/A 18 Hornet for FSX" = F/A 18 Hornet for FSX

"SkyDriveSetup.exe" = Microsoft SkyDrive

"Ultimate Terrain X - Europe" = Ultimate Terrain X - Europe

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/13/2013 9:32:40 PM | Computer Name = **MyComputerUsername**-PC | Source = ESENT | ID = 454

Description = SettingSyncHost (3992) {82D259B3-A1EB-4005-8E29-74CE1D3241ED}: Database

recovery/restore failed with unexpected error -510.

Error - 1/13/2013 9:38:06 PM | Computer Name = **MyComputerUsername**-PC | Source = ESENT | ID = 490

Description = SettingSyncHost (3992) {69732A8A-DBA7-4667-A98E-60149A26A57F}: An

attempt to open the file "C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\Live\Roaming\LocalSync\edb.chk"

for read / write access failed with system error 32 (0x00000020): "The process

cannot access the file because it is being used by another process. ". The open

file operation will fail with error -1032 (0xfffffbf8).

Error - 1/13/2013 10:02:37 PM | Computer Name = **MyComputerUsername**-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2484

Description = Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

was terminated because it took too long to suspend.

Error - 1/13/2013 10:03:22 PM | Computer Name = **MyComputerUsername**-PC | Source = Application Hang | ID = 1002

Description = The program SystemSettings.exe version 6.2.9200.16420 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1fc8 Start

Time: 01cdf1d045649e59 Termination Time: 4294967295 Application Path: C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe

Report

Id: 7946b40b-5dee-11e2-bec2-ef95e8b4990d Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting

package-relative application ID: microsoft.windows.immersivecontrolpanel

Error - 1/14/2013 3:41:35 AM | Computer Name = **MyComputerUsername**-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 2486

Description = App microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail

did not launch within its allotted time.

Error - 1/14/2013 3:41:57 AM | Computer Name = **MyComputerUsername**-PC | Source = Application Hang | ID = 1002

Description = The program LiveComm.exe version 16.4.4406.1205 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1140 Start

Time: 01cdf22a1217066f Termination Time: 4294967295 Application Path: C:\Program

Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe

Report

Id: d607f233-5e1d-11e2-bec3-eff402f52c34 Faulting package full name: microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe

Faulting

package-relative application ID: Microsoft.WindowsLive.Mail

Error - 1/14/2013 3:41:58 AM | Computer Name = **MyComputerUsername**-PC | Source = Microsoft-Windows-Immersive-Shell | ID = 5973

Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail

failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log

for additional information.

Error - 1/14/2013 11:41:50 AM | Computer Name = **MyComputerUsername**-PC | Source = ESENT | ID = 489

Description = DllHost (6308) WebCacheLocal: An attempt to open the file "C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"

for read only access failed with system error 32 (0x00000020): "The process cannot

access the file because it is being used by another process. ". The open file

operation will fail with error -1032 (0xfffffbf8).

Error - 1/14/2013 11:41:51 AM | Computer Name = **MyComputerUsername**-PC | Source = ESENT | ID = 490

Description = taskhostex (6168) WebCacheLocal: An attempt to open the file "C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\WebCache\V01.log"

for read / write access failed with system error 32 (0x00000020): "The process

cannot access the file because it is being used by another process. ". The open

file operation will fail with error -1032 (0xfffffbf8).

Error - 1/14/2013 11:41:51 AM | Computer Name = **MyComputerUsername**-PC | Source = ESENT | ID = 454

Description = taskhostex (6168) WebCacheLocal: Database recovery/restore failed

with unexpected error -1032.

[ System Events ]

Error - 1/14/2013 11:57:36 AM | Computer Name = **MyComputerUsername**-PC | Source = DCOM | ID = 10010

Description =

Error - 1/14/2013 11:57:36 AM | Computer Name = **MyComputerUsername**-PC | Source = DCOM | ID = 10010

Description =

Error - 1/14/2013 11:57:36 AM | Computer Name = **MyComputerUsername**-PC | Source = DCOM | ID = 10010

Description =

Error - 1/14/2013 11:57:36 AM | Computer Name = **MyComputerUsername**-PC | Source = DCOM | ID = 10010

Description =

Error - 1/14/2013 11:59:11 AM | Computer Name = **MyComputerUsername**-PC | Source = Service Control Manager | ID = 7000

Description = The BlueStacks Hypervisor service failed to start due to the following

error: %%3

Error - 1/14/2013 11:59:11 AM | Computer Name = **MyComputerUsername**-PC | Source = Service Control Manager | ID = 7000

Description = The BlueStacks Log Rotator Service service failed to start due to

the following error: %%2

Error - 1/14/2013 11:59:11 AM | Computer Name = **MyComputerUsername**-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 1/14/2013 11:59:12 AM | Computer Name = **MyComputerUsername**-PC | Source = Service Control Manager | ID = 7001

Description = The BlueStacks Android Service service depends on the BlueStacks Hypervisor

service which failed to start because of the following error: %%3

Error - 1/14/2013 11:59:15 AM | Computer Name = **MyComputerUsername**-PC | Source = Service Control Manager | ID = 7006

Description = The ScRegSetValueExW call failed for FailureActions with the following

error: %%5

Error - 1/14/2013 12:05:31 PM | Computer Name = **MyComputerUsername**-PC | Source = DCOM | ID = 10010

Description =

< End of report >

Link to post
Share on other sites

Good morning v05,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    :OTL
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    :Commands
    [EmptyTemp]
  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Also, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

=====

In your reply please post the contents of the following logs:

  • OTL fix log.
  • AdwCleaner[R1].txt.

How is your computer currently running?

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clon**MyComputerUsername2**rsadventures.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Guest

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: **MyComputerUsername**

->Temp folder emptied: 1250115532 bytes

->Temporary Internet Files folder emptied: 43119480 bytes

->Java cache emptied: 3595606 bytes

->FireFox cache emptied: 468006667 bytes

->Google Chrome cache emptied: 100912415 bytes

->Flash cache emptied: 12840 bytes

User: Mum

->Temp folder emptied: 42143871 bytes

->Temporary Internet Files folder emptied: 529293 bytes

->Java cache emptied: 122583 bytes

->FireFox cache emptied: 366521640 bytes

->Google Chrome cache emptied: 594288 bytes

->Flash cache emptied: 1215 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 5622504 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 51741573 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes

RecycleBin emptied: 10620064 bytes

Total Files Cleaned = 2,235.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01142013_211702

Files\Folders moved on Reboot...

C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V5JK3MFA\vwo_3[1].js moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2GG0ASRZ\xd_arbiter[1].htm moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZIX8BVV\js_visitor_settings[1].js moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ZIX8BVV\vwo_2[1].js moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\Cache\_CACHE_001_ moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\Cache\_CACHE_002_ moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\Cache\_CACHE_003_ moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\Cache\_CACHE_MAP_ moved successfully.

C:\Users\**MyComputerUsername**\AppData\Local\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\_CACHE_CLEAN_ moved successfully.

C:\WINDOWS\temp\FireFly(20130114155911A2C).log moved successfully.

C:\WINDOWS\temp\integratedoffice.exe_c2rdll(20130114155912A2C).log moved successfully.

C:\WINDOWS\temp\integratedoffice.exe_c2ruidll(20130114155911A2C).log moved successfully.

C:\WINDOWS\temp\integratedoffice.exe_streamserver(20130114155912A2C).log moved successfully.

File move failed. C:\WINDOWS\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.

File move failed. C:\WINDOWS\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

# AdwCleaner v2.105 - Logfile created 01/12/2013 at 22:39:22

# Updated 08/01/2013 by Xplode

# Operating system : Windows 8 Pro with Media Center (64 bits)

# User : **MyComputerUsername** - **MyComputerUsername**-PC

# Boot Mode : Normal

# Running from : C:\Users\**MyComputerUsername**\Downloads\Programs\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\Software\PIP

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16453

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\d147akgm.default-1349124146980\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\13.2.0.5");

Found : user_pref("extensions.ghostery.blockingLog", "Blocked frame: hxxps://ad-emea.doubleclick.net/N4061/a[...]

Found : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]

Found : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Ba84a47e4-4326-4ef8-aa1f-b679ad36e402[...]

File : C:\Users\**MyComputerUsername**\AppData\Roaming\Mozilla\Firefox\Profiles\wygtf2xj.default\prefs.js

[OK] File is clean.

File : C:\Users\Mum\AppData\Roaming\Mozilla\Firefox\Profiles\hbivucca.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\**MyComputerUsername**\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Mum\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2029 octets] - [12/01/2013 22:39:22]

########## EOF - C:\AdwCleaner[R1].txt - [2089 octets] ##########

Hey DarkKnight,

My computer seems to be running without errors (for now) though I am now getting the CloudFlare (CDN) message, I've only started getting this yesterday though..

"Your computer or another device on your network is compromised with a virus or malware. Criminals can use this malware to manipulate your device to send spam, process fraudulent transactions, or conceal other dangerous activities."

I get this when I try to visit sites using that CloudFlare CDN (millions) :(

Link to post
Share on other sites

Morning v05,

Please do the following to re-run AdwCleaner:

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Note: If you get a message that you must reboot the computer before starting deletion, please do. At reboot, only AdwCleaner will run and you can only click on the Delete button.
    When the deletion is done, AdwCleaner will reboot the computer again and open the logfile.

=====

Also, please download GMER from one of the following locations and save it to your Desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your Desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
    gmer_zip.gif
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress).
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, firewall and any other security programs you had disabled.

-- If you encounter any problems, try running GMER in Safe Mode.

-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

=====

In your reply please provide the contents of both logs.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.