Windows Command Processor

[shmish]

Hello,

I've found that in my windows 8 startup panel, there are 4 applications related to Windows Command Processor.

Everything I've searched for on this WCP talks about malware, but they also talk about getting popups. I don't have any popups, but I'm suspicious of the WCP.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2

Run by sluggo at 10:49:06 on 2013-03-31

Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.3327.1196 [GMT -7:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\WINDOWS\system32\wininit.exe

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\system32\dwm.exe

C:\WINDOWS\system32\atieclxx.exe

C:\WINDOWS\System32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\xampp\apache\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dashost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

C:\xampp\apache\bin\httpd.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\DllHost.exe

C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\WINDOWS\splwow64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\Taskmgr.exe

C:\WINDOWS\system32\taskhost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\WINDOWS\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\DllHost.exe

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\system32\svchost.exe -k apphost

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k iissvcs

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet

C:\WINDOWS\system32\svchost.exe -k GPSvcGroup

C:\WINDOWS\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll

uRun: [Google Update] "c:\users\sluggo\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [bingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\sluggo\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000

IE: LastPass - c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - c:\program files\lastpass\context.html?cmd=fillforms

IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.100.1

TCP: Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8} : NameServer = 208.122.23.22,208.122.23.23

TCP: Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8} : DHCPNameServer = 192.168.100.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll

Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\

FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/?q=

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll

FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\sluggo\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-03-05 19:01; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

FF - ExtSQL: 2013-03-27 10:20; {a1109c2a-1187-4027-901d-13097b755625}; c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi

.

============= SERVICES / DRIVERS ===============

.

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2011-4-21 29272]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-3 217088]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-9-10 18432]

R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-3-22 168536]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128]

R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-10-19 3791872]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2012-6-2 55808]

R3 echo3g;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [2010-1-8 209880]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=c:\windows\system32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-03-31 16:38:05 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-31 16:37:53 -------- d-----w- c:\users\sluggo\appdata\local\Programs

2013-03-29 18:17:18 -------- d--h--w- C:\SkyDriveTemp

2013-03-27 19:18:54 187152 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10197.bin

2013-03-23 22:50:40 -------- d-----w- c:\users\sluggo\appdata\roaming\LibreOffice

2013-03-23 22:48:45 -------- d-----w- c:\windows\System64

2013-03-23 22:47:03 -------- d-----w- c:\program files\LibreOffice 4.0

2013-03-22 23:00:02 5664768 ----a-w- c:\programdata\microsoft\bingdesktop\updater\BingDesktop.msi

2013-03-18 19:46:28 -------- d-----w- c:\program files\AMD AVT

2013-03-18 19:46:26 -------- d-----w- c:\program files\AMD APP

2013-03-18 19:46:20 -------- d-----w- c:\program files\common files\ATI Technologies

2013-03-18 19:43:44 -------- d-----w- c:\program files\ATI Technologies

2013-03-18 14:51:43 -------- d-----w- c:\windows\LastGood.Tmp

2013-03-14 02:26:07 78168 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 02:26:07 692568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 01:32:59 8856576 ----a-w- c:\windows\system32\twinui.dll

2013-03-13 01:32:56 2033664 ----a-w- c:\windows\system32\authui.dll

2013-03-13 01:32:55 754176 ----a-w- c:\windows\system32\actxprxy.dll

2013-03-13 01:32:55 58088 ----a-w- c:\windows\system32\drivers\pdc.sys

2013-03-13 01:32:29 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-09 16:35:38 -------- d-----w- c:\program files\TurboTax 2012

2013-03-09 15:00:03 17536 ----a-w- c:\programdata\microsoft\windowssampling\sqm\manifest\Sqm3.bin

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2013-03-06 03:51:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-06 03:49:26 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

.

==================== Find3M ====================

.

2013-03-26 17:40:51 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2013-03-06 03:50:57 861088 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-03-06 03:50:57 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-02 08:22:18 361984 ----a-w- c:\windows\system32\MFMediaEngine.dll

2013-02-15 06:35:40 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- c:\windows\system32\UXInit.dll

2013-02-12 00:27:30 3394048 ----a-w- c:\windows\system32\win32k.sys

2013-02-05 22:33:01 492544 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-02-05 22:30:11 304128 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2013-02-05 22:29:51 195584 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-02-05 22:29:51 167424 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2013-02-05 04:58:01 1766912 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 04:57:52 661504 ----a-w- c:\windows\system32\uxtheme.dll

2013-02-05 04:56:33 2877952 ----a-w- c:\windows\system32\jscript9.dll

2013-02-05 04:56:27 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-02 09:53:24 1614568 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-02-02 09:19:59 817384 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-02-02 09:19:59 1817320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-02 09:00:12 332520 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-02-02 09:00:11 361704 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS

2013-02-02 09:00:08 302312 ----a-w- c:\windows\system32\drivers\storport.sys

2013-02-02 09:00:04 53992 ----a-w- c:\windows\system32\drivers\crashdmp.sys

2013-02-02 08:39:59 325632 ----a-w- c:\windows\system32\schannel.dll

2013-02-02 08:39:33 367104 ----a-w- c:\windows\system32\netprofmsvc.dll

2013-02-02 08:39:32 283136 ----a-w- c:\windows\system32\ncsi.dll

2013-02-02 08:39:28 5090816 ----a-w- c:\windows\system32\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- c:\windows\system32\mbsmsapi.dll

2013-02-02 08:39:04 179712 ----a-w- c:\windows\system32\hotspotauth.dll

2013-02-02 08:38:54 567808 ----a-w- c:\windows\system32\duser.dll

2013-02-02 07:32:14 242688 ----a-w- c:\windows\system32\drivers\ks.sys

2013-02-02 07:32:02 60416 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-02-02 07:31:49 30208 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys

2013-02-02 05:41:57 1437184 ----a-w- c:\windows\system32\GdiPlus.dll

2013-01-29 00:02:46 29088 ----a-w- c:\windows\system32\drivers\WdBoot.sys

2013-01-28 23:07:34 193936 ----a-w- c:\windows\system32\drivers\WdFilter.sys

2013-01-14 00:23:04 5554408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-10 01:07:00 24808 ----a-w- c:\windows\system32\drivers\msgpiowin32.sys

2013-01-10 00:08:30 74984 ----a-w- c:\windows\system32\drivers\partmgr.sys

2013-01-10 00:08:22 526960 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-10 00:02:20 158952 ----a-w- c:\windows\system32\drivers\sdbus.sys

2013-01-10 00:02:15 104168 ----a-w- c:\windows\system32\drivers\dumpsd.sys

2013-01-09 23:51:38 259816 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-01-09 23:51:38 1229032 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-01-09 23:25:58 741376 ----a-w- c:\windows\system32\iphlpsvc.dll

2013-01-09 23:25:57 125440 ----a-w- c:\windows\system32\inetpp.dll

2013-01-09 23:25:55 582144 ----a-w- c:\windows\system32\gpprefcl.dll

2013-01-09 23:25:55 40960 ----a-w- c:\windows\system32\drivers\umdf\HidBthLE.dll

2013-01-09 23:25:43 1505280 ----a-w- c:\windows\system32\wbem\cimwin32.dll

2013-01-09 03:57:47 277504 ----a-w- c:\windows\system32\drivers\HdAudio.sys

.

============= FINISH: 10:49:14.69 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro with Media Center

Boot Device: \Device\HarddiskVolume1

Install Date: 12/20/2012 6:39:32 AM

System Uptime: 3/31/2013 9:00:16 AM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5KC

Processor: Intel® Core2 Quad CPU @ 2.40GHz | LGA775 | 2394/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 260 GiB total, 81.011 GiB free.

D: is FIXED (NTFS) - 4 GiB total, 3.954 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&20D7719E&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&20D7719E&0

Service: i8042prt

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® 82566DC-2 Gigabit Network Connection

Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_00008086&REV_02\3&11583659&0&C8

Manufacturer: Intel

Name: Intel® 82566DC-2 Gigabit Network Connection

PNP Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_00008086&REV_02\3&11583659&0&C8

Service: e1express

.

==== System Restore Points ===================

.

RP23: 3/12/2013 6:36:55 PM - Windows Update

RP24: 3/21/2013 3:35:43 AM - Scheduled Checkpoint

RP25: 3/22/2013 6:48:09 PM - Removed MAGIX Screenshare

RP26: 3/27/2013 9:42:26 AM - Removed Adobe Photoshop Lightroom 4.3 .

RP28: 3/31/2013 9:43:11 AM - Removed DWA-552

.

==== Installed Programs ======================

.

7-Zip 9.20

Ableton Live 8

Acronis Disk Director Suite

Acronis True Image Home

ActiveState ActivePython 2.7.2.5 (32-bit)

Admiral Quality Poly-Ana 1.x

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.4 - CPSID_83708

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Standard

Adobe Digital Editions

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 12.0

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applied Acoustics Systems - Ultra Analog VA-1 v1.1.2

ASIO4ALL

Audacity 2.0.2

Bing Desktop

BlackBerry Device Manager 7.0

BlackBerry Tablet OS Graphical Aid

Bonjour

Box for Office

calibre

Camtasia Studio 8

Cartes du Ciel V3.4.1

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CheckSum Tool 0.7.0

Circuit Construction Kit (DC Only)

ClPhpEd(remove only)

CodeMeter Runtime Kit v3.20c

ComicRack v0.9.155

D3DX10

DDPB Installer

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

DVDFab 8.1.6.3 (11/02/2012) Qt

Echo3G PCI

Energy Skate Park

EPSON TWAIN 5

eReg

ESET NOD32 Antivirus

Extreme Sample Converter 3.5.9

Faraday's Electromagnetic Lab

Firebird SQL Server - MAGIX Edition

foobar2000 v1.1.10

FreeFileSync 5.10

Garmin BlueChart Americas v8.5

Garmin Communicator Plugin

Garmin MapSource

Garmin USB Drivers

Generator

GeoSetter 3.4.16

Google Chrome

Google Earth

Google Update Helper

Guru

IHMC CmapTools v5.04.02

ImgBurn

Internet TV for Windows Media Center

iTunes

Java 7 Update 17

Java Auto Updater

JavaFX 2.1.1

LastPass (uninstall only)

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Driver

LEGO MINDSTORMS NXT Software v2.0

LibreOffice 4.0.1.2

Line 6 Uninstaller

LinuxLive USB Creator

Logitech SetPoint 6.32

M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1

Magic Bullet Quick Looks (for MAGIX)

Malwarebytes Anti-Malware version 1.70.0.1100

MapSource

MapSource - Topo Canada v2

MediaMonkey 4.0

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 en-US)

Mp3tag v2.52

MSM32Installer

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Native Instruments Controller Editor

Native Instruments Service Center

Native Instruments Traktor

Native Instruments Traktor Kontrol X1

Netflix in Windows Media Center

NI VC2008MSMs x86

Notepad++

OhmForce Ohmboyz VST2

OverDrive Media Console

OziExplorer 3.95

PDF Settings CS5

Picasa 3

PlayReady PC Runtime x86

Project5 Version 2.5

Python 2.7 pycrypto-2.3

Python 2.7.3

PythonTurtle 0.1

Quicken 2011

QuickTime

Rapture 1.1

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Safari

Samplitude 10 10.0.0.0 (US)

Scratch

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Sketchpad

Skype™ 6.1

SopCast 3.4.0

SPORE™

SportTracks 3.1

States of Matter

Stellarium 0.11.1

StreamTorrent 1.0

swMSM

Tracker

TrainingPeaks WKO+

TrueCrypt

TurboTax 2011

TurboTax 2012

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

VLC media player 2.0.5

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Center Add-in for Flash

WinHTTrack Website Copier 3.46-1

WinSCP 4.3.8

XAMPP 1.7.7

Xiph.Org Open Codecs 0.85.17777

.

==== Event Viewer Messages From Past Week ========

.

3/31/2013 9:10:07 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

3/31/2013 9:03:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user sluggo-PC\sluggo SID (S-1-5-21-4213201847-2594826557-910303953-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

3/31/2013 9:02:40 AM, Error: Microsoft-Windows-IIS-W3SVC [1004] - The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.

3/31/2013 9:02:40 AM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

3/29/2013 4:48:00 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]

3/28/2013 4:43:14 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {14286318-B6CF-49A1-81FC-D74AD94902F9}. The error: "3" Happened while starting this command: "C:\Program Files\Microsoft Office 15\Root\Client\AppVLp.exe" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" -Embedding

3/28/2013 2:08:34 PM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with the following service-specific error: Incorrect function.

.

==== End Of File ===========================

thanks

[Maniac]

Hello shmish and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  
• Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
  

Step 1

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log
  
• a new fresh DDS log

[shmish]

aswMBR keeps crashing when I run it: avast! Antirootkit has stopped working.

MBAM

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.31.04

Windows 8 x86 NTFS

Internet Explorer 10.0.9200.16519

sluggo :: SLUGGO-PC [administrator]

3/31/2013 1:51:31 PM

mbam-log-2013-03-31 (13-51-31).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 325895

Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16519 BrowserJavaVersion: 10.17.2

Run by sluggo at 15:17:44 on 2013-03-31

Microsoft Windows 8 Pro with Media Center 6.2.9200.0.1252.1.1033.18.3327.1334 [GMT -7:00]

.

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\WINDOWS\system32\wininit.exe

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\system32\dwm.exe

C:\WINDOWS\system32\atieclxx.exe

C:\WINDOWS\System32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\xampp\apache\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\dashost.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\system32\taskhostex.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

C:\xampp\apache\bin\httpd.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\DllHost.exe

C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\WINDOWS\splwow64.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\WINDOWS\system32\taskhost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe

C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\system32\conhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

C:\WINDOWS\system32\svchost.exe -k apphost

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\svchost.exe -k iissvcs

C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet

C:\WINDOWS\System32\svchost.exe -k WerSvcGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Microsoft SPFS Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - c:\program files\internet explorer\iedvtool.dll

uRun: [Google Update] "c:\users\sluggo\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"

mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice

mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe

mRun: [bingDesktop] c:\program files\microsoft\bingdesktop\BingDesktop.exe /fromkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\program files\amd avt\bin\kdbsync.exe" aml

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\sluggo\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\users\sluggo\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:255

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\program files\microsoft office 15\root\office15\EXCEL.EXE/3000

IE: LastPass - c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - c:\program files\lastpass\context.html?cmd=fillforms

IE: Se&nd to OneNote - c:\program files\microsoft office 15\root\office15\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: NameServer = 192.168.100.1

TCP: Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8} : NameServer = 208.122.23.22,208.122.23.23

TCP: Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8} : DHCPNameServer = 192.168.100.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll

Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\turbotax 2012\ic2012pp.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} -

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

SSODL: WebCheck - <orphaned>

LSA: Authentication Packages = msv1_0 relog_ap

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\

FF - prefs.js: keyword.URL - hxxps://duckduckgo.com/?q=

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll

FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\sluggo\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1200112.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-03-05 19:01; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

FF - ExtSQL: 2013-03-27 10:20; {a1109c2a-1187-4027-901d-13097b755625}; c:\users\sluggo\appdata\roaming\mozilla\firefox\profiles\aw12le5i.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi

.

============= SERVICES / DRIVERS ===============

.

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2011-4-21 29272]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-7-3 217088]

R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2011-9-10 18432]

R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files\microsoft\bingdesktop\BingDesktopUpdater.exe [2013-3-22 168536]

R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2011-8-9 163424]

R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2011-8-4 103112]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2011-5-24 1840128]

R2 NIHardwareService;NIHardwareService;c:\program files\common files\native instruments\hardware\NIHardwareService.exe [2010-10-19 3791872]

R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2012-6-2 55808]

R3 echo3g;Echo3G Service;c:\windows\system32\drivers\echo3g.sys [2010-1-8 209880]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-3-31 40776]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]

S2 XAMPP;XAMPP Service;c:\xampp\service.exe [2007-12-20 60928]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2011-4-26 2702848]

S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

FileExt: .js: JSFile=c:\windows\system32\WScript.exe "%1" %* [userChoice]

.

=============== Created Last 30 ================

.

2013-03-31 20:50:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-31 16:38:05 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-31 16:37:53 -------- d-----w- c:\users\sluggo\appdata\local\Programs

2013-03-29 18:17:18 -------- d--h--w- C:\SkyDriveTemp

2013-03-27 19:18:54 187152 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10197.bin

2013-03-23 22:50:40 -------- d-----w- c:\users\sluggo\appdata\roaming\LibreOffice

2013-03-23 22:48:45 -------- d-----w- c:\windows\System64

2013-03-23 22:47:03 -------- d-----w- c:\program files\LibreOffice 4.0

2013-03-22 23:00:02 5664768 ----a-w- c:\programdata\microsoft\bingdesktop\updater\BingDesktop.msi

2013-03-18 19:46:28 -------- d-----w- c:\program files\AMD AVT

2013-03-18 19:46:26 -------- d-----w- c:\program files\AMD APP

2013-03-18 19:46:20 -------- d-----w- c:\program files\common files\ATI Technologies

2013-03-18 19:43:44 -------- d-----w- c:\program files\ATI Technologies

2013-03-18 14:51:43 -------- d-----w- c:\windows\LastGood.Tmp

2013-03-14 02:26:07 78168 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-14 02:26:07 692568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 01:32:59 8856576 ----a-w- c:\windows\system32\twinui.dll

2013-03-13 01:32:56 2033664 ----a-w- c:\windows\system32\authui.dll

2013-03-13 01:32:55 754176 ----a-w- c:\windows\system32\actxprxy.dll

2013-03-13 01:32:55 58088 ----a-w- c:\windows\system32\drivers\pdc.sys

2013-03-13 01:32:29 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-09 16:35:38 -------- d-----w- c:\program files\TurboTax 2012

2013-03-09 15:00:03 17536 ----a-w- c:\programdata\microsoft\windowssampling\sqm\manifest\Sqm3.bin

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2013-03-06 04:01:52 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2013-03-06 03:51:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-03-06 03:49:26 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll

.

==================== Find3M ====================

.

2013-03-26 17:40:51 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2013-03-06 03:50:57 861088 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-03-06 03:50:57 782240 ----a-w- c:\windows\system32\deployJava1.dll

2013-03-02 08:22:18 361984 ----a-w- c:\windows\system32\MFMediaEngine.dll

2013-02-15 06:35:40 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 01:30:04 44032 ----a-w- c:\windows\system32\UXInit.dll

2013-02-12 00:27:30 3394048 ----a-w- c:\windows\system32\win32k.sys

2013-02-05 22:33:01 492544 ----a-w- c:\windows\system32\drivers\srv2.sys

2013-02-05 22:30:11 304128 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2013-02-05 22:29:51 195584 ----a-w- c:\windows\system32\drivers\srvnet.sys

2013-02-05 22:29:51 167424 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2013-02-05 04:58:01 1766912 ----a-w- c:\windows\system32\wininet.dll

2013-02-05 04:57:52 661504 ----a-w- c:\windows\system32\uxtheme.dll

2013-02-05 04:56:33 2877952 ----a-w- c:\windows\system32\jscript9.dll

2013-02-05 04:56:27 61440 ----a-w- c:\windows\system32\iesetup.dll

2013-02-05 04:56:27 109056 ----a-w- c:\windows\system32\iesysprep.dll

2013-02-05 03:55:27 2706432 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-02 09:53:24 1614568 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-02-02 09:19:59 817384 ----a-w- c:\windows\system32\drivers\ndis.sys

2013-02-02 09:19:59 1817320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-02 09:00:12 332520 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-02-02 09:00:11 361704 ----a-w- c:\windows\system32\drivers\USBHUB3.SYS

2013-02-02 09:00:08 302312 ----a-w- c:\windows\system32\drivers\storport.sys

2013-02-02 09:00:04 53992 ----a-w- c:\windows\system32\drivers\crashdmp.sys

2013-02-02 08:39:59 325632 ----a-w- c:\windows\system32\schannel.dll

2013-02-02 08:39:33 367104 ----a-w- c:\windows\system32\netprofmsvc.dll

2013-02-02 08:39:32 283136 ----a-w- c:\windows\system32\ncsi.dll

2013-02-02 08:39:28 5090816 ----a-w- c:\windows\system32\mstscax.dll

2013-02-02 08:39:15 157696 ----a-w- c:\windows\system32\mbsmsapi.dll

2013-02-02 08:39:04 179712 ----a-w- c:\windows\system32\hotspotauth.dll

2013-02-02 08:38:54 567808 ----a-w- c:\windows\system32\duser.dll

2013-02-02 07:32:14 242688 ----a-w- c:\windows\system32\drivers\ks.sys

2013-02-02 07:32:02 60416 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-02-02 07:31:49 30208 ----a-w- c:\windows\system32\drivers\BthAvrcpTg.sys

2013-02-02 05:41:57 1437184 ----a-w- c:\windows\system32\GdiPlus.dll

2013-01-29 00:02:46 29088 ----a-w- c:\windows\system32\drivers\WdBoot.sys

2013-01-28 23:07:34 193936 ----a-w- c:\windows\system32\drivers\WdFilter.sys

2013-01-14 00:23:04 5554408 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-10 01:07:00 24808 ----a-w- c:\windows\system32\drivers\msgpiowin32.sys

2013-01-10 00:08:30 74984 ----a-w- c:\windows\system32\drivers\partmgr.sys

2013-01-10 00:08:22 526960 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-01-10 00:02:20 158952 ----a-w- c:\windows\system32\drivers\sdbus.sys

2013-01-10 00:02:15 104168 ----a-w- c:\windows\system32\drivers\dumpsd.sys

2013-01-09 23:51:38 259816 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-01-09 23:51:38 1229032 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-01-09 23:25:58 741376 ----a-w- c:\windows\system32\iphlpsvc.dll

2013-01-09 23:25:57 125440 ----a-w- c:\windows\system32\inetpp.dll

2013-01-09 23:25:55 582144 ----a-w- c:\windows\system32\gpprefcl.dll

2013-01-09 23:25:55 40960 ----a-w- c:\windows\system32\drivers\umdf\HidBthLE.dll

2013-01-09 23:25:43 1505280 ----a-w- c:\windows\system32\wbem\cimwin32.dll

2013-01-09 03:57:47 277504 ----a-w- c:\windows\system32\drivers\HdAudio.sys

.

============= FINISH: 15:18:37.37 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 8 Pro with Media Center

Boot Device: \Device\HarddiskVolume1

Install Date: 12/20/2012 6:39:32 AM

System Uptime: 3/31/2013 9:00:16 AM (6 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5KC

Processor: Intel® Core2 Quad CPU @ 2.40GHz | LGA775 | 2394/266mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 260 GiB total, 80.762 GiB free.

D: is FIXED (NTFS) - 4 GiB total, 3.954 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&20D7719E&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&20D7719E&0

Service: i8042prt

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Intel® 82566DC-2 Gigabit Network Connection

Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_00008086&REV_02\3&11583659&0&C8

Manufacturer: Intel

Name: Intel® 82566DC-2 Gigabit Network Connection

PNP Device ID: PCI\VEN_8086&DEV_294C&SUBSYS_00008086&REV_02\3&11583659&0&C8

Service: e1express

.

==== System Restore Points ===================

.

RP23: 3/12/2013 6:36:55 PM - Windows Update

RP24: 3/21/2013 3:35:43 AM - Scheduled Checkpoint

RP25: 3/22/2013 6:48:09 PM - Removed MAGIX Screenshare

RP26: 3/27/2013 9:42:26 AM - Removed Adobe Photoshop Lightroom 4.3 .

RP28: 3/31/2013 9:43:11 AM - Removed DWA-552

.

==== Installed Programs ======================

.

7-Zip 9.20

Ableton Live 8

Acronis Disk Director Suite

Acronis True Image Home

ActiveState ActivePython 2.7.2.5 (32-bit)

Admiral Quality Poly-Ana 1.x

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.4 - CPSID_83708

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Standard

Adobe Digital Editions

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.02)

Adobe Shockwave Player 12.0

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Applied Acoustics Systems - Ultra Analog VA-1 v1.1.2

ASIO4ALL

Audacity 2.0.2

Bing Desktop

BlackBerry Device Manager 7.0

BlackBerry Tablet OS Graphical Aid

Bonjour

Box for Office

calibre

Camtasia Studio 8

Cartes du Ciel V3.4.1

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

CheckSum Tool 0.7.0

Circuit Construction Kit (DC Only)

ClPhpEd(remove only)

CodeMeter Runtime Kit v3.20c

ComicRack v0.9.155

D3DX10

DDPB Installer

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

DVDFab 8.1.6.3 (11/02/2012) Qt

Echo3G PCI

Energy Skate Park

EPSON TWAIN 5

eReg

ESET NOD32 Antivirus

Extreme Sample Converter 3.5.9

Faraday's Electromagnetic Lab

Firebird SQL Server - MAGIX Edition

foobar2000 v1.1.10

FreeFileSync 5.10

Garmin BlueChart Americas v8.5

Garmin Communicator Plugin

Garmin MapSource

Garmin USB Drivers

Generator

GeoSetter 3.4.16

Google Chrome

Google Earth

Google Update Helper

Guru

IHMC CmapTools v5.04.02

ImgBurn

Internet TV for Windows Media Center

iTunes

Java 7 Update 17

Java Auto Updater

JavaFX 2.1.1

LastPass (uninstall only)

LEGO MINDSTORMS NXT - English Language Pack

LEGO MINDSTORMS NXT Driver

LEGO MINDSTORMS NXT Software v2.0

LibreOffice 4.0.1.2

Line 6 Uninstaller

LinuxLive USB Creator

Logitech SetPoint 6.32

M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1

Magic Bullet Quick Looks (for MAGIX)

Malwarebytes Anti-Malware version 1.70.0.1100

MapSource

MapSource - Topo Canada v2

MediaMonkey 4.0

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework 2.0 Core Components (x86) ENU

Microsoft Sync Framework 2.0 Provider Services (x86) ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox 19.0.2 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.4 (x86 en-US)

Mp3tag v2.52

MSM32Installer

MSVCRT

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Native Instruments Controller Editor

Native Instruments Service Center

Native Instruments Traktor

Native Instruments Traktor Kontrol X1

Netflix in Windows Media Center

NI VC2008MSMs x86

Notepad++

OhmForce Ohmboyz VST2

OverDrive Media Console

OziExplorer 3.95

PDF Settings CS5

Picasa 3

PlayReady PC Runtime x86

Project5 Version 2.5

Python 2.7 pycrypto-2.3

Python 2.7.3

PythonTurtle 0.1

Quicken 2011

QuickTime

Rapture 1.1

Realtek High Definition Audio Driver

Revo Uninstaller 1.94

Safari

Samplitude 10 10.0.0.0 (US)

Scratch

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Sketchpad

Skype™ 6.1

SopCast 3.4.0

SPORE™

SportTracks 3.1

States of Matter

Stellarium 0.11.1

StreamTorrent 1.0

swMSM

Tracker

TrainingPeaks WKO+

TrueCrypt

TurboTax 2011

TurboTax 2012

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

VLC media player 2.0.5

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Center Add-in for Flash

WinHTTrack Website Copier 3.46-1

WinSCP 4.3.8

XAMPP 1.7.7

Xiph.Org Open Codecs 0.85.17777

.

==== Event Viewer Messages From Past Week ========

.

3/31/2013 9:10:07 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

3/31/2013 9:03:22 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user sluggo-PC\sluggo SID (S-1-5-21-4213201847-2594826557-910303953-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

3/31/2013 9:02:40 AM, Error: Microsoft-Windows-IIS-W3SVC [1004] - The World Wide Web Publishing Service (WWW Service) did not register the URL prefix http://*:80/ for site 1. The site has been disabled. The data field contains the error number.

3/31/2013 9:02:40 AM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

3/29/2013 4:48:00 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]

3/28/2013 4:43:14 PM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {14286318-B6CF-49A1-81FC-D74AD94902F9}. The error: "3" Happened while starting this command: "C:\Program Files\Microsoft Office 15\Root\Client\AppVLp.exe" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE" -Embedding

3/28/2013 2:08:34 PM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with the following service-specific error: Incorrect function.

.

==== End Of File ===========================

[Maniac]

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[shmish]

Hi,

I'm using Windows 8, and it does not appear to be approved for use yet. Please advise.

thanks

[Maniac]

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[shmish]

OTL.txt

OTL logfile created on: 4/3/2013 5:18:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sluggo\Downloads

An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16519)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 63.56% Memory free

4.80 Gb Paging File | 2.52 Gb Available in Paging File | 52.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 260.48 Gb Total Space | 78.65 Gb Free Space | 30.19% Space Free | Partition Type: NTFS

Drive D: | 4.02 Gb Total Space | 3.95 Gb Free Space | 98.31% Space Free | Partition Type: NTFS

Computer Name: SLUGGO-PC | User Name: sluggo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/03 17:17:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sluggo\Downloads\OTL.exe

PRC - [2013/03/22 15:32:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

PRC - [2013/03/12 00:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/01/10 23:39:36 | 001,692,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE

PRC - [2013/01/08 08:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2012/12/18 13:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/11/05 21:20:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe

PRC - [2012/11/05 21:20:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/10/10 22:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2012/09/19 22:55:29 | 000,333,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WWAHost.exe

PRC - [2012/07/25 20:30:19 | 000,029,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RuntimeBroker.exe

PRC - [2012/07/25 20:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe

PRC - [2012/07/03 23:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/07/03 23:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011/11/06 23:44:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2011/10/07 02:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2011/09/27 12:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe

PRC - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe

PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2010/10/19 10:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

PRC - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2008/04/09 21:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2008/04/09 21:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2008/04/09 21:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 02:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

MOD - [2011/07/18 14:04:08 | 000,296,448 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_04.dll

MOD - [2011/03/17 01:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2008/04/09 19:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll

========== Services (SafeList) ==========

SRV - [2013/03/22 15:32:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)

SRV - [2013/03/07 19:03:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/02/02 01:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)

SRV - [2013/01/28 17:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2013/01/09 16:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)

SRV - [2013/01/09 16:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/05 21:23:01 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)

SRV - [2012/12/05 21:22:59 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV - [2012/11/05 21:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/11/05 21:18:36 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV - [2012/09/19 23:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)

SRV - [2012/09/19 22:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)

SRV - [2012/09/19 22:53:35 | 000,142,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)

SRV - [2012/07/25 20:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)

SRV - [2012/07/25 20:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)

SRV - [2012/07/25 20:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)

SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2012/07/25 20:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)

SRV - [2012/07/25 20:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2012/07/25 20:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2012/07/25 20:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)

SRV - [2012/07/25 20:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV - [2012/07/25 20:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)

SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2012/07/25 20:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)

SRV - [2012/07/25 20:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)

SRV - [2012/07/25 20:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)

SRV - [2012/07/25 20:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)

SRV - [2012/07/03 23:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011/11/06 23:44:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/09/27 12:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)

SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2010/10/19 10:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/12/20 19:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- c:\xampp\service.exe -- (XAMPP)

SRV - [2007/02/22 20:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vmci.sys -- (vmci)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\sluggo\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\jswpslwf.sys -- (jswpslwf)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\athr.sys -- (athr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\sluggo\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2013/02/06 18:49:00 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)

DRV - [2013/02/02 02:00:11 | 000,361,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV - [2013/02/02 00:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV - [2013/01/28 17:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)

DRV - [2013/01/28 16:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)

DRV - [2013/01/09 18:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV - [2012/12/24 10:03:25 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\truecrypt.sys -- (truecrypt)

DRV - [2012/11/26 20:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)

DRV - [2012/11/19 21:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)

DRV - [2012/11/05 20:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)

DRV - [2012/10/12 00:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/10/10 22:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)

DRV - [2012/10/10 22:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)

DRV - [2012/09/20 00:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)

DRV - [2012/09/19 23:34:12 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV - [2012/09/19 23:34:10 | 000,179,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)

DRV - [2012/09/19 23:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV - [2012/09/19 23:30:10 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)

DRV - [2012/07/25 21:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)

DRV - [2012/07/25 20:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)

DRV - [2012/07/25 20:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV - [2012/07/25 20:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV - [2012/07/25 20:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)

DRV - [2012/07/25 20:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)

DRV - [2012/07/25 20:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV - [2012/07/25 20:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)

DRV - [2012/07/25 20:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)

DRV - [2012/07/25 20:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)

DRV - [2012/07/25 20:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)

DRV - [2012/07/25 20:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)

DRV - [2012/07/25 20:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV - [2012/07/25 20:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)

DRV - [2012/07/25 20:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)

DRV - [2012/07/25 20:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)

DRV - [2012/07/25 20:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)

DRV - [2012/07/25 20:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)

DRV - [2012/07/25 19:38:42 | 000,141,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\mqac.sys -- (MQAC)

DRV - [2012/07/25 19:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2012/07/25 19:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV - [2012/07/25 19:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)

DRV - [2012/07/25 19:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)

DRV - [2012/07/25 19:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)

DRV - [2012/07/25 19:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)

DRV - [2012/07/25 19:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)

DRV - [2012/07/25 19:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)

DRV - [2012/07/25 19:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)

DRV - [2012/07/25 19:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)

DRV - [2012/07/25 19:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)

DRV - [2012/07/25 19:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV - [2012/07/25 19:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2012/07/25 19:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)

DRV - [2012/07/25 19:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)

DRV - [2012/07/25 19:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)

DRV - [2012/07/25 19:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2012/07/25 19:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV - [2012/07/25 19:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/07/25 19:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)

DRV - [2012/07/25 19:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)

DRV - [2012/07/25 19:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV - [2012/07/25 19:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)

DRV - [2012/07/25 19:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)

DRV - [2012/07/25 15:49:38 | 000,214,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\e1e6032.sys -- (e1express)

DRV - [2012/07/03 23:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/07/03 22:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmpag.sys -- (amdkmdap)

DRV - [2012/06/02 07:31:29 | 000,055,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\l160x86.sys -- (AtcL001)

DRV - [2011/11/06 18:19:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\timntr.sys -- (timounter)

DRV - [2011/11/06 18:19:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2011/11/06 18:19:33 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\snapman.sys -- (snapman)

DRV - [2011/11/06 18:19:30 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\tdrpman.sys -- (tdrpman)

DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\eamonm.sys -- (eamonm)

DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ehdrv.sys -- (ehdrv)

DRV - [2011/04/21 02:09:50 | 000,029,272 | ---- | M] (Grass Valley K.K.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\cdrblock.sys -- (cdrblock)

DRV - [2010/01/08 15:15:38 | 000,209,880 | ---- | M] (Echo Digital Audio Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\echo3g.sys -- (echo3g)

DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 F8 0F 2D E9 9C CC 01 [binary data]

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes,DefaultScope = {63A2E55C-6134-4788-BB5B-A7BC39DF187A}

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{63A2E55C-6134-4788-BB5B-A7BC39DF187A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\SearchScopes\{DE7F01D9-F0ED-4A0C-AEC7-5652905CC9DC}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: checkit%40lovinglinux.megabyet.net:1.1.4

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5

FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3

FF - prefs.js..extensions.enabledAddons: ShortenURL%40loucypher:0.3.8

FF - prefs.js..extensions.enabledAddons: %7B2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9%7D:2.3.4

FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f

FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10

FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:5.3

FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:3.0.11

FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.5.1

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35

FF - prefs.js..extensions.enabledAddons: zoteroWinWordIntegration%40zotero.org:3.1.12

FF - prefs.js..extensions.enabledAddons: %7Ba1109c2a-1187-4027-901d-13097b755625%7D:0.83

FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..keyword.URL: "https://duckduckgo.com/?q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sluggo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sluggo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 19:03:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/11 11:46:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/11/02 17:46:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 19:03:58 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/03/11 11:46:45 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/06 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Extensions

[2013/03/27 10:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions

[2012/11/07 22:37:27 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

[2012/12/01 19:41:31 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}

[2013/03/07 20:06:26 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

[2011/11/08 00:09:04 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\DeviceDetection@logitech.com

[2013/03/27 10:21:09 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\donottrackplus@abine.com

[2012/09/19 17:23:36 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\foxmarks@kei.com

[2013/02/15 18:43:37 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\support@lastpass.com

[2012/12/19 08:45:54 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zotero@chnm.gmu.edu

[2013/03/27 09:14:03 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zoteroWinWordIntegration@zotero.org

[2013/03/07 18:49:24 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\artur.dubovoy@gmail.com.xpi

[2011/12/19 20:25:52 | 000,276,952 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\bettergmail2@ginatrapani.org.xpi

[2011/12/25 12:09:13 | 000,034,709 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\checkit@lovinglinux.megabyet.net.xpi

[2013/02/24 18:36:14 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\firebug@software.joehewitt.com.xpi

[2011/12/25 11:55:16 | 000,089,481 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\md5rehasher@phoneixs.es.xpi

[2011/11/17 05:26:58 | 000,037,338 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\ShortenURL@loucypher.xpi

[2012/12/16 17:44:32 | 000,051,527 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zoompage@DW-dev.xpi

[2012/04/01 09:00:06 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi

[2012/06/09 09:29:11 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi

[2013/03/27 10:20:56 | 000,086,058 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi

[2013/03/05 19:59:20 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2012/09/05 23:22:47 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

[2013/03/06 17:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js

[2012/10/08 09:20:49 | 000,010,316 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\searchplugins\duckduckgo.xml

[2013/03/07 19:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/03/07 19:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2013/03/07 19:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/03/07 19:03:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/09/09 19:26:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/02/27 19:27:56 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage:

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: nplastpass (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.1_0\nplastpass.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DeLorme Send To GPS (Enabled) = C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Xmarks Bookmark Sync = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\

CHR - Extension: Xmarks Bookmark Sync = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\.bak

CHR - Extension: YouTube = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Delicious Tools = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej\1.6.1_0\

CHR - Extension: LastPass = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.21_0\

CHR - Extension: Gmail = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/08 11:13:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O3 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: DhcpNameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: NameServer = 208.122.23.22,208.122.23.23

O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/31 10:16:21 | 000,000,000 | ---D | C] -- C:\Users\sluggo\Desktop\RK_Quarantine

[2013/03/31 09:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/03/31 09:38:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/03/31 09:37:53 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\Programs

[2013/03/29 11:17:18 | 000,000,000 | -H-D | C] -- C:\SkyDriveTemp

[2013/03/28 13:18:14 | 000,000,000 | ---D | C] -- C:\Users\sluggo\Desktop\Hashcat

[2013/03/24 07:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/03/23 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\LibreOffice

[2013/03/23 15:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0

[2013/03/23 15:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System64

[2013/03/23 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0

[2013/03/18 18:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/03/18 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/03/18 12:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2013/03/18 12:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT

[2013/03/18 12:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2013/03/18 12:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2013/03/18 12:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013/03/18 12:45:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2013/03/18 12:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2013/03/11 11:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2013/03/09 09:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax 2012

[2013/03/07 19:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2013/03/05 21:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2013/03/05 20:51:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011/11/26 09:56:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\sluggo\AppData\Roaming\pcouffin.sys

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/03 17:11:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001UA.job

[2013/04/03 16:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/03 08:11:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001Core.job

[2013/04/03 02:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/01 16:24:38 | 000,001,262 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2013/04/01 11:36:33 | 000,017,398 | ---- | M] () -- C:\Users\sluggo\Desktop\studentcentered.PNG

[2013/03/31 10:41:18 | 000,001,456 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Adobe Save for Web 12.0 Prefs

[2013/03/31 09:38:08 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/31 09:08:09 | 000,796,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/03/31 09:08:09 | 000,159,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/03/31 09:02:51 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/03/31 09:00:37 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/03/31 09:00:33 | 2790,981,632 | -HS- | M] () -- C:\hiberfil.sys

[2013/03/30 10:39:22 | 000,001,051 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/27 10:16:03 | 000,007,925 | ---- | M] () -- C:\Users\sluggo\Desktop\scratch.PNG

[2013/03/27 08:59:40 | 005,098,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/24 07:43:14 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/23 15:48:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk

[2013/03/15 19:50:00 | 000,135,107 | ---- | M] () -- C:\Users\sluggo\Desktop\sdXSau9.jpg

[2013/03/14 07:40:37 | 000,002,056 | ---- | M] () -- C:\Users\sluggo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2013/03/09 20:21:32 | 000,004,057 | ---- | M] () -- C:\Users\sluggo\Desktop\gjegighh.png

[2013/03/09 13:43:38 | 001,180,243 | ---- | M] () -- C:\Users\sluggo\Desktop\video_car_sliding_across.mov

[2013/03/09 09:35:50 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax Canada 2012.lnk

[2013/03/07 07:19:07 | 000,239,050 | ---- | M] () -- C:\Users\sluggo\Desktop\thenewflip.jpg

[2013/03/07 07:12:00 | 000,473,334 | ---- | M] () -- C:\Users\sluggo\Desktop\flip.png

[2013/03/07 07:08:16 | 000,009,216 | ---- | M] () -- C:\Users\sluggo\Desktop\gerbil.jpg

[2013/03/06 01:39:09 | 041,650,560 | ---- | M] () -- C:\Users\sluggo\Desktop\math_lesson.mp4

[2013/03/05 22:52:07 | 033,966,216 | ---- | M] () -- C:\Users\sluggo\Desktop\math_lesson_analysis.mp4

[2013/03/05 20:57:40 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/01 11:36:33 | 000,017,398 | ---- | C] () -- C:\Users\sluggo\Desktop\studentcentered.PNG

[2013/03/31 09:38:08 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/30 10:39:22 | 000,001,051 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/27 10:16:03 | 000,007,925 | ---- | C] () -- C:\Users\sluggo\Desktop\scratch.PNG

[2013/03/24 07:43:14 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/23 15:48:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk

[2013/03/19 10:01:06 | 000,002,261 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

[2013/03/18 07:57:39 | 005,098,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/15 19:50:00 | 000,135,107 | ---- | C] () -- C:\Users\sluggo\Desktop\sdXSau9.jpg

[2013/03/09 20:21:32 | 000,004,057 | ---- | C] () -- C:\Users\sluggo\Desktop\gjegighh.png

[2013/03/09 13:43:37 | 001,180,243 | ---- | C] () -- C:\Users\sluggo\Desktop\video_car_sliding_across.mov

[2013/03/09 09:35:50 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax Canada 2012.lnk

[2013/03/07 07:19:07 | 000,239,050 | ---- | C] () -- C:\Users\sluggo\Desktop\thenewflip.jpg

[2013/03/07 07:11:59 | 000,473,334 | ---- | C] () -- C:\Users\sluggo\Desktop\flip.png

[2013/03/07 07:08:15 | 000,009,216 | ---- | C] () -- C:\Users\sluggo\Desktop\gerbil.jpg

[2013/03/06 01:39:00 | 041,650,560 | ---- | C] () -- C:\Users\sluggo\Desktop\math_lesson.mp4

[2013/03/05 22:52:04 | 033,966,216 | ---- | C] () -- C:\Users\sluggo\Desktop\math_lesson_analysis.mp4

[2013/03/05 20:57:40 | 000,001,989 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

[2013/03/05 20:57:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

[2013/01/11 21:21:19 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/12/22 11:33:07 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll

[2012/12/20 01:19:49 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/12/20 00:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/11/19 08:19:17 | 000,087,608 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\inst.exe

[2012/11/07 23:11:23 | 000,001,197 | ---- | C] () -- C:\Users\sluggo\.tracker.prefs

[2012/11/07 23:11:23 | 000,000,158 | ---- | C] () -- C:\Users\sluggo\.tracker_starter.prefs

[2012/08/04 12:02:02 | 000,200,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT

[2012/08/03 21:20:54 | 000,000,143 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2012/07/25 23:55:27 | 000,796,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2012/07/25 23:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2012/07/25 23:55:27 | 000,159,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2012/07/25 23:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2012/07/25 23:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2012/07/25 23:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2012/07/25 23:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/25 19:05:12 | 000,022,529 | ---- | C] () -- C:\WINDOWS\System32\32mereg.dll

[2012/07/25 18:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll

[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll

[2012/07/25 13:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2012/07/25 13:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin

[2012/07/13 19:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat

[2012/07/04 03:32:18 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\clinfo.exe

[2012/07/03 22:27:30 | 000,204,952 | ---- | C] () -- C:\WINDOWS\System32\ativvsvl.dat

[2012/07/03 22:27:30 | 000,157,144 | ---- | C] () -- C:\WINDOWS\System32\ativvsva.dat

[2012/06/20 05:00:00 | 000,007,639 | ---- | C] () -- C:\Users\sluggo\AppData\Local\Resmon.ResmonCfg

[2012/06/02 13:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat

[2012/06/02 07:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin

[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2012/04/18 19:39:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\kdbsdk32.dll

[2012/03/14 21:31:41 | 000,001,536 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Sketchpad 5 Preferences.dat

[2012/03/13 00:32:07 | 000,002,470 | ---- | C] () -- C:\Users\sluggo\.powerupdate.user.properties

[2012/03/06 10:59:32 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/01/16 17:51:16 | 000,000,099 | ---- | C] () -- C:\Users\sluggo\webct_upload_applet.properties

[2011/12/19 15:36:57 | 000,031,232 | ---- | C] () -- C:\Users\sluggo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/17 21:00:52 | 000,000,600 | ---- | C] () -- C:\Users\sluggo\AppData\Local\PUTTY.RND

[2011/12/10 10:42:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll

[2011/12/10 10:42:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll

[2011/12/09 21:02:10 | 000,154,806 | ---- | C] () -- C:\Users\sluggo\IRIMG2.BMP

[2011/12/09 21:02:10 | 000,021,222 | ---- | C] () -- C:\Users\sluggo\IRIMG1.BMP

[2011/12/09 21:02:07 | 000,090,344 | ---- | C] () -- C:\Users\sluggo\irunin.dat

[2011/12/09 21:02:07 | 000,008,939 | ---- | C] () -- C:\Users\sluggo\irunin.xml

[2011/11/27 13:26:16 | 000,001,456 | ---- | C] () -- C:\Users\sluggo\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/11/27 12:43:17 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Sam10_E.INI

[2011/11/27 12:19:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll

[2011/11/27 12:05:30 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2011/11/27 12:05:09 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2011/11/27 09:44:49 | 000,000,132 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011/11/26 09:56:27 | 000,007,887 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\pcouffin.cat

[2011/11/26 09:56:27 | 000,001,144 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\pcouffin.inf

[2011/11/21 09:05:28 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\pavedius6db.dat

[2011/11/16 08:24:50 | 000,000,132 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/11/11 16:31:47 | 000,000,600 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\winscp.rnd

[2011/11/07 20:09:44 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\prckrep.dll

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\WINDOWS\System32\atipblag.dat

[2011/08/03 14:21:58 | 004,077,568 | ---- | C] () -- C:\WINDOWS\QLMGXRenderer.dll

[2011/06/24 13:38:34 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll

[2011/06/24 13:38:34 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll

[2009/01/30 14:35:56 | 000,000,373 | ---- | C] () -- C:\Users\sluggo\PSPaudioware.com.html

[2009/01/28 11:22:43 | 001,027,019 | ---- | C] () -- C:\Users\sluggo\PSP Nitro Operation Manual.pdf

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 16:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/25 20:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/04 09:07:35 | 000,000,000 | ---D | M] -- C:\Users\emma\AppData\Roaming\SPORE

[2012/02/20 19:09:03 | 000,000,000 | ---D | M] -- C:\Users\emma\AppData\Roaming\Unity

[2012/08/25 14:42:06 | 000,000,000 | ---D | M] -- C:\Users\grady\AppData\Roaming\SPORE

[2013/04/03 17:16:00 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\.minecraft

[2012/11/19 08:20:19 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\.Torrent Stream

[2012/08/24 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Ableton

[2011/12/09 20:49:06 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Applied Acoustics Systems

[2013/01/10 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Audacity

[2013/02/06 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Blackboard

[2012/06/16 14:30:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Box

[2012/04/14 08:26:40 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Box.Net

[2012/11/06 07:25:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\calibre

[2011/12/25 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Canneverbe Limited

[2011/11/30 01:47:42 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Canopus

[2012/07/30 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/12/25 12:12:30 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ChecksumTool

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLCakePHP

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLCodeIgniter

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLDrupal

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLFacebook

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLJoomla

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLJQuery

[2011/11/17 06:47:53 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ClPhpEd

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSmarty

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSMySQL

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSymfony

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLWordPress

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLYii

[2012/08/02 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CmapTools

[2011/11/17 06:11:55 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CodeLobster Php Edition

[2012/07/30 09:47:42 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/09/06 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\cYo

[2013/04/03 15:52:51 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Dropbox

[2012/03/14 05:51:46 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\DVDFab

[2012/07/30 00:16:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\EasyHtml5Video.com

[2011/12/13 19:04:35 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Echo PCI Console

[2011/11/06 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Elluminate

[2012/11/23 01:17:03 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\foobar2000

[2012/12/30 19:04:19 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\FreeFileSync

[2011/12/10 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\FXpansion

[2012/12/26 11:04:44 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Garmin

[2012/04/09 11:14:36 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\GeoSetter

[2012/11/11 11:03:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ImgBurn

[2011/11/07 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Leadertech

[2013/03/23 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\LibreOffice

[2011/12/03 15:37:29 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Line 6

[2012/12/28 12:21:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MAGIX

[2012/12/16 09:05:27 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Main

[2012/11/23 02:52:46 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MediaMonkey

[2012/03/13 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MoveFab

[2012/10/22 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Mp3tag

[2012/08/25 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\No Company Name

[2012/06/17 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Notepad++

[2012/08/25 14:14:02 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Origin

[2012/11/04 09:31:26 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\OverDrive

[2011/12/03 12:09:50 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Propellerhead Software

[2012/12/28 11:56:18 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\simplitec

[2012/01/14 19:37:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\skychart

[2012/08/25 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\SPORE

[2012/01/14 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Stellarium

[2012/10/27 07:09:25 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\StreamTorrent

[2012/11/12 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TechSmith

[2011/11/07 01:09:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Thunderbird

[2012/12/24 10:05:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TrueCrypt

[2012/12/02 21:30:13 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2012/11/19 08:19:21 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Vso

========== Purity Check ==========

< End of report >

[shmish]

Extras.txt

OTL Extras logfile created on: 4/3/2013 5:18:24 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sluggo\Downloads

An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16519)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 63.56% Memory free

4.80 Gb Paging File | 2.52 Gb Available in Paging File | 52.44% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 260.48 Gb Total Space | 78.65 Gb Free Space | 30.19% Space Free | Partition Type: NTFS

Drive D: | 4.02 Gb Total Space | 3.95 Gb Free Space | 98.31% Space Free | Partition Type: NTFS

Computer Name: SLUGGO-PC | User Name: sluggo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\WINDOWS\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\WINDOWS\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\PROGRA~1\MEDIAM~1\MEDIAM~2.EXE" /ADD "%1" (Ventis Media Inc.)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe" = C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime Server

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01F5506A-16F0-4B78-9CEF-4E0452C6DB90}" = lport=2869 | protocol=6 | dir=in | app=system |

"{0E6ECA11-CC27-4902-A9DA-3EEADE5E6C31}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{186C0414-5CE6-4E68-9C65-59449AB8C9B7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1D98CB9D-75A9-4823-B0D7-07D02FF5C8E2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{2F60FCBF-A000-4521-9375-939C51F4E869}" = lport=3390 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

"{351855B3-7A71-4D39-9839-DCC3083C1812}" = lport=10243 | protocol=6 | dir=in | app=system |

"{37307319-F665-4ACA-A7AE-F0E0972B00B7}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{3E14F0F9-F9CF-4056-82C4-BD2F6FAB40A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{459EC3D1-8585-4B18-BE3C-28B30CB2ABF6}" = lport=10244 | protocol=6 | dir=in | app=system |

"{45D78517-4EFE-40FA-B93B-CF91B8261F87}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{4AFB2D37-E7D4-470E-9BAE-DD1F63C3DC23}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4D59799A-BB49-4BA5-B9AA-9079DE104204}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{4FC87C69-CBBC-4FED-B0AF-CA83006B87F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{54282F8E-3E77-494F-B03E-D20A9E054F94}" = lport=10244 | protocol=6 | dir=in | app=system |

"{5613BF91-F05C-4BB4-93D8-46D97C4A9F70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{5E86F09F-722F-480E-9A5B-4282814D0076}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{6C6327C7-21C7-42EC-87BC-B1F081B6671B}" = lport=3389 | protocol=6 | dir=in | app=system |

"{6F4E7C62-3421-4CE0-B332-D90CBA595D39}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

"{6FADAB82-FC4E-4202-BA04-5BF73A748C19}" = rport=10243 | protocol=6 | dir=out | app=system |

"{70EC87C0-7F01-4498-A59C-595399E660BC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{8005ABBA-912D-4FF4-8EE0-531B6DFA3272}" = lport=2869 | protocol=6 | dir=in | app=system |

"{80130579-014F-4C0C-8EDD-65BB84E8FDEC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{817BE003-93C7-4FFD-9BB0-6619C5225A82}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{89131FF4-7C63-48DB-B311-D0F3974B3833}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{91E775EE-EA51-455F-9899-8458F0FA3A0C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{9898ABCB-1FD3-4B2B-8E3E-8D51FCF21BD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9A44DE87-6F80-455A-8221-12AF69C5B928}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{A14EEE06-91A3-41C5-92F9-9A2302037DAE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{A76B409E-8DAC-4FAD-BC37-7485EEA72586}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A93EAD61-19A3-46C4-94DC-D67E8540EE4F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{A948E816-2BE0-406A-AE0A-5A67C0469BE4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{B3324FC9-43EE-4FD6-B866-5710C04FB5E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{BC79D908-ABEB-4F09-834F-5D709608BF1F}" = lport=3390 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

"{D26B1D23-7453-42EC-A9A8-926996DEE36D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D29ADA90-E340-45C1-AFF5-82DF80917C6B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{E2C77971-7192-4297-B1A3-8FCD4F135E0D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F239CFA5-7A95-4BB0-8DF5-FE7F9D390B5E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |

"{F5F45A52-7E88-4F43-9537-3226C2E219F1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{F7F3C497-DA30-4FDE-ABF4-F8D173C2D423}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FB6A54E8-0BEC-4659-8F5D-3609A6632A7F}" = lport=3389 | protocol=17 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |

"{FF2E6AED-2018-4B14-8F33-9D8CAA6AD611}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{FFD17FE7-C357-4BE4-8F0C-F68FAD4DE1DD}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0318717A-6289-4AD4-B29A-45321A560BA1}" = dir=out | name=wikipedia |

"{08CB760C-9844-4F44-9FC3-FC973AD40DAC}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{08F94199-5E4A-4A8F-82C3-CDE1B92E7F4D}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{098F56B9-B582-4A4F-A090-E3BBBF82DE0C}" = dir=out | name=kobo |

"{0D1080A2-FFF4-4CF2-9E25-8BF3F80BBBDD}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{0EA37A8D-1219-473B-9649-FAA3E21A765F}" = dir=out | name=metrotwit |

"{0ECD5C1D-1364-4260-94B4-E418B1FC4A7A}" = dir=in | name=evernote touch |

"{10539D4B-0B32-43D6-A14D-389FBC5FA602}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{10CB44AB-5455-4148-9D2E-CBCDAD2152C2}" = dir=out | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |

"{1254E8A2-8ECF-471C-B273-712756B08BCE}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{13B384FC-3EB0-4DC6-8EC2-930B5F5D6387}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{147AADA6-F4B6-41E7-B7E6-EB459EBF80AA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{14C1F576-EF9D-4130-9F54-1BC1E4799472}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{18047ED5-4313-4B62-853F-4BC941889B51}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{201725D3-3DD9-49BF-B45C-7AFF846391C5}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{2031218C-60B9-4779-B54C-FF9D58533982}" = dir=in | name=@{microsoft.reader_6.2.9200.20624_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{203CCD01-DE02-4858-9712-A5C468D4E375}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{2250D6B4-FEE7-4272-BCA3-46931F11E764}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{242D8001-C118-44BD-AD1A-C480B53EC622}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{296A2201-7C10-473E-B92F-0ED0017F39A4}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |

"{2ACDAFE8-3352-4493-ACF5-77C1306C892C}" = dir=in | name=onenote |

"{2AEA0148-FDFA-4721-B028-0B8E989EBD38}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{2C6446C7-AC1D-41C3-AE83-0F1BC5CE7E97}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{2CDC8079-1DE5-4A9E-97AA-9776E28F6691}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{32E9D940-93DB-4D10-BC74-A7C5E1B7C509}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{34B3219F-82C0-4119-9921-B63402456B2E}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |

"{39A56B19-405C-4E36-A3A9-A11305543F5A}" = dir=out | name=@{microsoft.zunevideo_1.2.150.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{3B72DD1E-9E6A-4987-8E98-606B520E454A}" = dir=in | name=overdrive media console |

"{3D61A0CF-4A26-4889-9332-09FFC55E4E34}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{47BAB8F7-DBD3-4846-B50A-43B1A1E7AA39}" = dir=in | name=ebay |

"{4984DE69-F1D7-4DC3-AB35-262630A31163}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{49A7A0DC-A7F0-40AA-9F5A-11188A2629E4}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{4D044F08-5B34-4DD3-AC51-E27904F1E46D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{4D221976-3D29-4103-8884-B0EA880362AD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{4EE844C6-C339-45BE-A08F-981F8AD01293}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{4F38E45C-AA25-4C0D-BF10-610CBE6978DE}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{5222DBD0-F823-4F64-BA29-C51E7BDFBB07}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{5389340D-C4AD-4E01-9896-5F0AB1579B1B}" = dir=out | name=cbc news |

"{57455A2E-944D-43BA-A916-34AF3D12FC2C}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{5A62D95E-963B-4248-8722-85BAF7F04A4E}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |

"{5E19A2B3-C514-4DAD-A4E2-2D19B310523D}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{5E2E0D95-0F90-46DA-BDE9-2B413A03AA3C}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{604E5453-DDAE-45E8-95F2-2744E13B1304}" = dir=out | name=tunein radio |

"{6292693E-DD4B-4F21-91A7-4606E4D8DAEA}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{655AB828-61A2-4226-A1E3-8F922C5EC2E5}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |

"{674A5239-0D7F-4775-BC32-7CADE38C2BF6}" = dir=out | name=@{microsoft.zunemusic_1.2.150.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{6E97F0E3-2491-48AF-9AED-5360CAFE709F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{70810961-1AEF-4C8E-80DC-703DE0279B86}" = dir=out | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |

"{71EFE272-FCB0-490C-8D56-4ECC6E92A447}" = dir=out | name=ebay |

"{725FC4A2-B8CC-4675-A059-F10A0E5455C5}" = dir=in | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{73D14F98-6585-46A1-B245-1607753CC039}" = dir=in | name=@{microsoft.skypeapp_1.5.0.109_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |

"{75BB335A-69D4-4FDF-9015-AF95885D0B4D}" = dir=out | name=mediamonkey |

"{77C2D87D-0E8C-482E-A214-64BC5D93F597}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{78D89888-48F6-487C-B173-B29274ECAFFA}" = dir=out | name=xmarks |

"{79B13F7B-CC3D-4A14-AE56-C69EB0E09F79}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{7DEC4A13-944F-4EBD-BF83-6248FBDC31FF}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{80CF4182-DD52-4096-91EA-2B72F110A7EA}" = dir=out | name=shazam |

"{822570B5-0EF4-4DEF-9679-63352F2B6A4C}" = dir=out | name=bollywood music |

"{826FF46A-CAE7-4B02-8A98-5671542C795B}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{852AB426-8B0C-4B4D-BC7A-24880BAC6DBF}" = dir=out | name=netflix |

"{87651C24-CDA0-4465-9A54-574FE38773A7}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{8D1CBE22-4F6B-4A5B-BE9D-1F115802B474}" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\local\microsoft\skydrive\skydrive.exe |

"{907E7A3E-1EA3-42EC-B6C2-0BF808E61A95}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"{943EE8B5-2EC5-4B5B-A747-2724B8138967}" = dir=out | name=tedx video |

"{971E2AB8-4F56-4C0A-BACC-C182FAB9EF62}" = dir=in | name=metrotwit |

"{99977CD7-1701-4E32-A8E5-2B569B49D30E}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{99FE8213-F84D-4860-AE86-5ACCA6D77CE9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |

"{9A036E53-034B-4797-8856-0B6ECCD9DF43}" = dir=out | name=@{microsoft.xboxlivegames_1.2.143.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |

"{9C476648-59D4-4F17-BBF8-55BE2C4E62A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9C90CB59-3F8F-4DB5-A7D8-7F98F877D205}" = dir=out | name=xkcd reader |

"{9CB8E646-4755-4A83-A671-0B99F53FA056}" = dir=in | name=cbc news |

"{A17D26A0-4DE6-44EE-927B-178241164407}" = dir=in | name=box |

"{A309620A-4678-43A3-9BC7-0D26E94437D6}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{A46BCEEC-7FE1-4E92-A2A5-217EC6DEF042}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{A70E6BCB-10F5-484D-A4CB-4B840386B496}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{A7A7C7DE-B670-459F-A9F7-ACCF350AB973}" = dir=in | name=@{microsoft.remotedesktop_6.2.9200.20523_neutral__8wekyb3d8bbwe?ms-resource://microsoft.remotedesktop/resources/displayname} |

"{AAF7B2ED-B905-490F-9C3F-3AE0FEE13974}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{AB3838CE-CC0E-4E28-B5FB-06B0E4B58CB1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{ACEF3BE6-9E60-44D7-9700-B4011CB7DDAE}" = protocol=6 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |

"{AD4F25A4-05CA-48E5-A846-918885BA9378}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{ADAA21A7-DF62-4A3B-B585-4265F8427CE8}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |

"{ADB36FAA-00C8-4B4C-8DB0-9DB296CD0336}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{AE2511CE-6961-4EF1-BEB6-78E4D768D2A8}" = dir=out | name=overdrive media console |

"{B01F1082-FDFF-4988-91FE-959AF3D81C41}" = dir=out | app=c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe |

"{B0FB6A71-BADC-439A-8E9E-E0AF1118F3EE}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{B4DC5BE1-87F0-4A70-B7A2-563435CD3ED3}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{B62997E6-AFE6-4045-B1A5-2DA2681A3AFC}" = dir=out | name=@{thenewyorktimes.thenewyorktimes_1.7.0.38_x86__3q5wqmazkcmtm?ms-resource://thenewyorktimes.thenewyorktimes/resources/appname} |

"{B8F2A93C-B754-4C20-ADBD-B216C4A2992D}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |

"{B985460B-536F-40F8-938B-C7D7670E9405}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |

"{BAA2925E-8A65-4F26-8D4D-3E78B15A141B}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |

"{BDE75CCC-C7FD-49DE-98C1-93B068F2321E}" = dir=out | name=onenote |

"{BE9AA5B5-EFB5-4104-8D89-C32303765387}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{BF8B9B6D-65F2-4AF4-A9D4-166DD9CC868A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BFBA6348-48D9-4621-A06C-7ECAF645F8D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{C18BA994-38C1-45C9-8DBA-D740AA817DDD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{C1A1B6ED-2C8E-4153-BC8B-320BE7EDF289}" = dir=out | name=@{microsoft.bing_1.5.1.259_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{C40320E9-1B32-437F-A566-F75CFBD0ADBD}" = dir=out | name=@{nationalfilmboard-officen.nfbfilms_1.0.0.84_neutral__bwkzsd84v83pe?ms-resource://nationalfilmboard-officen.nfbfilms/resources/packagedisplayname} |

"{C5579F86-B3D3-4D64-ABCF-1D6A7CB69D13}" = dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |

"{C719F0F7-65CC-449D-8935-0880CEAE520C}" = dir=in | app=c:\program files\ubuntuone\dist\ubuntuone-syncdaemon.exe |

"{C7663704-8A08-476A-A6C4-2F63B8EF0D71}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{C7F4C9B2-3295-4E80-80BD-D89F306184C0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |

"{CC39D8FF-AB7F-41B9-B09D-B588B1F763EE}" = dir=out | name=@{microsoft.reader_6.2.9200.20624_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{CFE1A235-DB41-44BC-A293-362CB9FD6AC2}" = dir=out | name=windows_ie_ac_001 |

"{D0CB6094-8817-4E13-88DD-275F7CF49247}" = dir=out | name=podcasts! |

"{D29EEF33-F561-49DB-B571-387298377A7A}" = dir=out | name=box |

"{D439B871-BFA8-4EBF-BA4B-04E578BB6F64}" = dir=out | name=@{54490martinsuchan.apod_1.2.0.9_neutral__aabn1bapetf12?ms-resource://54490martinsuchan.apod/resources/appname} |

"{D50DD941-9FB4-477C-8E69-77BD56116458}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{D6370236-2DFD-4F7C-BF9B-CF8319239276}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{D772B4E4-3CDF-4C26-A368-4892A6B9AD97}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |

"{D835F19E-EAFE-425F-A518-473BDBF8B416}" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |

"{D9E91052-242F-4139-86DF-B88381F68D31}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

"{DA6971A8-1B46-49C3-91AC-E2ECA8EE8B19}" = dir=out | name=comics |

"{DB5E36FE-BA56-48C7-B8B3-5ACAB0FAC082}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |

"{DCA1B554-017D-449E-B4A9-3934B7CD4FFD}" = dir=out | name=lastpass |

"{DD79D4DA-7357-4394-A345-CFAC155ED19F}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |

"{DE5AAB3D-B22F-48C0-9747-38F71E548B82}" = dir=out | name=duckduckgo |

"{DF4D7EDC-F935-4F80-A12A-C5F687FEFF3C}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

"{DFCDF4E8-382D-4032-8524-FF2A98476240}" = protocol=17 | dir=in | app=c:\program files\codemeter\runtime\bin\codemeter.exe |

"{E018C3E6-4CD3-4481-A2E1-A073B0AF7BF8}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{E4EC8EF8-7D92-4649-8A88-057C4F092656}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{E533090E-CE57-40CC-AFC7-A7834EF093C6}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |

"{E5ED4A84-4956-4F14-A1F4-06E8CF61E7B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E6AF60A6-9DA6-4304-8421-DE8514740548}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |

"{E71E36E8-DBF3-4049-8259-664036EAFDDD}" = dir=out | name=code writer |

"{E785D944-212A-4B0D-943C-3A85E04F2A5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{E87C4EB6-6F4C-4E7F-8385-633B5F0CA2DD}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

"{EB7F7582-044E-40D6-8E8E-E260AFEE86CF}" = protocol=6 | dir=out | app=system |

"{EF37A183-9BE2-4561-A201-3097A943E9A3}" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\local\microsoft\skydrive\skydrive.exe |

"{F0550BDB-BCC0-42CA-B2C1-D7908BC26322}" = dir=in | name=mediamonkey |

"{F1B317DF-68AE-40D0-8D86-3A6A635C7712}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"{F1DA9A43-BA94-46BE-9CC7-9743FFB89DDB}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{F1F74525-D374-4462-9CA6-600981EFC417}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |

"{F476919E-106E-4C06-90B3-E0875745BD7C}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |

"{F59B5196-7BB4-4D86-965B-34511342FDC8}" = dir=out | name=@{microsoft.bing_1.2.0.137_x86__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |

"{F6BA8CFE-3176-4B34-8100-894577EA6F81}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{F84B21EA-4054-45C9-8B33-619299DB1323}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |

"{F9E4B273-7C99-49FE-815A-F8D0381C4DD9}" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |

"{FB43C1C8-B952-48C9-827D-1E763992FBBE}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x86__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |

"{FCA76690-941A-47D0-B70C-74F7C2F174E8}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |

"{FD49BF46-F485-4725-BAB1-9FAB2D486391}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FE629ECD-0C20-475D-AA06-30837B2DA106}" = dir=out | name=evernote touch |

"TCP Query User{12EC4927-7E27-4ABA-8EB4-BF4A8CF24895}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"TCP Query User{2034AF7E-19EA-4847-BCDB-7EEE6B65144F}C:\users\sluggo\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\roaming\torrentstream\engine\tsengine.exe |

"TCP Query User{2DF9952D-1BCD-4ED9-9586-CAA0C4AB9BEB}C:\program files\winscp\winscp.exe" = protocol=6 | dir=in | app=c:\program files\winscp\winscp.exe |

"TCP Query User{2E7D9B0A-F1C8-4BD3-8314-39D04E840A47}C:\program files\mediamonkey\mediamonkey.exe" = protocol=6 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |

"TCP Query User{3A57075C-6149-4C06-AED7-0A0915222EB1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{4F0FE272-46B6-4423-94A0-12642F2F9020}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

"TCP Query User{60912EAC-8962-40A9-A78D-EC6A3C7064B6}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

"TCP Query User{6EF070A1-CB03-42E8-A5BD-F8C18753B7D7}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"TCP Query User{6F536030-ACF2-4CA5-8215-87A53B4C016C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"TCP Query User{78068B5E-DBC6-41B1-A271-DBEE57405993}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"TCP Query User{9985B076-33DA-47B4-B51E-D2D06D831200}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"TCP Query User{9C8CA2A5-8FE7-438D-9B6E-5C6A47E30942}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"TCP Query User{A8943017-A0CD-4451-BA30-6B52E7167B0E}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"TCP Query User{BBCA2255-5D32-4CD8-9A1E-C5F09093FF6E}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

"TCP Query User{BC5522BC-BB3D-4045-9A20-327EA455D4D7}C:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{C30EE840-6660-4133-A43E-FF91DE6A6332}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"TCP Query User{D0596603-ADD0-4639-B331-1C8899223D47}C:\users\sluggo\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sluggo\appdata\local\google\chrome\application\chrome.exe |

"TCP Query User{DD4A756E-C93D-49D8-AB1E-740C4002384A}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |

"UDP Query User{13CC2E45-1E9F-46B4-930C-07509B5130A8}C:\program files\ihmc cmaptools\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\ihmc cmaptools\jre\bin\javaw.exe |

"UDP Query User{1AC02086-E3A4-4B97-A2A4-9D1C196C3957}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

"UDP Query User{2BB85561-9E3D-4E5B-B31F-04763B00002B}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |

"UDP Query User{2E629715-12FB-47AD-9CCD-3B8EFD44E511}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"UDP Query User{33E4026C-E8C2-473A-A583-3373E2AD3C11}C:\users\sluggo\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\local\google\chrome\application\chrome.exe |

"UDP Query User{39CD5655-9280-449D-BF37-95DDA7FFB74D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

"UDP Query User{4FF95729-1E94-41A9-88CF-80F9D1E08291}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

"UDP Query User{59D989A8-F149-494A-8B3E-5291F0C1EA00}C:\program files\winscp\winscp.exe" = protocol=17 | dir=in | app=c:\program files\winscp\winscp.exe |

"UDP Query User{66D45794-B63B-4615-8B7F-59EBB42B6C86}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

"UDP Query User{795DBA34-6872-4386-8206-DF0A6F360FF4}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |

"UDP Query User{933E6927-29C4-442F-BA4E-EF108B6D997B}C:\users\sluggo\appdata\roaming\torrentstream\engine\tsengine.exe" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\roaming\torrentstream\engine\tsengine.exe |

"UDP Query User{9D63E20E-6A1D-4CC2-81C8-B49576E74600}C:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\sluggo\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{B6140DCD-5F0E-4CBC-A6CD-CC2DE53031D1}C:\program files\mediamonkey\mediamonkey.exe" = protocol=17 | dir=in | app=c:\program files\mediamonkey\mediamonkey.exe |

"UDP Query User{BAF69C13-8DBC-4CF3-9D42-688E64AEA2E7}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{BD98D733-78DA-43B9-8CD5-C7B33E6F0C02}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |

"UDP Query User{BF3A3D62-3A73-4B40-A51F-B15186045714}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

"UDP Query User{C6341948-A8DC-4E59-9E04-72542AD2F234}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |

"UDP Query User{E08E698F-B8BA-4930-810E-C2A84819BDC3}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0AA86CEE-2C8C-4ABB-8F95-B8D8E852C62C}" = SportTracks 3.1

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center

"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center

"{0ECCA7BA-19CE-0F7F-6652-EED1FAD7CC49}" = CCC Help Czech

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{1117D1E5-D9F8-49DB-D8A1-E266BCC89B9C}" = CCC Help Russian

"{12CAA28E-56CA-4C3D-B3F2-7311540DD410}" = TurboTax 2011

"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1BB61F91-77F7-9EF1-9C7D-36701E70ECF0}" = CCC Help Dutch

"{1C7FB1F8-E7FF-7D8E-95B9-E007126CBC73}" = CCC Help Greek

"{1D0773A5-D1B4-24F7-C717-8C35E9FD750B}" = CCC Help Danish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite

"{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}" = EPSON TWAIN 5

"{25DD8FD0-07DE-98E2-1D60-BE935C363C63}" = CCC Help Chinese Traditional

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17

"{26BB4500-04A7-11C7-0E93-168004253F38}" = CCC Help Korean

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor

"{3278D13B-3784-EAF8-1028-A536E270CBC0}" = AMD Drag and Drop Transcoding

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg

"{402ED4A1-8F5B-387A-8688-997ABF58B8F2}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{409D321C-47A0-D570-DB39-54B7F30BED95}" = CCC Help Thai

"{4229F016-3A60-439E-B626-DE4BD457469F}" = BlackBerry Device Manager 7.0

"{422EB670-90F6-4332-AEAE-5128AFF84FDD}" = Python 2.7 pycrypto-2.3

"{43AF3F3F-C45E-867F-95CC-6680AEF4F98F}" = AMD Accelerated Video Transcoding

"{43C6BA0A-A298-D103-1425-3F8260F1A15C}" = CCC Help Spanish

"{45E1DDD6-F0B3-F82A-A055-A87275904619}" = CCC Help Turkish

"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth

"{49351FE8-DB8F-4C56-9DA6-B2D6CE3F7BF8}" = ActiveState ActivePython 2.7.2.5 (32-bit)

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1

"{4E7AE84C-431F-F3B2-ECBC-CAD2F1C61F8D}" = CCC Help French

"{547981FC-9D40-9FA9-1BFD-EF4DBCAAFD45}" = AMD Catalyst Install Manager

"{55A75679-02D1-4C8C-85CA-B4E4DF4D775F}" = MSM32Installer

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource

"{604B2A5C-B1CE-45B2-ADCC-6B7C721AC3AC}" = LibreOffice 4.0.1.2

"{612601db-4776-4127-bab5-d84b8644e530}" = Native Instruments Traktor Kontrol X1

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{619976AC-89EE-4312-9772-17AF4024D91D}" = Catalyst Control Center

"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{647BB978-2876-487B-9B0E-FDB73F0EA4A2}" = Garmin Communicator Plugin

"{657B90EF-9B12-4E9C-A7C1-1120845C2C75}_is1" = PythonTurtle 0.1

"{67DA5C74-128B-97ED-B39B-6C93F924A35E}" = ccc-utility

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{698E1D29-890E-492A-826E-273F423CB5D2}" = Catalyst Control Center Localization All

"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition

"{6D1BFFEB-E7BE-D616-55EC-6A9BE7B8649F}" = CCC Help Swedish

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{719284C0-44B2-2D87-1B0C-2C608869316F}" = CCC Help Hungarian

"{726DDC29-79B3-41B4-BDBF-97DF25BF1EA8}" = TurboTax 2012

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72A8CA9D-4DAA-7A25-2251-C9DFD42156AB}" = CCC Help English

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7CD50476-F4AD-7664-C0E7-28429E58BE0C}" = CCC Help German

"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop

"{7DD3FB68-AB3B-433D-87D6-A5649667AFDD}" = DDPB Installer

"{7F5AA637-A4D3-24B5-6EF5-7F6F83E0669D}" = BlackBerry Tablet OS Graphical Aid

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8537ABE9-DCE4-4149-A0B4-9926E449AD01}" = ESET NOD32 Antivirus

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90BE1F21-89DF-1942-B0C5-D2C4F27EF6B8}" = CCC Help Japanese

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9389A2A7-826F-484C-886C-835D658264C5}" = LEGO MINDSTORMS NXT - English Language Pack

"{93ABEFF9-A4B1-FCA6-3680-5DC4DFFAFFD8}" = CCC Help Portuguese

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{982E7D4A-22A4-3031-064B-1025ACB101EB}" = CCC Help Finnish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™

"{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2

"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help

"{A1902990-45CF-44E2-B01A-88E721EF242B}" = LEGO MINDSTORMS NXT Software v2.0

"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime

"{A261F28E-6053-4414-9B84-AA8FE5F47AD4}_is1" = Cartes du Ciel V3.4.1

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA6208C5-AB9A-4A77-B9AD-DDB139BC28AE}" = Box for Office

"{AB259D81-DE6B-4554-B4A8-DB13D321FBF2}" = calibre

"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_954" = Adobe Acrobat 9.5.4 - CPSID_83708

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{AE29D445-8164-4CD1-8824-FCE85C0BB179}" = Adobe Creative Suite 5 Design Standard

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{AF25AEFA-F76B-48A7-A709-C69AD56AED51}" = CodeMeter Runtime Kit v3.20c

"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource

"{B2CF1869-8727-4F9C-BA7D-807CA9F7C528}" = Magic Bullet Quick Looks (for MAGIX)

"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3

"{C3D7886E-967C-4D9F-8973-9EEA6AB28E3D}" = Quicken 2011

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{C6418568-02B0-1263-6442-6C45CAAA5514}" = CCC Help Polish

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{C9DEC19E-B1A6-51DB-6238-CD2F42F2A526}" = CCC Help Norwegian

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CEF74FA3-534B-E0BD-4F0D-2A52E087041A}" = AMD Media Foundation Decoders

"{D07205E7-F6D3-4333-AFCC-782A07685B72}" = OverDrive Media Console

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support

"{D7B6DE67-C7EA-4268-A651-611C13B0C3DA}" = Ableton Live 8

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DC6B3DF3-897E-EAC3-10AF-39908F333885}" = Catalyst Control Center Graphics Previews Common

"{DEC42A57-C791-660A-C88F-6B2A31C165B8}" = CCC Help Chinese Standard

"{DF56EB5C-7E7A-D405-1B01-ECC0CAD8E709}" = Catalyst Control Center InstallProxy

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E4C92944-F31A-3FB0-C3B0-D7C5950B1D82}" = Adobe Download Assistant

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EC8BF669-EFEA-40D9-8894-9074E407FC07}" = NI VC2008MSMs x86

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F13FADA9-0337-52A8-3D8D-9C0F52DCC928}" = CCC Help Italian

"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support

"{F7982D9E-D925-4E2E-8C24-1EFF7CCB14C5}" = Garmin BlueChart Americas v8.5

"{FA2B75F7-6037-4C34-9F3B-3E4320C4CC61}" = LEGO MINDSTORMS NXT Driver

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)

"7-Zip" = 7-Zip 9.20

"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

"Admiral Quality Poly-Ana 1.x" = Admiral Quality Poly-Ana 1.x

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"ASIO4ALL" = ASIO4ALL

"Audacity_is1" = Audacity 2.0.2

"BlackBerry_HandheldManager" = BlackBerry Device Manager 7.0

"Cakewalk Rapture_is1" = Rapture 1.1

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"CheckSum Tool" = CheckSum Tool 0.7.0

"ClPhpEd" = ClPhpEd(remove only)

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"ComicRack" = ComicRack v0.9.155

"Digital Editions" = Adobe Digital Editions

"DVDFab 8 Qt_is1" = DVDFab 8.1.6.3 (11/02/2012) Qt

"Echo3G PCI" = Echo3G PCI

"Extreme Sample Converter 3_is1" = Extreme Sample Converter 3.5.9

"foobar2000" = foobar2000 v1.1.10

"FreeFileSync" = FreeFileSync 5.10

"GeoSetter_is1" = GeoSetter 3.4.16

"Guru" = Guru

"IHMC CmapTools v5.04.02" = IHMC CmapTools v5.04.02

"ImgBurn" = ImgBurn

"InstallShield_{9F308117-9B2F-45EB-9FAF-B59CD8339673}" = MapSource - Topo Canada v2

"Line 6 Uninstaller" = Line 6 Uninstaller

"LinuxLive USB Creator" = LinuxLive USB Creator

"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1

"Main" = BlackBerry Tablet OS Graphical Aid

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100

"MediaMonkey_is1" = MediaMonkey 4.0

"Mozilla Firefox 19.0.2 (x86 en-US)" = Mozilla Firefox 19.0.2 (x86 en-US)

"Mozilla Thunderbird 17.0.4 (x86 en-US)" = Mozilla Thunderbird 17.0.4 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Mp3tag" = Mp3tag v2.52

"Native Instruments Controller Editor" = Native Instruments Controller Editor

"Native Instruments Service Center" = Native Instruments Service Center

"Native Instruments Traktor" = Native Instruments Traktor

"Native Instruments Traktor Kontrol X1" = Native Instruments Traktor Kontrol X1

"Notepad++" = Notepad++

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"Ohmboyz VST2" = OhmForce Ohmboyz VST2

"Open Codecs" = Xiph.Org Open Codecs 0.85.17777

"OSP Tracker" = Tracker

"OziExplorer 3.95_is1" = OziExplorer 3.95

"Picasa 3" = Picasa 3

"Project5 Version 2.5" = Project5 Version 2.5

"Revo Uninstaller" = Revo Uninstaller 1.94

"Samplitude 10 US" = Samplitude 10 10.0.0.0 (US)

"Scratch" = Scratch

"Sketchpad" = Sketchpad

"SopCast" = SopCast 3.4.0

"sp6" = Logitech SetPoint 6.32

"Stellarium_is1" = Stellarium 0.11.1

"StreamTorrent 1.0" = StreamTorrent 1.0

"TrainingPeaks WKO+" = TrainingPeaks WKO+

"TrueCrypt" = TrueCrypt

"Ultra Analog VA-1" = Applied Acoustics Systems - Ultra Analog VA-1 v1.1.2

"VLC media player" = VLC media player 2.0.5

"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.46-1

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.3.8

"xampp" = XAMPP 1.7.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4213201847-2594826557-910303953-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)

"Dropbox" = Dropbox

"Energy Skate Park" = Energy Skate Park

"Faraday's Electromagnetic Lab" = Faraday's Electromagnetic Lab

"Generator" = Generator

"Google Chrome" = Google Chrome

"LastPass" = LastPass (uninstall only)

"SkyDriveSetup.exe" = Microsoft SkyDrive

"States of Matter" = States of Matter

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/1/2013 7:03:03 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\RealtimeSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/2/2013 2:39:33 PM | Computer Name = sluggo-PC | Source = Application Hang | ID = 1002

Description = The program wmplayer.exe version 12.0.9200.16420 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 1a20 Start

Time: 01cde9179eb1c100 Termination Time: 31 Application Path: C:\Program Files\Windows

Media Player\wmplayer.exe Report Id: bc0ad831-550b-11e2-afb3-001bfcb2d46b Faulting

package full name: Faulting package-relative application ID:

Error - 1/3/2013 7:02:06 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/3/2013 7:02:06 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\RealtimeSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2013 10:04:15 PM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/4/2013 10:04:16 PM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\RealtimeSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2013 7:01:22 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2013 7:01:22 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\RealtimeSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/6/2013 2:11:31 PM | Computer Name = sluggo-PC | Source = WAS-LA | ID = 7005

Description =

Error - 1/6/2013 9:52:48 PM | Computer Name = sluggo-PC | Source = WAS-LA | ID = 7005

Description =

Error - 1/7/2013 7:02:29 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\FreeFileSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/7/2013 7:02:30 AM | Computer Name = sluggo-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\Program Files\FreeFileSync\Bin\RealtimeSync_x64.exe".

Dependent

Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Cisco AnyConnect VPN Client Events ]

Error - 10/15/2012 10:24:50 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:

855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)

Description:

NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 10/15/2012 10:24:50 PM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:

190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)

Description:

NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target

Error - 11/3/2012 10:38:54 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 11/8/2012 2:14:53 AM | Computer Name = SLUGGO-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 11/14/2012 7:40:36 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 11/14/2012 11:24:30 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 11/16/2012 10:33:49 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 11/28/2012 7:23:04 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

Error - 12/3/2012 12:50:24 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67110873

Description = Termination reason code 7: The agent has been stopped.

Error - 12/3/2012 12:50:26 AM | Computer Name = sluggo-PC | Source = vpnagent | ID = 67108866

Description = Function: fileExists File: .\Utility\sysutils.cpp Line: 500 Invoked Function:

_tstat Return Code: 2 (0x00000002) Description: The system cannot find the file specified.

File:

C:\ProgramData\Cisco\Cisco AnyConnect VPN Client\InitialFirewallConfig.wfw Error:

No such file or directory

[ Media Center Events ]

Error - 3/22/2013 5:22:30 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 2:22:30 AM - Error connecting to the internet. 2:22:30 AM - Unable

to contact server..

Error - 3/22/2013 5:23:03 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 2:23:00 AM - Error connecting to the internet. 2:23:00 AM - Unable

to contact server..

Error - 3/22/2013 6:23:34 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 3:23:34 AM - Error connecting to the internet. 3:23:34 AM - Unable

to contact server..

Error - 3/22/2013 6:24:08 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 3:24:03 AM - Error connecting to the internet. 3:24:03 AM - Unable

to contact server..

Error - 3/22/2013 7:24:36 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 4:24:36 AM - Error connecting to the internet. 4:24:36 AM - Unable

to contact server..

Error - 3/22/2013 7:25:06 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 4:25:05 AM - Error connecting to the internet. 4:25:05 AM - Unable

to contact server..

Error - 3/22/2013 8:25:35 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 5:25:35 AM - Error connecting to the internet. 5:25:35 AM - Unable

to contact server..

Error - 3/22/2013 8:26:05 AM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 5:26:04 AM - Error connecting to the internet. 5:26:04 AM - Unable

to contact server..

Error - 3/22/2013 5:24:12 PM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 2:24:12 PM - Error connecting to the internet. 2:24:12 PM - Unable

to contact server..

Error - 3/22/2013 5:24:45 PM | Computer Name = sluggo-PC | Source = MCUpdate | ID = 0

Description = 2:24:41 PM - Error connecting to the internet. 2:24:41 PM - Unable

to contact server..

[ System Events ]

Error - 8/26/2012 1:29:56 PM | Computer Name = sluggo-PC | Source = DCOM | ID = 10016

Description =

Error - 8/27/2012 6:16:15 AM | Computer Name = sluggo-PC | Source = DCOM | ID = 10010

Description =

Error - 8/27/2012 6:16:21 AM | Computer Name = sluggo-PC | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with the following service-specific

error: %%1

Error - 8/31/2012 12:03:56 AM | Computer Name = sluggo-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NlaSvc service.

Error - 8/31/2012 2:24:57 AM | Computer Name = sluggo-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the NlaSvc service.

Error - 9/3/2012 12:59:04 PM | Computer Name = sluggo-PC | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 9/8/2012 10:34:46 AM | Computer Name = sluggo-PC | Source = WMPNetworkSvc | ID = 866333

Description =

Error - 9/12/2012 6:20:09 AM | Computer Name = sluggo-PC | Source = DCOM | ID = 10010

Description =

Error - 9/12/2012 6:21:12 AM | Computer Name = sluggo-PC | Source = Service Control Manager | ID = 7024

Description = The Apache2.2 service terminated with the following service-specific

error: %%1

Error - 9/16/2012 1:01:49 PM | Computer Name = sluggo-PC | Source = Schannel | ID = 36887

Description = A fatal alert was received from the remote endpoint. The TLS protocol

defined fatal alert code is 80.

< End of report >

[Maniac]

Please try to run aswMBR in Safe mode.

http://windows.microsoft.com/en-US/windows-8/windows-startup-settings-including-safe-mode

[shmish]

I tried, but aswMBR still froze.

It looked like it froze while going through one of the user/local/temp folders. Perhaps I can delete all of my temp files first?

thanks

[Maniac]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

  :files
  ipconfig /flushdns /c
  :Commands
  [emptytemp]
  [clearallrestorepoints]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[shmish]

All processes killed

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\sluggo\Downloads\cmd.bat deleted successfully.

C:\Users\sluggo\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default.migrated

User: DefaultAppPool

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56504 bytes

User: emma

->Temp folder emptied: 288030 bytes

->Temporary Internet Files folder emptied: 13186839 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 1134569703 bytes

->Flash cache emptied: 94820 bytes

User: grady

->Temp folder emptied: 107172 bytes

->Temporary Internet Files folder emptied: 5548927 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 1693007 bytes

->Flash cache emptied: 57964 bytes

User: Mcx1-SLUGGO-PC

->Temp folder emptied: 668 bytes

->Temporary Internet Files folder emptied: 37887 bytes

->Flash cache emptied: 56504 bytes

User: Public

->Temp folder emptied: 0 bytes

User: sluggo

->Temp folder emptied: 5613598340 bytes

->Temporary Internet Files folder emptied: 362843576 bytes

->Java cache emptied: 124443239 bytes

->FireFox cache emptied: 453001378 bytes

->Google Chrome cache emptied: 403717000 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 15388052 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 29520624 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 279922872 bytes

RecycleBin emptied: 320249 bytes

Total Files Cleaned = 8,048.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 04062013_103956

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Maniac]

Please generate a new fresh OTL log file and tell me how is your system now.

[shmish]

My computer seems to be working fine, I'm not noticing any issues.

OTL logfile created on: 4/7/2013 11:11:45 AM - Run 2

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sluggo\Desktop

An unknown product (Version = 6.2.9200) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16519)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.37% Memory free

4.69 Gb Paging File | 3.14 Gb Available in Paging File | 66.96% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 260.48 Gb Total Space | 86.62 Gb Free Space | 33.25% Space Free | Partition Type: NTFS

Drive D: | 4.02 Gb Total Space | 3.95 Gb Free Space | 98.31% Space Free | Partition Type: NTFS

Computer Name: SLUGGO-PC | User Name: sluggo | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/03 17:17:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sluggo\Desktop\OTL.exe

PRC - [2013/03/22 15:32:26 | 000,168,536 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe

PRC - [2013/03/12 00:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2013/01/08 08:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

PRC - [2012/12/18 13:14:27 | 000,642,816 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/11/05 21:20:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhostex.exe

PRC - [2012/11/05 21:20:42 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/10/10 22:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2012/07/25 20:20:44 | 000,045,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dasHost.exe

PRC - [2012/07/03 23:21:18 | 000,453,632 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe

PRC - [2012/07/03 23:20:42 | 000,217,088 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe

PRC - [2011/11/06 23:44:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2011/11/02 02:00:44 | 000,090,448 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

PRC - [2011/10/07 02:40:42 | 001,387,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe

PRC - [2011/09/27 12:05:24 | 000,149,784 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe

PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

PRC - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe

PRC - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) -- c:\xampp\apache\bin\httpd.exe

PRC - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2010/10/19 10:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

PRC - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

PRC - [2008/04/09 21:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

PRC - [2008/04/09 21:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

PRC - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

PRC - [2008/04/09 21:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/07 02:41:16 | 000,879,896 | ---- | M] () -- C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll

MOD - [2009/02/27 17:39:29 | 000,019,968 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU

MOD - [2009/02/27 17:32:27 | 000,020,480 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA

MOD - [2008/04/09 19:46:56 | 001,328,408 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll

========== Services (SafeList) ==========

SRV - [2013/03/22 15:32:26 | 000,168,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)

SRV - [2013/03/07 19:03:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/02/02 01:39:33 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofmsvc.dll -- (netprofm)

SRV - [2013/01/28 17:02:40 | 000,013,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - [2013/01/09 16:26:37 | 001,532,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wlidsvc.dll -- (wlidsvc)

SRV - [2013/01/09 16:26:01 | 000,349,696 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsm.dll -- (LSM)

SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/18 12:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/12/05 21:23:01 | 000,114,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\TimeBrokerServer.dll -- (TimeBroker)

SRV - [2012/12/05 21:22:59 | 000,117,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\SystemEventsBrokerServer.dll -- (SystemEventsBroker)

SRV - [2012/11/05 21:54:13 | 002,205,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\spool\drivers\w32x86\3\PrintConfig.dll -- (PrintNotify)

SRV - [2012/11/05 21:18:36 | 000,136,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)

SRV - [2012/09/19 23:32:32 | 002,151,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\WSService.dll -- (WSService)

SRV - [2012/09/19 22:53:51 | 000,095,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\fhsvc.dll -- (fhsvc)

SRV - [2012/09/19 22:53:35 | 000,142,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\bisrv.dll -- (BrokerInfrastructure)

SRV - [2012/07/25 20:20:19 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wiarpc.dll -- (WiaRpc)

SRV - [2012/07/25 20:20:13 | 000,226,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wcmsvc.dll -- (Wcmsvc)

SRV - [2012/07/25 20:20:11 | 000,192,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\vaultsvc.dll -- (VaultSvc)

SRV - [2012/07/25 20:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

SRV - [2012/07/25 20:20:04 | 000,010,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\svsvc.dll -- (svsvc)

SRV - [2012/07/25 20:19:54 | 000,132,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2012/07/25 20:19:40 | 002,028,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2012/07/25 20:19:21 | 000,138,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\NcaSvc.dll -- (NcaSvc)

SRV - [2012/07/25 20:19:21 | 000,062,976 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\NcdAutoSetup.dll -- (NcdAutoSetup)

SRV - [2012/07/25 20:18:47 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\keyiso.dll -- (KeyIso)

SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2012/07/25 20:18:41 | 000,408,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2012/07/25 20:18:24 | 000,027,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\efssvc.dll -- (EFS)

SRV - [2012/07/25 20:18:18 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\DeviceSetupManager.dll -- (DsmSvc)

SRV - [2012/07/25 20:18:13 | 000,261,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\das.dll -- (DeviceAssociationService)

SRV - [2012/07/25 20:17:58 | 000,109,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AUInstallAgent.dll -- (AllUserInstallAgent)

SRV - [2012/07/25 20:17:52 | 000,060,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicvss)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmictimesync)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicshutdown)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicrdv)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmickvpexchange)

SRV - [2012/07/25 17:27:36 | 000,276,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\icsvc.dll -- (vmicheartbeat)

SRV - [2012/07/03 23:20:42 | 000,217,088 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2011/11/06 23:44:37 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/09/27 12:03:28 | 000,295,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)

SRV - [2011/09/10 02:43:18 | 000,018,432 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\xampp\apache\bin\httpd.exe -- (Apache2.2)

SRV - [2011/05/24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2011/04/26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2010/10/19 10:34:26 | 003,791,872 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)

SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2008/04/09 22:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2008/04/09 21:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007/12/20 19:01:02 | 000,060,928 | ---- | M] () [Auto | Stopped] -- c:\xampp\service.exe -- (XAMPP)

SRV - [2007/02/22 20:53:16 | 002,217,416 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\vmci.sys -- (vmci)

DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\jswpslwf.sys -- (jswpslwf)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DRIVERS\athr.sys -- (athr)

DRV - [2013/02/06 18:49:00 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\pdc.sys -- (pdc)

DRV - [2013/02/02 02:00:11 | 000,361,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBHUB3.SYS -- (USBHUB3)

DRV - [2013/02/02 00:31:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)

DRV - [2013/01/28 17:02:46 | 000,029,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdBoot.sys -- (WdBoot)

DRV - [2013/01/28 16:07:34 | 000,193,936 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\WdFilter.sys -- (WdFilter)

DRV - [2013/01/09 18:07:00 | 000,024,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpiowin32.sys -- (msgpiowin32)

DRV - [2012/12/24 10:03:25 | 000,231,760 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\truecrypt.sys -- (truecrypt)

DRV - [2012/11/26 20:53:14 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BthhfHid.sys -- (bthhfhid)

DRV - [2012/11/19 21:56:58 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hidi2c.sys -- (hidi2c)

DRV - [2012/11/05 20:52:56 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\fxppm.sys -- (FxPPM)

DRV - [2012/10/12 00:12:33 | 000,023,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/10/10 22:45:31 | 000,050,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\dam.sys -- (dam)

DRV - [2012/10/10 22:28:23 | 000,046,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\sdstor.sys -- (sdstor)

DRV - [2012/09/20 00:09:32 | 000,031,464 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\cnghwassist.sys -- (cnghwassist)

DRV - [2012/09/19 23:34:12 | 000,268,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\USBXHCI.SYS -- (USBXHCI)

DRV - [2012/09/19 23:34:10 | 000,179,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\UCX01000.SYS -- (UCX01000)

DRV - [2012/09/19 23:34:07 | 000,097,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\msgpioclx.sys -- (GPIOClx0101)

DRV - [2012/09/19 23:30:10 | 000,121,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\tpm.sys -- (TPM)

DRV - [2012/07/25 21:17:18 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\condrv.sys -- (condrv)

DRV - [2012/07/25 20:48:44 | 000,058,608 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\acpiex.sys -- (acpiex)

DRV - [2012/07/25 20:42:33 | 000,068,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\lsi_sss.sys -- (LSI_SSS)

DRV - [2012/07/25 20:42:32 | 000,099,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)

DRV - [2012/07/25 20:42:32 | 000,070,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\EhStorClass.sys -- (EhStorClass)

DRV - [2012/07/25 20:42:31 | 000,085,232 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\3ware.sys -- (3ware)

DRV - [2012/07/25 20:42:19 | 000,285,424 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\VSTXRAID.SYS -- (VSTXRAID)

DRV - [2012/07/25 20:42:19 | 000,080,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VerifierExt.sys -- (VerifierExt)

DRV - [2012/07/25 20:42:18 | 000,076,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\uaspstor.sys -- (UASPStor)

DRV - [2012/07/25 20:42:18 | 000,066,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storahci.sys -- (storahci)

DRV - [2012/07/25 20:42:15 | 000,238,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\spaceport.sys -- (spaceport)

DRV - [2012/07/25 20:42:15 | 000,059,120 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\mvumis.sys -- (mvumis)

DRV - [2012/07/25 20:40:36 | 000,038,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\wfplwfs.sys -- (WFPLWFS)

DRV - [2012/07/25 20:40:10 | 000,256,240 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\clfs.sys -- (CLFS)

DRV - [2012/07/25 20:39:55 | 000,029,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\terminpt.sys -- (terminpt)

DRV - [2012/07/25 20:33:00 | 000,130,024 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmbus.sys -- (vmbus)

DRV - [2012/07/25 20:33:00 | 000,042,344 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\vmstorfl.sys -- (storflt)

DRV - [2012/07/25 20:33:00 | 000,032,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\storvsc.sys -- (storvsc)

DRV - [2012/07/25 19:38:42 | 000,141,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\mqac.sys -- (MQAC)

DRV - [2012/07/25 19:37:58 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2012/07/25 19:36:54 | 000,042,496 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicDisplay.sys -- (BasicDisplay)

DRV - [2012/07/25 19:36:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\mshidumdf.sys -- (mshidumdf)

DRV - [2012/07/25 19:36:36 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\HyperVideo.sys -- (HyperVideo)

DRV - [2012/07/25 19:36:35 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\BasicRender.sys -- (BasicRender)

DRV - [2012/07/25 19:35:30 | 000,006,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vms3cap.sys -- (s3cap)

DRV - [2012/07/25 19:35:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\npsvctrig.sys -- (npsvctrig)

DRV - [2012/07/25 19:35:10 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\kdnic.sys -- (kdnic)

DRV - [2012/07/25 19:35:06 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpitime.sys -- (acpitime)

DRV - [2012/07/25 19:35:04 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\vmgencounter.sys -- (gencounter)

DRV - [2012/07/25 19:34:43 | 000,008,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\acpipagr.sys -- (acpipagr)

DRV - [2012/07/25 19:34:42 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\WpdUpFltr.sys -- (WpdUpFltr)

DRV - [2012/07/25 19:34:22 | 000,018,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2012/07/25 19:34:04 | 000,010,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\hyperkbd.sys -- (hyperkbd)

DRV - [2012/07/25 19:33:53 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SerCx.sys -- (SerCx)

DRV - [2012/07/25 19:33:50 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SpbCx.sys -- (SpbCx)

DRV - [2012/07/25 19:33:29 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbGD.sys -- (TsUsbGD)

DRV - [2012/07/25 19:33:16 | 000,044,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\bthhfenum.sys -- (BthHFEnum)

DRV - [2012/07/25 19:32:54 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/07/25 19:32:53 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\dmvsc.sys -- (dmvsc)

DRV - [2012/07/25 19:32:02 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\wpcfltr.sys -- (wpcfltr)

DRV - [2012/07/25 19:31:11 | 000,110,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\NdisImPlatform.sys -- (NdisImPlatform)

DRV - [2012/07/25 19:30:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\mslldp.sys -- (MsLldp)

DRV - [2012/07/25 19:30:39 | 000,084,480 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\Ndu.sys -- (Ndu)

DRV - [2012/07/25 15:49:38 | 000,214,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\e1e6032.sys -- (e1express)

DRV - [2012/07/03 23:58:12 | 010,070,016 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmdag.sys -- (amdkmdag)

DRV - [2012/07/03 22:10:30 | 000,290,304 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\atikmpag.sys -- (amdkmdap)

DRV - [2012/06/02 07:31:29 | 000,055,808 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\l160x86.sys -- (AtcL001)

DRV - [2011/11/06 18:19:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\timntr.sys -- (timounter)

DRV - [2011/11/06 18:19:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2011/11/06 18:19:33 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\snapman.sys -- (snapman)

DRV - [2011/11/06 18:19:30 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\tdrpman.sys -- (tdrpman)

DRV - [2011/09/01 23:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2011/09/01 23:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2011/08/09 14:24:52 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\Drivers\eamonm.sys -- (eamonm)

DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\epfwwfpr.sys -- (epfwwfpr)

DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\Drivers\ehdrv.sys -- (ehdrv)

DRV - [2011/04/21 02:09:50 | 000,029,272 | ---- | M] (Grass Valley K.K.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\cdrblock.sys -- (cdrblock)

DRV - [2010/01/08 15:15:38 | 000,209,880 | ---- | M] (Echo Digital Audio Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\echo3g.sys -- (echo3g)

DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 71 F8 0F 2D E9 9C CC 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {63A2E55C-6134-4788-BB5B-A7BC39DF187A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{63A2E55C-6134-4788-BB5B-A7BC39DF187A}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKCU\..\SearchScopes\{DE7F01D9-F0ED-4A0C-AEC7-5652905CC9DC}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: checkit%40lovinglinux.megabyet.net:1.1.4

FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5

FF - prefs.js..extensions.enabledAddons: foxmarks%40kei.com:4.1.3

FF - prefs.js..extensions.enabledAddons: ShortenURL%40loucypher:0.3.8

FF - prefs.js..extensions.enabledAddons: %7B2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9%7D:2.3.4

FF - prefs.js..extensions.enabledAddons: %7B563e4790-7e70-11da-a72b-0800200c9a66%7D:0.9f

FF - prefs.js..extensions.enabledAddons: %7B75CEEE46-9B64-46f8-94BF-54012DE155F0%7D:0.4.10

FF - prefs.js..extensions.enabledAddons: zoompage%40DW-dev:5.3

FF - prefs.js..extensions.enabledAddons: zotero%40chnm.gmu.edu:3.0.11

FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20

FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.13

FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.5.1

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0034-ABCDEFFEDCBA%7D:6.0.34

FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35

FF - prefs.js..extensions.enabledAddons: zoteroWinWordIntegration%40zotero.org:3.1.12

FF - prefs.js..extensions.enabledAddons: %7Ba1109c2a-1187-4027-901d-13097b755625%7D:0.83

FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.8.307

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2

FF - prefs.js..keyword.URL: "https://duckduckgo.com/?q="

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sluggo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sluggo\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 19:03:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/02 19:47:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/11/02 17:46:52 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/07 19:03:58 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/04/02 19:47:43 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011/11/06 18:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Extensions

[2013/03/27 10:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions

[2012/11/07 22:37:27 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

[2012/12/01 19:41:31 | 000,000,000 | ---D | M] ("RoxioNow Player Plugin") -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{3112ca9c-de6d-4884-a869-9855de680400}

[2013/03/07 20:06:26 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

[2011/11/08 00:09:04 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\DeviceDetection@logitech.com

[2013/03/27 10:21:09 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\donottrackplus@abine.com

[2012/09/19 17:23:36 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\foxmarks@kei.com

[2013/02/15 18:43:37 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\support@lastpass.com

[2012/12/19 08:45:54 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zotero@chnm.gmu.edu

[2013/03/27 09:14:03 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zoteroWinWordIntegration@zotero.org

[2013/03/07 18:49:24 | 000,275,665 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\artur.dubovoy@gmail.com.xpi

[2011/12/19 20:25:52 | 000,276,952 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\bettergmail2@ginatrapani.org.xpi

[2011/12/25 12:09:13 | 000,034,709 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\checkit@lovinglinux.megabyet.net.xpi

[2013/02/24 18:36:14 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\firebug@software.joehewitt.com.xpi

[2011/12/25 11:55:16 | 000,089,481 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\md5rehasher@phoneixs.es.xpi

[2011/11/17 05:26:58 | 000,037,338 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\ShortenURL@loucypher.xpi

[2012/12/16 17:44:32 | 000,051,527 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\zoompage@DW-dev.xpi

[2012/04/01 09:00:06 | 000,010,707 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{563e4790-7e70-11da-a72b-0800200c9a66}.xpi

[2012/06/09 09:29:11 | 000,028,993 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}.xpi

[2013/03/27 10:20:56 | 000,086,058 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{a1109c2a-1187-4027-901d-13097b755625}.xpi

[2013/03/05 19:59:20 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi

[2012/09/05 23:22:47 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi

[2013/03/06 17:06:18 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js

[2012/10/08 09:20:49 | 000,010,316 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Mozilla\Firefox\Profiles\aw12le5i.default\searchplugins\duckduckgo.xml

[2013/03/07 19:03:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2013/03/07 19:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2013/03/07 19:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2013/03/07 19:03:58 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/09/09 19:26:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2013/02/27 19:27:56 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage:

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\Application\26.0.1410.43\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

CHR - plugin: nplastpass (Enabled) = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\1.80.1_0\nplastpass.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

CHR - plugin: DeLorme Send To GPS (Enabled) = C:\Program Files\DeLorme\SendToGPS\nppnplugin.dll

CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

CHR - plugin: Java Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll

CHR - Extension: Xmarks Bookmark Sync = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\

CHR - Extension: Xmarks Bookmark Sync = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.24_0\.bak

CHR - Extension: YouTube = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\

CHR - Extension: Google Search = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Delicious Tools = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gclkcflnjahgejhappicbhcpllkpakej\1.6.1_0\

CHR - Extension: LastPass = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\

CHR - Extension: Gmail = C:\Users\sluggo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/07/08 11:13:07 | 000,000,027 | ---- | M]) - C:\Windows\System32\Drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Microsoft SPFS Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL File not found

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AMD AVT] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [bingDesktop] C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)

O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKCU..\Run: [skyDrive] C:\Users\sluggo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)

O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\sluggo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass File not found

O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files\LastPass\context.html?cmd=fillforms File not found

O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: DhcpNameServer = 192.168.100.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B74A15E9-18B1-4402-9A5B-96341AC5C6F8}: NameServer = 208.122.23.22,208.122.23.23

O18 - Protocol\Handler\intu-tt2011 {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - C:\Program Files\TurboTax 2011\ic2011pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\intu-tt2012 {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/06 10:39:56 | 000,000,000 | ---D | C] -- C:\_OTL

[2013/04/06 08:36:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss

[2013/04/03 22:57:52 | 000,000,000 | ---D | C] -- C:\Users\sluggo\Desktop\Sharing-Cart-2-master

[2013/04/03 22:57:52 | 000,000,000 | ---D | C] -- C:\Users\sluggo\Desktop\sharing_cart

[2013/04/03 17:17:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\sluggo\Desktop\OTL.exe

[2013/04/02 19:47:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird

[2013/03/31 10:16:21 | 000,000,000 | ---D | C] -- C:\Users\sluggo\Desktop\RK_Quarantine

[2013/03/31 09:38:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/03/31 09:38:05 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2013/03/31 09:37:53 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Local\Programs

[2013/03/28 13:18:14 | 000,000,000 | ---D | C] -- C:\Users\sluggo\Desktop\Hashcat

[2013/03/24 07:43:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/03/23 15:50:40 | 000,000,000 | ---D | C] -- C:\Users\sluggo\AppData\Roaming\LibreOffice

[2013/03/23 15:48:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0

[2013/03/23 15:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System64

[2013/03/23 15:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\LibreOffice 4.0

[2013/03/18 18:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/03/18 18:42:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/03/18 12:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2013/03/18 12:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\AMD AVT

[2013/03/18 12:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\AMD APP

[2013/03/18 12:46:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2013/03/18 12:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2013/03/18 12:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2013/03/09 09:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\TurboTax 2012

[2011/11/26 09:56:27 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\sluggo\AppData\Roaming\pcouffin.sys

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/07 11:11:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001UA.job

[2013/04/07 10:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/07 08:11:00 | 000,000,860 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4213201847-2594826557-910303953-1001Core.job

[2013/04/07 02:40:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/06 11:00:24 | 000,796,792 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2013/04/06 11:00:24 | 000,159,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2013/04/06 10:53:58 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2013/04/06 10:51:50 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys

[2013/04/06 10:51:46 | 2790,981,632 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/04 06:47:43 | 000,002,056 | ---- | M] () -- C:\Users\sluggo\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk

[2013/04/04 00:04:35 | 000,000,600 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\winscp.rnd

[2013/04/03 17:17:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sluggo\Desktop\OTL.exe

[2013/04/01 16:24:38 | 000,001,262 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

[2013/04/01 11:36:33 | 000,017,398 | ---- | M] () -- C:\Users\sluggo\Desktop\studentcentered.PNG

[2013/03/31 10:41:18 | 000,001,456 | ---- | M] () -- C:\Users\sluggo\AppData\Local\Adobe Save for Web 12.0 Prefs

[2013/03/31 09:38:08 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/30 10:39:22 | 000,001,051 | ---- | M] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/27 10:16:03 | 000,007,925 | ---- | M] () -- C:\Users\sluggo\Desktop\scratch.PNG

[2013/03/27 08:59:40 | 005,098,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/24 07:43:14 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/23 15:48:54 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk

[2013/03/15 19:50:00 | 000,135,107 | ---- | M] () -- C:\Users\sluggo\Desktop\sdXSau9.jpg

[2013/03/09 20:21:32 | 000,004,057 | ---- | M] () -- C:\Users\sluggo\Desktop\gjegighh.png

[2013/03/09 13:43:38 | 001,180,243 | ---- | M] () -- C:\Users\sluggo\Desktop\video_car_sliding_across.mov

[2013/03/09 09:35:50 | 000,001,862 | ---- | M] () -- C:\Users\Public\Desktop\TurboTax Canada 2012.lnk

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/01 11:36:33 | 000,017,398 | ---- | C] () -- C:\Users\sluggo\Desktop\studentcentered.PNG

[2013/03/31 09:38:08 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/03/30 10:39:22 | 000,001,051 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/27 10:16:03 | 000,007,925 | ---- | C] () -- C:\Users\sluggo\Desktop\scratch.PNG

[2013/03/24 07:43:14 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk

[2013/03/23 15:48:54 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 4.0.lnk

[2013/03/19 10:01:06 | 000,002,261 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk

[2013/03/18 07:57:39 | 005,098,976 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/03/15 19:50:00 | 000,135,107 | ---- | C] () -- C:\Users\sluggo\Desktop\sdXSau9.jpg

[2013/03/09 20:21:32 | 000,004,057 | ---- | C] () -- C:\Users\sluggo\Desktop\gjegighh.png

[2013/03/09 13:43:37 | 001,180,243 | ---- | C] () -- C:\Users\sluggo\Desktop\video_car_sliding_across.mov

[2013/03/09 09:35:50 | 000,001,862 | ---- | C] () -- C:\Users\Public\Desktop\TurboTax Canada 2012.lnk

[2013/01/11 21:21:19 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2012/12/22 11:33:07 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\OEMLicense.dll

[2012/12/20 01:19:49 | 000,021,316 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2012/12/20 00:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2012/11/19 08:19:17 | 000,087,608 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\inst.exe

[2012/11/07 23:11:23 | 000,001,197 | ---- | C] () -- C:\Users\sluggo\.tracker.prefs

[2012/11/07 23:11:23 | 000,000,158 | ---- | C] () -- C:\Users\sluggo\.tracker_starter.prefs

[2012/08/04 12:02:02 | 000,200,468 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTAIODAT.DAT

[2012/08/03 21:20:54 | 000,000,143 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2012/07/25 23:55:27 | 000,796,792 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2012/07/25 23:55:27 | 000,296,742 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2012/07/25 23:55:27 | 000,159,916 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2012/07/25 23:55:27 | 000,033,362 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2012/07/25 23:53:47 | 000,215,943 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2012/07/25 23:53:46 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2012/07/25 23:03:55 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2012/07/25 19:05:12 | 000,022,530 | ---- | C] () -- C:\WINDOWS\System32\32mereg.dll

[2012/07/25 18:20:38 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\BthpanContextHandler.dll

[2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\BWContextHandler.dll

[2012/07/25 13:41:36 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin

[2012/07/25 13:24:47 | 000,526,068 | ---- | C] () -- C:\WINDOWS\System32\staticurllist.bin

[2012/07/13 19:00:46 | 000,043,882 | ---- | C] () -- C:\WINDOWS\System32\srms.dat

[2012/07/04 03:32:18 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\clinfo.exe

[2012/07/03 22:27:30 | 000,204,952 | ---- | C] () -- C:\WINDOWS\System32\ativvsvl.dat

[2012/07/03 22:27:30 | 000,157,144 | ---- | C] () -- C:\WINDOWS\System32\ativvsva.dat

[2012/06/20 05:00:00 | 000,007,639 | ---- | C] () -- C:\Users\sluggo\AppData\Local\Resmon.ResmonCfg

[2012/06/02 13:25:24 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\settings.dat

[2012/06/02 07:31:24 | 001,520,828 | ---- | C] () -- C:\WINDOWS\System32\WpcNBModel.bin

[2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2012/04/18 19:39:06 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\kdbsdk32.dll

[2012/03/14 21:31:41 | 000,001,536 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Sketchpad 5 Preferences.dat

[2012/03/13 00:32:07 | 000,002,470 | ---- | C] () -- C:\Users\sluggo\.powerupdate.user.properties

[2012/03/06 10:59:32 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2012/01/16 17:51:16 | 000,000,099 | ---- | C] () -- C:\Users\sluggo\webct_upload_applet.properties

[2011/12/19 15:36:57 | 000,031,232 | ---- | C] () -- C:\Users\sluggo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/12/17 21:00:52 | 000,000,600 | ---- | C] () -- C:\Users\sluggo\AppData\Local\PUTTY.RND

[2011/12/10 10:42:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\FxShared.dll

[2011/12/10 10:42:59 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\com.fxpansion.fxshared.dll

[2011/12/09 21:02:10 | 000,154,806 | ---- | C] () -- C:\Users\sluggo\IRIMG2.BMP

[2011/12/09 21:02:10 | 000,021,222 | ---- | C] () -- C:\Users\sluggo\IRIMG1.BMP

[2011/12/09 21:02:07 | 000,090,344 | ---- | C] () -- C:\Users\sluggo\irunin.dat

[2011/12/09 21:02:07 | 000,008,939 | ---- | C] () -- C:\Users\sluggo\irunin.xml

[2011/11/27 13:26:16 | 000,001,456 | ---- | C] () -- C:\Users\sluggo\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/11/27 12:43:17 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Sam10_E.INI

[2011/11/27 12:19:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll

[2011/11/27 12:05:30 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2011/11/27 12:05:09 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2011/11/27 09:44:49 | 000,000,132 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Adobe BMP Format CS5 Prefs

[2011/11/26 09:56:27 | 000,007,887 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\pcouffin.cat

[2011/11/26 09:56:27 | 000,001,144 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\pcouffin.inf

[2011/11/21 09:05:28 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\pavedius6db.dat

[2011/11/16 08:24:50 | 000,000,132 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2011/11/11 16:31:47 | 000,000,600 | ---- | C] () -- C:\Users\sluggo\AppData\Roaming\winscp.rnd

[2011/11/07 20:09:44 | 000,028,674 | ---- | C] () -- C:\WINDOWS\System32\prckrep.dll

[2011/09/12 15:06:16 | 000,003,917 | ---- | C] () -- C:\WINDOWS\System32\atipblag.dat

[2011/06/24 13:38:34 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll

[2011/06/24 13:38:34 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll

[2009/01/30 14:35:56 | 000,000,373 | ---- | C] () -- C:\Users\sluggo\PSPaudioware.com.html

[2009/01/28 11:22:43 | 001,027,019 | ---- | C] () -- C:\Users\sluggo\PSP Nitro Operation Manual.pdf

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 16:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/07/25 20:20:13 | 000,354,304 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/04/07 10:46:29 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\.minecraft

[2012/11/19 08:20:19 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\.Torrent Stream

[2012/08/24 13:08:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Ableton

[2011/12/09 20:49:06 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Applied Acoustics Systems

[2013/01/10 00:27:28 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Audacity

[2013/02/06 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Blackboard

[2012/06/16 14:30:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Box

[2012/04/14 08:26:40 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Box.Net

[2012/11/06 07:25:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\calibre

[2011/12/25 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Canneverbe Limited

[2011/11/30 01:47:42 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Canopus

[2012/07/30 13:00:47 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/12/25 12:12:30 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ChecksumTool

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLCakePHP

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLCodeIgniter

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLDrupal

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLFacebook

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLJoomla

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLJQuery

[2011/11/17 06:47:53 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ClPhpEd

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSmarty

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSMySQL

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLSymfony

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLWordPress

[2011/11/17 06:12:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CLYii

[2012/08/02 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CmapTools

[2011/11/17 06:11:55 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\CodeLobster Php Edition

[2012/07/30 09:47:42 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/09/06 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\cYo

[2013/04/06 10:55:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Dropbox

[2012/03/14 05:51:46 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\DVDFab

[2012/07/30 00:16:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\EasyHtml5Video.com

[2011/12/13 19:04:35 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Echo PCI Console

[2011/11/06 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Elluminate

[2012/11/23 01:17:03 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\foobar2000

[2012/12/30 19:04:19 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\FreeFileSync

[2011/12/10 14:20:16 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\FXpansion

[2012/12/26 11:04:44 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Garmin

[2012/04/09 11:14:36 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\GeoSetter

[2012/11/11 11:03:08 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\ImgBurn

[2011/11/07 22:59:52 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Leadertech

[2013/03/23 15:50:40 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\LibreOffice

[2011/12/03 15:37:29 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Line 6

[2012/12/28 12:21:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MAGIX

[2012/12/16 09:05:27 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Main

[2012/11/23 02:52:46 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MediaMonkey

[2012/03/13 21:49:01 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\MoveFab

[2012/10/22 20:48:31 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Mp3tag

[2012/08/25 13:43:25 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\No Company Name

[2012/06/17 23:13:41 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Notepad++

[2012/08/25 14:14:02 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Origin

[2012/11/04 09:31:26 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\OverDrive

[2011/12/03 12:09:50 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Propellerhead Software

[2012/12/28 11:56:18 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\simplitec

[2012/01/14 19:37:24 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\skychart

[2012/08/25 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\SPORE

[2012/01/14 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Stellarium

[2012/10/27 07:09:25 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\StreamTorrent

[2012/11/12 13:46:03 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TechSmith

[2011/11/07 01:09:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Thunderbird

[2012/12/24 10:05:32 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TrueCrypt

[2012/12/02 21:30:13 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[2012/11/19 08:19:21 | 000,000,000 | ---D | M] -- C:\Users\sluggo\AppData\Roaming\Vso

========== Purity Check ==========

< End of report >

[Maniac]

You are using old version (5) of ESET NOD32 Antivirus. Please upgrade your antivirus.

http://kb.eset.com/esetkb/index?page=content&id=SOLN2476&actp=search&viewlocale=en_US&searchid=1365365242882

Then perform a full system scan and let me know about the results.

[shmish]

Thanks, I updated ESET and a scan shows no threats.

[Maniac]

How is your system now?

[shmish]

It's good. No issues.

[Maniac]

Glad I could help!

Please run OTL and click on CleanUp button.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!