Jump to content

Recommended Posts

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

Link to post
Share on other sites

OK - Just to make sure, I totally deleted all of uTorrent, even the stuff in the "roaming" folder.

 

I had to break this up, becuase I got a message that said: Post too long.

 

# AdwCleaner v3.013 - Report created 24/11/2013 at 07:31:24
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : gurpsgm - GURPSGM-PC
# Running from : C:\Users\gurpsgm\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\gurpsgm\AppData\Local\filetypeassistant
Folder Deleted : C:\Users\gurpsgm\AppData\Roaming\DriverCure

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\FLEXnet

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [18254 octets] - [20/11/2013 07:39:37]
AdwCleaner[R1].txt - [1092 octets] - [20/11/2013 08:08:12]
AdwCleaner[R2].txt - [1318 octets] - [20/11/2013 17:00:38]
AdwCleaner[R3].txt - [2173 octets] - [24/11/2013 07:30:46]
AdwCleaner[s0].txt - [17869 octets] - [20/11/2013 07:40:31]
AdwCleaner[s1].txt - [1156 octets] - [20/11/2013 08:09:04]
AdwCleaner[s2].txt - [1389 octets] - [20/11/2013 17:01:14]
AdwCleaner[s3].txt - [2069 octets] - [24/11/2013 07:31:24]

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2129 octets] ##########

 

More in next post...

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03

Ran by gurpsgm (administrator) on GURPSGM-PC on 24-11-2013 07:46:50

Running from C:\Users\gurpsgm\Desktop

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchService.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE

(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

() C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(Alcatel-Lucent) C:\Program Files\Verizon\McciTrayApp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

(Saitek) C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

(Saitek) C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

(Microsoft Corporation) C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe

(Google) C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

() C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Acer Group) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

() C:\OEM\USBDECTION\USBS3S4Detection.exe

(UC-Logic Technology Corp.) C:\Windows\System32\drivers\WTSrv.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Verizon_McciTrayApp] - C:\Program Files\Verizon\McciTrayApp.exe [3432448 2010-03-17] (Alcatel-Lucent)

HKLM\...\Run: [ProfilerU] - C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [310272 2010-07-29] (Saitek)

HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [186904 2009-10-13] (Intel Corporation)

HKLM\...\Run: [saiVolume] - C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe [186880 2009-09-04] (Saitek)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 1999-12-31] (Realtek Semiconductor)

HKLM\...\Run: [mylbx] - C:\Program Files\My Lockbox\mylbx.exe [2584864 2013-07-06] (FSPro Labs)

HKCU\...\Run: [screenshot Captor] - C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [7941304 2013-09-13] (DonationCoder)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)

HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1

HKCU\...\Policies\Explorer: [NoInstrumentation] 1

HKCU\...\Policies\Explorer: [NoCDBurning] 1

HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)

HKLM-x32\...\Run: [atr.exe] - [x]

HKLM-x32\...\Run: [nmapp] - C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe [472112 2009-07-08] (Cisco Systems, Inc.)

HKLM-x32\...\Run: [EMET Notifier] - C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe [152680 2012-07-19] (Microsoft Corporation)

HKLM-x32\...\Run: [Google Desktop Search] - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-06-22] (Google)

HKLM-x32\...\Run: [sDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)

HKLM-x32\...\Run: [RegZooka Scheduler] - C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe [408064 2013-05-28] ()

HKU\Default\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-01-14] ()

HKU\Default User\...\RunOnce: [scrSav] - C:\Program Files (x86)\Gateway\Screensaver\run_Gateway.exe [154144 2010-01-14] ()

AppInit_DLLs:  "C:\PROGRA~2\Google\Google Desktop     [ ] ()

Startup: C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk

ShortcutTarget: AnyTime.lnk -> C:\Program Files (x86)\AnyTime Organizer Premier\ISI Launcher.exe (Individual Software Inc.)

Startup: C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

Startup: C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search

SearchScopes: HKCU - DefaultScope {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}

SearchScopes: HKCU - {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}

BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)

BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File

BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)

BHO-x32: Send to MyInfo (Attachment) - {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll (Milenix Software Ltd.)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Send to MyInfo - {A1AD13F3-B8F0-4584-8088-8BCBDB42663F} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll (Milenix Software Ltd.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)

DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

ShellExecuteHooks-x32:  - {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} -  No File [ ]

Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521

FF SelectedSearchEngine: Google

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()

FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)

FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)

FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.91 - C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Users\gurpsgm\Music\Winamp Detect\npwachk.dll (Nullsoft, Inc.)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\gurpsgm\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)

FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\gurpsgm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF

 

Chrome:

=======

CHR Extension: (Docs) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Command & Conquer Tiberium Alliances) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0

CHR Extension: (Skype Click to Call) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0

CHR Extension: (Norton Identity Protection) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0

CHR Extension: ( "name":"Advanced SystemCare Surfing Protection",) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0

CHR Extension: (Chrome In-App Payments service) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0

CHR Extension: (Gmail) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR Extension: (Space Planet) - C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppcocpoeoiajndepaaimnnglicichmbb\1.1_0

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\gurpsgm\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx

CHR HKLM-x32\...\Chrome\Extension: [nfengeggddojhakldhlpjdlddgkkjkdd] - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASC_GhromePlugin.crx

CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-25] (Adobe Systems)

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)

S4 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)

S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2013-06-22] (Google)

S2 HPSLPSVC; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [151552 2011-06-16] ()

S3 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [335168 2013-04-25] (IObit)

R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1164328 2013-09-09] (iolo technologies, LLC)

R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)

R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-03-17] (Alcatel-Lucent)

R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-04] (Symantec Corporation)

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)

R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

S4 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-05-28] (Nitro PDF Software)

S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)

R2 NZ; C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe [143856 2013-11-10] (Symantec Corporation)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

S3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2013-03-07] (Seagate Technology LLC)

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)

R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()

R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)

R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2011-09-23] (UC-Logic Technology Corp.)

R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]

S3 jswpsapi;

 

==================== Drivers (Whitelisted) ====================

 

S2 ASPI32; No ImagePath

S3 bcgame; C:\Windows\System32\drivers\bcgame.sys [35328 2007-08-14] (Belkin Corporation)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-10-22] (Symantec Corporation)

R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

R1 ccSet_NZ; C:\Windows\system32\drivers\NZx64\01000F0.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()

S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)

R0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131122.001\IDSvia64.sys [521816 2013-10-28] (Symantec Corporation)

S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MREMP50a64; No ImagePath

S3 MREMPR5; No ImagePath

S3 MRENDIS5; No ImagePath

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-03-17] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50a64; No ImagePath

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131123.001\ENG64.SYS [126040 2013-11-19] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131123.001\EX64.SYS [2099288 2013-11-19] (Symantec Corporation)

S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34336 2013-03-26] (IObit.com)

R3 SaiK0728; C:\Windows\System32\DRIVERS\SaiK0728.sys [160264 1999-12-31] (Saitek)

R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [22792 2010-08-10] (Saitek)

R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [50056 2010-08-10] (Saitek)

R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)

R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-09-25] (Symantec Corporation)

R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-08-05] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)

R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)

S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-03-26] (IObit.com)

R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)

S3 WinRing0_1_2_0; No ImagePath

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

S3 dfg; \??\C:\Windows\system32\drivers\dfg.sys [x]

U3 DfSdkS;

S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]

==================== NetSvcs (Whitelisted) ===================

 

==================== One Month Created Files and Folders ========

 

2013-11-24 07:46 - 2013-11-24 07:47 - 00032027 _____ C:\Users\gurpsgm\Desktop\FRST.txt

2013-11-24 07:40 - 2013-11-24 07:40 - 00000000 ___DC C:\FRST

2013-11-24 07:34 - 2013-11-24 07:34 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\FileTypeAssistant

2013-11-24 07:29 - 2013-11-24 07:29 - 01958396 _____ (Farbar) C:\Users\gurpsgm\Desktop\FRST64.exe

2013-11-24 07:23 - 2013-11-24 07:23 - 01091882 _____ C:\Users\gurpsgm\Desktop\AdwCleaner.exe

2013-11-23 07:02 - 2013-11-23 07:39 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\NPE

2013-11-23 06:36 - 2013-11-24 07:33 - 00000280 _____ C:\Windows\setupact.log

2013-11-23 06:36 - 2013-11-24 07:07 - 00014860 _____ C:\Windows\PFRO.log

2013-11-23 06:36 - 2013-11-23 06:36 - 00000000 _____ C:\Windows\setuperr.log

2013-11-22 17:06 - 2013-11-22 17:06 - 00000927 _____ C:\Users\gurpsgm\Desktop\AIMP3.lnk

2013-11-22 17:01 - 2013-11-22 17:01 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\mIRC

2013-11-22 17:00 - 2013-11-22 17:01 - 00000000 ____D C:\Program Files (x86)\mIRC

2013-11-22 16:52 - 2013-11-22 16:52 - 00002100 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

2013-11-22 16:49 - 2013-11-22 16:49 - 00000000 ___DC C:\Program Files\Wireshark

2013-11-22 11:46 - 2013-11-22 11:46 - 00000000 _____ C:\Users\gurpsgm\AppData\Local\2046_991.log

2013-11-22 06:52 - 2013-11-22 06:52 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-11-21 14:00 - 2013-11-21 15:54 - 00000000 ___DC C:\ComboFix

2013-11-21 14:00 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-21 14:00 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-21 14:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-21 14:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-21 14:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-21 14:00 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-21 14:00 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-21 14:00 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-21 13:59 - 2013-11-21 14:00 - 00000000 ___DC C:\Qoobox

2013-11-20 09:52 - 2013-11-22 18:00 - 00000468 _____ C:\Windows\Tasks\SparkTrust Registration3.job

2013-11-20 09:52 - 2013-11-20 09:52 - 00003136 _____ C:\Windows\System32\Tasks\SparkTrust Registration3

2013-11-20 09:51 - 2013-11-24 07:34 - 00000478 _____ C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job

2013-11-20 09:51 - 2013-11-23 02:46 - 00000426 _____ C:\Windows\Tasks\SparkTrust Update Version3.job

2013-11-20 09:51 - 2013-11-21 05:56 - 00003244 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3

2013-11-20 09:51 - 2013-11-20 17:04 - 00000526 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job

2013-11-20 09:51 - 2013-11-20 09:51 - 00003448 _____ C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus

2013-11-20 09:51 - 2013-11-20 09:51 - 00002908 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\SparkTrust

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\ProgramData\SparkTrust

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\Program Files (x86)\SparkTrust

2013-11-20 08:45 - 2013-11-20 08:45 - 00000000 ___DC C:\sh4ldr

2013-11-20 08:45 - 2013-11-20 08:45 - 00000000 ___DC C:\Program Files\Enigma Software Group

2013-11-20 08:45 - 2013-11-20 08:45 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2013-11-20 08:45 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys

2013-11-20 08:43 - 2013-11-20 08:45 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP

2013-11-20 08:37 - 2013-11-20 17:15 - 00000000 ____D C:\Program Files (x86)\Spigot Removal Tool

2013-11-20 08:37 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll

2013-11-20 08:37 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll

2013-11-20 08:37 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\Windows\eSellerateEngine.dll

2013-11-20 08:37 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\Windows\eSellerateControl350.dll

2013-11-20 08:23 - 2013-11-20 08:23 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2013-11-20 07:52 - 2013-11-20 07:52 - 00000000 ____D C:\Windows\ERUNT

2013-11-20 07:39 - 2013-11-24 07:31 - 00000000 ___DC C:\AdwCleaner

2013-11-19 11:11 - 2013-11-19 11:16 - 00000000 ____D C:\Users\gurpsgm\Documents\My IMS Projects

2013-11-19 11:11 - 2013-11-19 11:11 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Virtual Mechanics

2013-11-19 11:11 - 2013-11-19 11:11 - 00000000 ____D C:\ProgramData\Virtual Mechanics

2013-11-19 11:10 - 2013-11-19 11:10 - 00000000 ____D C:\Program Files (x86)\Virtual Mechanics

2013-11-19 07:43 - 2013-11-19 07:43 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Malwarebytes

2013-11-19 07:43 - 2013-11-19 07:43 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-19 07:43 - 2013-11-19 07:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-19 07:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2013-11-19 06:52 - 2013-11-19 07:31 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\LogMeIn Rescue Applet

2013-11-19 06:38 - 2013-11-19 07:39 - 00003874 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RS

2013-11-19 06:38 - 2013-11-19 07:39 - 00003684 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_UP

2013-11-19 06:38 - 2013-11-19 06:38 - 00003878 _____ C:\Windows\System32\Tasks\PCHB_WaitAndStartAfter

2013-11-19 06:38 - 2013-11-19 06:38 - 00003684 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RN

2013-11-19 06:38 - 2013-11-19 06:38 - 00003684 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RM

2013-11-18 23:19 - 2013-11-21 10:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-18 13:22 - 2013-11-18 13:22 - 00001140 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Calendar Wizard 4.lnk

2013-11-13 10:02 - 2013-11-13 10:02 - 00000000 ____D C:\Users\gurpsgm\Documents\Updater

2013-11-13 07:24 - 2013-11-16 13:10 - 00000000 ___DC C:\Vocation

2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 ___DC C:\Transits

2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 ___DC C:\TNA_db

2013-11-13 07:22 - 2013-11-13 07:22 - 00000000 ___DC C:\SE_Triple_Aspects

2013-11-13 07:22 - 2013-11-13 07:22 - 00000000 ___DC C:\SE_Quadruple_Aspects

2013-11-13 07:22 - 2013-11-13 07:22 - 00000000 ___DC C:\SE_Aspectarian

2013-11-13 07:22 - 2006-06-30 13:20 - 00434176 _____ C:\Windows\SysWOW64\swedll32.dll

2013-11-13 07:21 - 2013-11-13 07:22 - 00000000 ___DC C:\AstroWin

2013-11-13 07:21 - 1998-10-15 13:04 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msvbvm50.dll

2013-11-13 07:19 - 2013-11-13 07:21 - 00000000 ___DC C:\Astro123

2013-11-13 07:19 - 2004-08-04 01:30 - 00260880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Msflxgrd.ocx

2013-11-12 13:30 - 2013-11-12 13:30 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\WhiteListing

2013-11-12 12:37 - 2013-11-12 12:37 - 00000000 ____D C:\Program Files (x86)\Kyodai Mahjongg 2006

2013-11-12 12:36 - 2013-09-17 12:25 - 01761584 ____N C:\Windows\system32\dmwu.exe_old

2013-11-12 12:36 - 2013-09-17 12:20 - 00033792 ____N (IncrediMail, Ltd.) C:\Windows\system32\ImHttpComm.dll_old

2013-11-12 09:46 - 2013-11-20 05:37 - 00000000 ____D C:\ProgramData\ProductData

2013-11-12 09:46 - 2013-11-12 09:46 - 00002854 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_gurpsgm

2013-11-12 09:46 - 2013-11-12 09:46 - 00001255 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-11-12 08:11 - 2013-11-12 08:12 - 00000000 ____D C:\Users\gurpsgm\Metacreator

2013-11-12 07:58 - 2013-11-12 07:58 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metacreator

2013-11-10 22:58 - 2013-11-20 10:00 - 00000000 ____D C:\ProgramData\Alchemy Mindworks

2013-11-10 22:58 - 2013-11-18 13:22 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alchemy Mindworks

2013-11-10 22:58 - 2013-11-18 13:22 - 00000000 ____D C:\Program Files (x86)\Alchemy Mindworks

2013-11-10 22:58 - 2013-11-10 22:58 - 00001160 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Pagan Daybook 4.lnk

2013-11-07 19:51 - 2013-11-07 19:52 - 00000000 ____D C:\Program Files (x86)\Metacreator Demo

2013-11-07 14:23 - 2013-11-07 14:23 - 00001502 _____ C:\Users\gurpsgm\Desktop\Metacreator.lnk

2013-11-07 09:08 - 2013-11-07 11:45 - 00001798 _____ C:\Users\gurpsgm\Desktop\Chrome.lnk

2013-11-07 09:08 - 2013-11-07 09:08 - 00001401 _____ C:\Users\gurpsgm\Desktop\Opera.lnk

2013-11-07 09:07 - 2013-11-07 09:07 - 00001442 _____ C:\Users\gurpsgm\Desktop\CD Burner XP.lnk

2013-11-07 09:02 - 2013-11-07 09:02 - 00001423 _____ C:\Users\gurpsgm\Desktop\HeroLab.lnk

2013-11-07 08:58 - 2013-11-07 08:58 - 00001537 _____ C:\Users\gurpsgm\Desktop\Kindle.lnk

2013-11-07 08:55 - 2013-11-07 08:55 - 00001504 _____ C:\Users\gurpsgm\Desktop\Windows Media Player.lnk

2013-11-07 07:09 - 2013-11-07 07:09 - 00001046 _____ C:\Users\Public\Desktop\Realm Works.lnk

2013-11-06 07:22 - 2013-11-06 07:22 - 00001247 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Campaign Editor.lnk

2013-11-06 07:22 - 2013-11-06 07:22 - 00001230 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk

2013-11-05 13:35 - 2013-11-05 13:35 - 00000000 __SHD C:\ProgramData\DSS

2013-11-05 08:36 - 2013-11-05 08:36 - 00000000 ____D C:\ProgramData\LightScribe

2013-11-04 13:47 - 2013-11-04 13:47 - 00001271 _____ C:\Users\gurpsgm\Desktop\Dark Age of Camelot.lnk

2013-11-04 13:47 - 2013-11-04 13:47 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts

2013-11-02 16:28 - 2013-11-02 16:28 - 00000000 ___DC C:\cc7c692bc60a8fe4f9ebe7f97f

2013-11-02 15:52 - 2013-11-02 16:24 - 00000000 ____D C:\Program Files (x86)\The Witcher 2

2013-11-01 14:18 - 2013-11-03 04:53 - 00000000 ____D C:\Users\gurpsgm\Documents\Print Workshop

2013-11-01 14:17 - 2013-11-01 14:17 - 00000063 _____ C:\Windows\PrintWorkShop.ini

2013-11-01 14:17 - 2013-11-01 14:17 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print Workshop

2013-11-01 14:15 - 2013-11-08 21:32 - 00000000 ____D C:\Program Files (x86)\Print Workshop

2013-11-01 14:08 - 2013-11-01 14:08 - 00000000 ____D C:\Users\gurpsgm\Documents\Auexsoft

2013-11-01 14:08 - 2013-11-01 14:08 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Auexsoft

2013-11-01 13:58 - 2013-11-01 13:58 - 00000000 ____D C:\Program Files (x86)\AuexSoft

2013-11-01 13:53 - 2013-11-01 13:53 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MS Reader Converter

2013-11-01 13:53 - 2013-11-01 13:53 - 00000000 ____D C:\Program Files (x86)\PDFsvg

2013-11-01 13:37 - 2013-11-12 12:38 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\NativeMessaging

2013-11-01 13:36 - 2013-11-01 13:36 - 00000000 ____D C:\Program Files (x86)\ABC Amber LIT Converter

2013-10-31 19:57 - 2013-10-31 19:57 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Kingsoft

2013-10-30 22:51 - 2013-09-20 09:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2013-10-30 22:40 - 2013-11-22 16:59 - 00000000 ____D C:\Program Files (x86)\SeaMonkey

2013-10-30 22:33 - 2013-11-23 16:58 - 00000378 _____ C:\Windows\Tasks\WpsUpdateTask_gurpsgm.job

2013-10-30 22:33 - 2013-10-30 22:33 - 00003366 _____ C:\Windows\System32\Tasks\WpsUpdateTask_gurpsgm

2013-10-30 22:32 - 2013-10-30 22:32 - 00000000 ____D C:\ProgramData\Kingsoft

2013-10-30 22:31 - 2013-10-30 22:31 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Kingsoft

2013-10-30 22:31 - 2013-10-30 22:31 - 00000000 ____D C:\Program Files (x86)\Kingsoft

2013-10-30 09:00 - 2013-11-08 16:31 - 00001344 _____ C:\Users\gurpsgm\Desktop\Bruce.lnk

2013-10-30 08:53 - 2013-10-30 08:53 - 115441664 _____ C:\Windows\system32\config\software.iobit

2013-10-30 08:53 - 2013-10-30 08:53 - 05488640 _____ C:\Windows\system32\config\default.iobit

2013-10-30 08:53 - 2013-10-30 08:53 - 00061440 _____ C:\Windows\system32\config\sam.iobit

2013-10-30 08:53 - 2013-10-30 08:53 - 00024576 _____ C:\Windows\system32\config\security.iobit

2013-10-28 12:20 - 2013-10-28 12:20 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2013-10-27 10:13 - 2013-10-27 10:13 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Belkin

2013-10-27 10:13 - 2007-08-14 09:37 - 00226288 _____ (Belkin Corporation) C:\Windows\system32\bgcpsp.dll

2013-10-27 10:13 - 2007-08-14 09:36 - 00035328 _____ (Belkin Corporation) C:\Windows\system32\Drivers\bcgame.sys

2013-10-27 10:12 - 2013-10-27 10:12 - 00000000 ____D C:\Program Files (x86)\Belkin

2013-10-25 10:09 - 2013-10-25 10:09 - 00202920 _____ C:\Windows\Pagan Daybook.scr

 

==================== One Month Modified Files and Folders =======

 

2013-11-24 07:47 - 2013-11-24 07:46 - 00032027 _____ C:\Users\gurpsgm\Desktop\FRST.txt

2013-11-24 07:46 - 2011-10-17 05:05 - 02083278 _____ C:\Windows\WindowsUpdate.log

2013-11-24 07:43 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-24 07:43 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-24 07:40 - 2013-11-24 07:40 - 00000000 ___DC C:\FRST

2013-11-24 07:36 - 2013-09-27 05:57 - 00000000 ____D C:\Program Files (x86)\Steam

2013-11-24 07:35 - 2010-11-05 15:27 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-24 07:34 - 2013-11-24 07:34 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\FileTypeAssistant

2013-11-24 07:34 - 2013-11-20 09:51 - 00000478 _____ C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job

2013-11-24 07:34 - 2013-09-15 16:00 - 00000406 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

2013-11-24 07:34 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-24 07:33 - 2013-11-23 06:36 - 00000280 _____ C:\Windows\setupact.log

2013-11-24 07:31 - 2013-11-20 07:39 - 00000000 ___DC C:\AdwCleaner

2013-11-24 07:29 - 2013-11-24 07:29 - 01958396 _____ (Farbar) C:\Users\gurpsgm\Desktop\FRST64.exe

2013-11-24 07:28 - 2011-12-01 15:02 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\uTorrent

2013-11-24 07:23 - 2013-11-24 07:23 - 01091882 _____ C:\Users\gurpsgm\Desktop\AdwCleaner.exe

2013-11-24 07:17 - 2011-08-02 10:46 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA.job

2013-11-24 07:09 - 2010-11-05 15:27 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-24 07:07 - 2013-11-23 06:36 - 00014860 _____ C:\Windows\PFRO.log

2013-11-23 16:58 - 2013-10-30 22:33 - 00000378 _____ C:\Windows\Tasks\WpsUpdateTask_gurpsgm.job

2013-11-23 16:53 - 2012-04-02 06:27 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-23 16:33 - 2012-08-14 07:05 - 00000000 ____D C:\Program Files (x86)\File Type Assistant

2013-11-23 13:21 - 2013-04-20 07:21 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-11-23 08:58 - 2012-02-04 06:35 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\CrashDumps

2013-11-23 07:39 - 2013-11-23 07:02 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\NPE

2013-11-23 07:38 - 2013-08-04 08:21 - 00000000 ____D C:\Program Files (x86)\Norton 360

2013-11-23 07:37 - 2013-04-05 14:30 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\TeraCopy

2013-11-23 07:02 - 2012-07-18 15:32 - 00000000 ____D C:\ProgramData\Norton

2013-11-23 06:36 - 2013-11-23 06:36 - 00000000 _____ C:\Windows\setuperr.log

2013-11-23 06:36 - 2012-06-05 17:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-11-23 02:46 - 2013-11-20 09:51 - 00000426 _____ C:\Windows\Tasks\SparkTrust Update Version3.job

2013-11-22 18:06 - 2011-07-05 14:18 - 00000000 ____D C:\ProgramData\Hero Lab

2013-11-22 18:05 - 2013-07-05 15:14 - 00000000 ____D C:\Users\gurpsgm\Documents\Hero Lab

2013-11-22 18:00 - 2013-11-20 09:52 - 00000468 _____ C:\Windows\Tasks\SparkTrust Registration3.job

2013-11-22 17:06 - 2013-11-22 17:06 - 00000927 _____ C:\Users\gurpsgm\Desktop\AIMP3.lnk

2013-11-22 17:05 - 2013-04-07 07:38 - 00000000 ____D C:\Program Files (x86)\AIMP3

2013-11-22 17:04 - 2012-08-26 07:05 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Foxit Software

2013-11-22 17:02 - 2013-04-05 11:13 - 00000000 ____D C:\Program Files (x86)\GPU-Z 0.7.4

2013-11-22 17:01 - 2013-11-22 17:01 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\mIRC

2013-11-22 17:01 - 2013-11-22 17:00 - 00000000 ____D C:\Program Files (x86)\mIRC

2013-11-22 16:59 - 2013-10-30 22:40 - 00000000 ____D C:\Program Files (x86)\SeaMonkey

2013-11-22 16:59 - 2012-12-31 23:12 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Skype

2013-11-22 16:56 - 2012-12-31 23:11 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-11-22 16:56 - 2012-12-31 23:11 - 00000000 ____D C:\ProgramData\Skype

2013-11-22 16:54 - 2013-04-05 10:49 - 00000000 ___DC C:\Program Files\Speccy

2013-11-22 16:52 - 2013-11-22 16:52 - 00002100 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk

2013-11-22 16:52 - 2013-04-07 07:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

2013-11-22 16:49 - 2013-11-22 16:49 - 00000000 ___DC C:\Program Files\Wireshark

2013-11-22 12:20 - 2013-09-25 11:40 - 00000458 ____H C:\Windows\Tasks\Norton Security Scan for gurpsgm.job

2013-11-22 11:52 - 2013-08-25 05:55 - 00000000 ____D C:\ProgramData\firebird

2013-11-22 11:46 - 2013-11-22 11:46 - 00000000 _____ C:\Users\gurpsgm\AppData\Local\2046_991.log

2013-11-22 11:45 - 2012-10-25 05:17 - 00000000 ____D C:\Program Files (x86)\Realm Works

2013-11-22 06:52 - 2013-11-22 06:52 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-11-22 06:52 - 2013-08-19 21:45 - 00000000 ____D C:\Windows\ERDNT

2013-11-22 06:52 - 2010-10-22 18:30 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-21 15:54 - 2013-11-21 14:00 - 00000000 ___DC C:\ComboFix

2013-11-21 14:40 - 2009-07-13 21:34 - 00000215 ____C C:\Windows\system.ini

2013-11-21 14:38 - 2012-05-30 06:10 - 00417570 _____ C:\Windows\system32\Drivers\vsconfig.xml

2013-11-21 14:00 - 2013-11-21 13:59 - 00000000 ___DC C:\Qoobox

2013-11-21 11:07 - 2010-10-30 12:52 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-11-21 10:30 - 2013-11-18 23:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-21 10:30 - 2013-10-21 10:57 - 00000000 ____D C:\Users\gurpsgm\Documents\Readiris

2013-11-21 10:30 - 2013-10-04 07:22 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2014

2013-11-21 10:30 - 2013-09-15 13:32 - 00000000 ____D C:\Program Files (x86)\WinPcap

2013-11-21 10:30 - 2013-08-19 13:02 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\The Lord of the Rings Online

2013-11-21 10:30 - 2013-08-19 12:59 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Turbine

2013-11-21 10:30 - 2013-08-18 21:16 - 00000000 ____D C:\ProgramData\HappyCloud

2013-11-21 10:30 - 2013-08-17 10:36 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Fantasy Grounds II

2013-11-21 10:30 - 2013-06-22 10:43 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\IDM

2013-11-21 10:30 - 2013-06-11 10:49 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegZooka

2013-11-21 10:30 - 2013-05-17 22:17 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Raptr

2013-11-21 10:30 - 2013-05-17 22:17 - 00000000 ____D C:\Program Files (x86)\Raptr

2013-11-21 10:30 - 2013-05-17 21:28 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\RIFT

2013-11-21 10:30 - 2013-05-17 21:28 - 00000000 ____D C:\Program Files (x86)\RIFT

2013-11-21 10:30 - 2013-05-08 05:57 - 00000000 ____D C:\Program Files (x86)\Interactive Dungeon

2013-11-21 10:30 - 2013-04-11 10:26 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Greenshot

2013-11-21 10:30 - 2013-03-25 10:44 - 00000000 ____D C:\Users\gurpsgm\Documents\SimCity

2013-11-21 10:30 - 2013-03-11 06:14 - 00000000 ___DC C:\PyMapper8

2013-11-21 10:30 - 2013-02-20 17:15 - 00000000 ____D C:\Program Files (x86)\Notepad++

2013-11-21 10:30 - 2013-01-31 14:37 - 00000000 ____D C:\Program Files (x86)\AnyTime Organizer Premier

2013-11-21 10:30 - 2012-10-18 06:40 - 00000000 ____D C:\Program Files (x86)\Planescape Torment

2013-11-21 10:30 - 2012-06-06 19:50 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

2013-11-21 10:30 - 2011-10-25 11:40 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\PMB Files

2013-11-21 10:30 - 2010-11-04 09:27 - 00000000 ____D C:\Program Files (x86)\AIM

2013-11-21 10:30 - 2010-10-30 14:11 - 00000000 ____D C:\Users\gurpsgm\Documents\Amanda

2013-11-21 10:30 - 2010-07-29 13:04 - 00000000 ____D C:\Windows\softwaredistribution.bak

2013-11-21 10:30 - 2010-07-27 23:12 - 00000000 ___DC C:\OEM

2013-11-21 05:56 - 2013-11-20 09:51 - 00003244 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3

2013-11-20 17:15 - 2013-11-20 08:37 - 00000000 ____D C:\Program Files (x86)\Spigot Removal Tool

2013-11-20 17:04 - 2013-11-20 09:51 - 00000526 _____ C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job

2013-11-20 14:28 - 2013-03-30 11:42 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\XYplorer

2013-11-20 14:27 - 2010-10-30 14:51 - 00000000 ____D C:\Users\gurpsgm\Documents\Sandra

2013-11-20 10:00 - 2013-11-10 22:58 - 00000000 ____D C:\ProgramData\Alchemy Mindworks

2013-11-20 10:00 - 2013-06-03 01:44 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Nitro PDF

2013-11-20 09:52 - 2013-11-20 09:52 - 00003136 _____ C:\Windows\System32\Tasks\SparkTrust Registration3

2013-11-20 09:51 - 2013-11-20 09:51 - 00003448 _____ C:\Windows\System32\Tasks\SparkTrust PC Cleaner Plus

2013-11-20 09:51 - 2013-11-20 09:51 - 00002908 _____ C:\Windows\System32\Tasks\SparkTrust Update Version3 Startup Task

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\SparkTrust

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\ProgramData\SparkTrust

2013-11-20 09:51 - 2013-11-20 09:51 - 00000000 ____D C:\Program Files (x86)\SparkTrust

2013-11-20 09:44 - 2010-10-30 11:58 - 00000000 ___DC C:\Program Files\CheckPoint

2013-11-20 08:52 - 2010-10-30 12:39 - 00000000 ___RD C:\Users\gurpsgm\Documents\Bruce

2013-11-20 08:45 - 2013-11-20 08:45 - 00000000 ___DC C:\sh4ldr

2013-11-20 08:45 - 2013-11-20 08:45 - 00000000 ___DC C:\Program Files\Enigma Software Group

2013-11-20 08:45 - 2013-11-20 08:45 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter

2013-11-20 08:45 - 2013-11-20 08:43 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP

2013-11-20 08:23 - 2013-11-20 08:23 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++

2013-11-20 07:55 - 2013-06-11 10:49 - 00000000 ____D C:\Program Files (x86)\RegZooka

2013-11-20 07:52 - 2013-11-20 07:52 - 00000000 ____D C:\Windows\ERUNT

2013-11-20 07:40 - 2013-06-20 11:09 - 00000000 ____D C:\ProgramData\Uniblue

2013-11-20 05:37 - 2013-11-12 09:46 - 00000000 ____D C:\ProgramData\ProductData

2013-11-20 04:17 - 2011-08-02 10:46 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core.job

2013-11-19 13:43 - 2013-09-16 07:23 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Apps\2.0

2013-11-19 11:38 - 2013-02-22 06:02 - 00000000 ____D C:\Users\gurpsgm\Documents\My Barnes & Noble eBooks

2013-11-19 11:38 - 2012-03-29 08:20 - 00000000 ____D C:\Users\gurpsgm\Documents\My Kindle Content

2013-11-19 11:16 - 2013-11-19 11:11 - 00000000 ____D C:\Users\gurpsgm\Documents\My IMS Projects

2013-11-19 11:11 - 2013-11-19 11:11 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Virtual Mechanics

2013-11-19 11:11 - 2013-11-19 11:11 - 00000000 ____D C:\ProgramData\Virtual Mechanics

2013-11-19 11:10 - 2013-11-19 11:10 - 00000000 ____D C:\Program Files (x86)\Virtual Mechanics

2013-11-19 08:37 - 2007-07-11 20:49 - 00000000 ____D C:\Windows\Panther

2013-11-19 07:43 - 2013-11-19 07:43 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Malwarebytes

2013-11-19 07:43 - 2013-11-19 07:43 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-11-19 07:43 - 2013-11-19 07:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-11-19 07:39 - 2013-11-19 06:38 - 00003874 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RS

2013-11-19 07:39 - 2013-11-19 06:38 - 00003684 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_UP

2013-11-19 07:31 - 2013-11-19 06:52 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\LogMeIn Rescue Applet

2013-11-19 06:38 - 2013-11-19 06:38 - 00003878 _____ C:\Windows\System32\Tasks\PCHB_WaitAndStartAfter

2013-11-19 06:38 - 2013-11-19 06:38 - 00003684 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RN

2013-11-19 06:38 - 2013-11-19 06:38 - 00003684 _____ C:\Windows\System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RM

2013-11-18 13:22 - 2013-11-18 13:22 - 00001140 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Calendar Wizard 4.lnk

2013-11-18 13:22 - 2013-11-10 22:58 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alchemy Mindworks

2013-11-18 13:22 - 2013-11-10 22:58 - 00000000 ____D C:\Program Files (x86)\Alchemy Mindworks

2013-11-18 11:23 - 2010-10-30 12:58 - 00001157 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-11-18 05:54 - 2012-11-05 06:46 - 00449425 _____ C:\Windows\system32\Drivers\etc\hosts_PTbackup2.bak

2013-11-16 19:45 - 2013-04-26 10:30 - 00000000 ____D C:\Users\gurpsgm\Documents\Taxes

2013-11-16 19:45 - 2013-03-18 17:18 - 00000000 ____D C:\Users\gurpsgm\Documents\My ScreenMonkey Campaign

2013-11-16 19:45 - 2010-10-30 14:50 - 00000000 ____D C:\Users\gurpsgm\Documents\My Wallpaper

2013-11-16 19:45 - 2010-10-30 14:46 - 00000000 ____D C:\Users\gurpsgm\Documents\My Computer

2013-11-16 13:47 - 2013-04-05 11:16 - 00000000 ____D C:\Program Files (x86)\SlimComputer

2013-11-16 13:12 - 2013-04-05 11:14 - 00000000 ____D C:\Program Files (x86)\SlimCleaner

2013-11-16 13:10 - 2013-11-13 07:24 - 00000000 ___DC C:\Vocation

2013-11-16 11:52 - 2012-04-02 06:27 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-11-16 11:52 - 2011-11-07 07:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-11-16 11:52 - 2010-10-30 13:44 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Adobe

2013-11-16 11:00 - 2012-11-01 07:39 - 00000000 ____D C:\Users\gurpsgm\Documents\Realm Works

2013-11-14 16:03 - 2011-12-16 17:43 - 00000000 ____D C:\Program Files (x86)\Origin

2013-11-14 14:26 - 2009-07-14 00:13 - 00779306 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-13 20:53 - 2013-07-13 11:54 - 00000000 ____D C:\Windows\system32\MRT

2013-11-13 20:48 - 2010-10-22 18:44 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-13 20:38 - 2013-06-25 14:13 - 00000000 ____D C:\Windows\System32\Tasks\Norton Zone

2013-11-13 20:32 - 2013-06-25 14:11 - 00000000 ____D C:\Windows\system32\Drivers\NZx64

2013-11-13 20:30 - 2009-07-13 23:45 - 00891408 _____ C:\Windows\system32\FNTCACHE.DAT

2013-11-13 11:48 - 2010-10-30 14:50 - 00000000 ____D C:\Users\gurpsgm\Documents\My PSP8 Files

2013-11-13 10:06 - 2013-09-07 20:40 - 00349192 _____ C:\Users\gurpsgm\AppData\Local\GDIPFONTCACHEV1.DAT

2013-11-13 10:02 - 2013-11-13 10:02 - 00000000 ____D C:\Users\gurpsgm\Documents\Updater

2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 ___DC C:\Transits

2013-11-13 07:23 - 2013-11-13 07:23 - 00000000 ___DC C:\TNA_db

2013-11-13 07:22 - 2013-11-13 07:22 - 00000000 ___DC C:\SE_Triple_Aspects

2013-11-13 07:22 - 2013-11-13 07:22 - 00000000 ___DC C:\SE_Quadruple_Aspects

2013-11-13 07:22 - 2013-11-13 07:22 - 00000000 ___DC C:\SE_Aspectarian

2013-11-13 07:22 - 2013-11-13 07:21 - 00000000 ___DC C:\AstroWin

2013-11-13 07:21 - 2013-11-13 07:19 - 00000000 ___DC C:\Astro123

2013-11-12 14:03 - 2012-01-18 14:30 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\IObit

2013-11-12 13:30 - 2013-11-12 13:30 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\WhiteListing

2013-11-12 12:38 - 2013-11-01 13:37 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\NativeMessaging

2013-11-12 12:37 - 2013-11-12 12:37 - 00000000 ____D C:\Program Files (x86)\Kyodai Mahjongg 2006

2013-11-12 09:51 - 2011-01-17 21:27 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Winamp

2013-11-12 09:46 - 2013-11-12 09:46 - 00002854 _____ C:\Windows\System32\Tasks\ASC7_SkipUac_gurpsgm

2013-11-12 09:46 - 2013-11-12 09:46 - 00001255 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk

2013-11-12 09:46 - 2012-01-18 14:30 - 00000000 ____D C:\ProgramData\IObit

2013-11-12 09:46 - 2012-01-18 14:30 - 00000000 ____D C:\Program Files (x86)\IObit

2013-11-12 08:12 - 2013-11-12 08:11 - 00000000 ____D C:\Users\gurpsgm\Metacreator

2013-11-12 08:11 - 2010-10-22 18:30 - 00000000 ____D C:\Users\gurpsgm

2013-11-12 08:01 - 2013-04-29 14:17 - 00000000 ____D C:\Program Files (x86)\Metacreator

2013-11-12 07:58 - 2013-11-12 07:58 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metacreator

2013-11-12 06:20 - 2013-04-05 11:14 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers

2013-11-11 07:53 - 2012-01-14 11:49 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\iolo

2013-11-11 05:44 - 2013-10-04 07:23 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2014

2013-11-10 22:58 - 2013-11-10 22:58 - 00001160 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Pagan Daybook 4.lnk

2013-11-10 09:06 - 2013-09-15 06:10 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Flash Video Capture Data

2013-11-08 21:32 - 2013-11-01 14:15 - 00000000 ____D C:\Program Files (x86)\Print Workshop

2013-11-08 16:31 - 2013-10-30 09:00 - 00001344 _____ C:\Users\gurpsgm\Desktop\Bruce.lnk

2013-11-08 15:20 - 2010-10-30 12:58 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Mozilla

2013-11-08 13:50 - 2010-12-29 12:55 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2013-11-07 19:52 - 2013-11-07 19:51 - 00000000 ____D C:\Program Files (x86)\Metacreator Demo

2013-11-07 19:37 - 2013-07-05 15:14 - 00000000 ____D C:\Program Files (x86)\Hero Lab

2013-11-07 14:23 - 2013-11-07 14:23 - 00001502 _____ C:\Users\gurpsgm\Desktop\Metacreator.lnk

2013-11-07 11:45 - 2013-11-07 09:08 - 00001798 _____ C:\Users\gurpsgm\Desktop\Chrome.lnk

2013-11-07 09:08 - 2013-11-07 09:08 - 00001401 _____ C:\Users\gurpsgm\Desktop\Opera.lnk

2013-11-07 09:07 - 2013-11-07 09:07 - 00001442 _____ C:\Users\gurpsgm\Desktop\CD Burner XP.lnk

2013-11-07 09:02 - 2013-11-07 09:02 - 00001423 _____ C:\Users\gurpsgm\Desktop\HeroLab.lnk

2013-11-07 08:58 - 2013-11-07 08:58 - 00001537 _____ C:\Users\gurpsgm\Desktop\Kindle.lnk

2013-11-07 08:55 - 2013-11-07 08:55 - 00001504 _____ C:\Users\gurpsgm\Desktop\Windows Media Player.lnk

2013-11-07 07:09 - 2013-11-07 07:09 - 00001046 _____ C:\Users\Public\Desktop\Realm Works.lnk

2013-11-06 07:22 - 2013-11-06 07:22 - 00001247 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Campaign Editor.lnk

2013-11-06 07:22 - 2013-11-06 07:22 - 00001230 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk

2013-11-05 14:38 - 2013-11-20 08:37 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\libeay32.dll

2013-11-05 14:38 - 2013-11-20 08:37 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\Windows\SysWOW64\ssleay32.dll

2013-11-05 13:35 - 2013-11-05 13:35 - 00000000 __SHD C:\ProgramData\DSS

2013-11-05 13:31 - 2010-10-30 14:46 - 00000000 ____D C:\Users\gurpsgm\Documents\Electronic Arts

2013-11-05 13:09 - 2010-07-27 22:23 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-11-05 08:36 - 2013-11-05 08:36 - 00000000 ____D C:\ProgramData\LightScribe

2013-11-04 13:47 - 2013-11-04 13:47 - 00001271 _____ C:\Users\gurpsgm\Desktop\Dark Age of Camelot.lnk

2013-11-04 13:47 - 2013-11-04 13:47 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts

2013-11-04 13:47 - 2010-12-29 12:34 - 00000000 ____D C:\Program Files (x86)\Electronic Arts

2013-11-03 04:53 - 2013-11-01 14:18 - 00000000 ____D C:\Users\gurpsgm\Documents\Print Workshop

2013-11-02 16:28 - 2013-11-02 16:28 - 00000000 ___DC C:\cc7c692bc60a8fe4f9ebe7f97f

2013-11-02 16:24 - 2013-11-02 15:52 - 00000000 ____D C:\Program Files (x86)\The Witcher 2

2013-11-01 14:17 - 2013-11-01 14:17 - 00000063 _____ C:\Windows\PrintWorkShop.ini

2013-11-01 14:17 - 2013-11-01 14:17 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print Workshop

2013-11-01 14:08 - 2013-11-01 14:08 - 00000000 ____D C:\Users\gurpsgm\Documents\Auexsoft

2013-11-01 14:08 - 2013-11-01 14:08 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Auexsoft

2013-11-01 13:58 - 2013-11-01 13:58 - 00000000 ____D C:\Program Files (x86)\AuexSoft

2013-11-01 13:53 - 2013-11-01 13:53 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MS Reader Converter

2013-11-01 13:53 - 2013-11-01 13:53 - 00000000 ____D C:\Program Files (x86)\PDFsvg

2013-11-01 13:36 - 2013-11-01 13:36 - 00000000 ____D C:\Program Files (x86)\ABC Amber LIT Converter

2013-11-01 13:27 - 2012-11-20 14:29 - 00000000 ____D C:\Users\gurpsgm\Documents\Calibre Library

2013-11-01 12:51 - 2012-11-20 14:28 - 00000000 ____D C:\Program Files (x86)\Calibre2

2013-10-31 19:57 - 2013-10-31 19:57 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Kingsoft

2013-10-31 12:42 - 2010-10-30 12:58 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Mozilla

2013-10-31 10:01 - 2013-09-25 11:40 - 00003624 _____ C:\Windows\System32\Tasks\Norton Security Scan for gurpsgm

2013-10-30 22:51 - 2011-12-10 13:41 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy

2013-10-30 22:39 - 2013-09-15 13:28 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4

2013-10-30 22:33 - 2013-10-30 22:33 - 00003366 _____ C:\Windows\System32\Tasks\WpsUpdateTask_gurpsgm

2013-10-30 22:33 - 2009-07-14 02:45 - 00000000 ____D C:\Windows\ShellNew

2013-10-30 22:32 - 2013-10-30 22:32 - 00000000 ____D C:\ProgramData\Kingsoft

2013-10-30 22:31 - 2013-10-30 22:31 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Kingsoft

2013-10-30 22:31 - 2013-10-30 22:31 - 00000000 ____D C:\Program Files (x86)\Kingsoft

2013-10-30 22:05 - 2011-03-22 09:52 - 00001113 _____ C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Trillian.lnk

2013-10-30 22:05 - 2011-03-22 09:52 - 00000000 ____D C:\Program Files (x86)\Trillian

2013-10-30 08:58 - 2013-04-07 07:39 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\AIMP3

2013-10-30 08:53 - 2013-10-30 08:53 - 115441664 _____ C:\Windows\system32\config\software.iobit

2013-10-30 08:53 - 2013-10-30 08:53 - 05488640 _____ C:\Windows\system32\config\default.iobit

2013-10-30 08:53 - 2013-10-30 08:53 - 00061440 _____ C:\Windows\system32\config\sam.iobit

2013-10-30 08:53 - 2013-10-30 08:53 - 00024576 _____ C:\Windows\system32\config\security.iobit

2013-10-28 12:20 - 2013-10-28 12:20 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2013-10-28 12:20 - 2012-03-23 11:05 - 00000000 ____D C:\Program Files (x86)\Amazon

2013-10-28 12:13 - 2012-03-19 08:30 - 00000000 ____D C:\Program Files (x86)\Audacity

2013-10-28 12:13 - 2011-01-17 21:06 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Audacity

2013-10-27 16:05 - 2010-10-30 12:25 - 00000000 ____D C:\Program Files (x86)\CCleaner

2013-10-27 12:18 - 2013-10-12 07:05 - 00000000 ____D C:\Users\gurpsgm\Documents\My Extracted Files

2013-10-27 10:13 - 2013-10-27 10:13 - 00000000 ____D C:\Users\gurpsgm\AppData\Roaming\Belkin

2013-10-27 10:12 - 2013-10-27 10:12 - 00000000 ____D C:\Program Files (x86)\Belkin

2013-10-27 10:11 - 2010-11-01 12:07 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Downloaded Installations

2013-10-25 17:45 - 2011-12-16 18:26 - 00000000 ____D C:\Users\gurpsgm\AppData\Local\Origin

2013-10-25 10:09 - 2013-10-25 10:09 - 00202920 _____ C:\Windows\Pagan Daybook.scr

 

Some content of TEMP:

====================

C:\Users\gurpsgm\AppData\Local\Temp\Quarantine.exe

 

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

LastRegBack: 2013-11-20 01:02

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2013 03
Ran by gurpsgm at 2013-11-24 07:47:39
Running from C:\Users\gurpsgm\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Disabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
ABC Amber LIT Converter (x32)
Acrobat.com (x32 Version: 1.6.65)
Adobe Acrobat 9 Pro (x32 Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708 (x32)
Adobe AIR (x32 Version: 3.9.0.1210)
Adobe Bridge 1.0 (x32 Version: 001.000.000)
Adobe Common File Installer (x32 Version: 1.00.0000)
Adobe Download Manager (x32 Version: 1.6.2.91)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Help Center 2.1 (x32 Version: 2.1)
Adobe Photoshop 7.0 (x32 Version: 7.0)
Adobe Photoshop CS2 (x32 Version: 9.0)
Adobe Photoshop CS2 Packages (HKCU)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.5.146)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000)
Advanced SystemCare 7 (x32 Version: 7.0.5)
Advertising Center (x32 Version: 0.0.0.2)
Age of Conan: Unchained (x32)
AIM 7 (x32)
AIMP3 (x32 Version: v3.55.1324, 15.11.2013)
Amazon Add to Wish List IE Extension 1.2 (x32 Version: 1.2)
Amazon Cloud Drive (x32 Version: 0.09.14.0)
Amazon Games & Software Downloader (x32 Version: 2.0.2.0)
Amazon Kindle (x32)
AMD Accelerated Video Transcoding (Version: 13.15.100.30830)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Control Center (x32 Version: 2013.0830.1944.33589)
AMD Catalyst Install Manager (Version: 8.0.915.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.80830.1925)
AMD Wireless Display v3.0 (Version: 1.0.0.10)
AnyTime Organizer (x32 Version: 13)
Ashampoo WinOptimizer 10 v.10.2.5 (x32 Version: 10.02.05)
Astro123 v1.62 (x32)
AstroWin v3.67 (x32)
ATI AVIVO64 Codecs (Version: 10.12.0.00225)
Audacity 2.0.4 (x32 Version: 2.0.4)
Auslogics BoostSpeed (x32 Version: 5.5)
Auslogics Duplicate File Finder (x32 Version: 2.5)
AutoREALM Version 2.1 (x32)
Backup Manager Advance (x32 Version: 2.0.2.39)
Baldur's Gate Complete (x32)
Baldur's Gate II - Shadows of Amn + Throne Bhaal (x32)
Bamboo (Version: 5.2.4-3)
Best Buy pc app (HKCU Version: 3.1.1.0)
Big Kahuna Reef (x32)
Bing Bar (x32 Version: 7.3.107.0)
Bing Desktop (x32 Version: 1.3.171.0)
BioWare Premium Module: Neverwinter Nights Kingmaker (x32)
BitZipper 2013 (x32 Version: 2013.13.4.16)
BufferChm (x32 Version: 140.0.298.000)
Calendar Wizard 4 (x32 Version: 4.0.0.5)
calibre (x32 Version: 1.9.0)
Campaign Suite Extended Edition (x32 Version: 05.12.13)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center InstallProxy (x32 Version: 2010.0225.1742.31671)
Catalyst Control Center InstallProxy (x32 Version: 2013.0830.1944.33589)
Catalyst Control Center Localization All (x32 Version: 2013.0830.1944.33589)
CBR Reader (x32)
CCC Help English (x32 Version: 2013.0830.1943.33589)
ccc-utility64 (Version: 2013.0830.1944.33589)
CCleaner (Version: 4.07)
CDBurnerXP (x32 Version: 4.5.2.4255)
Cisco Network Magic (x32 Version: 5.5.09195.0)
CleanUp! (x32)
CloudReading (x32 Version: 1.0.27.1025)
CNET TechTracker (HKCU Version: 2.1.0)
Codecs for Windows 7 Pack 4.0.5 (x32 Version: 4.0.5)
Combined Community Codec Pack 2010-10-10 (x32 Version: 2010.10.10.0)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Corel Painter Essentials 4 (x32 Version: 4.2)
CPUID CPU-Z 1.67.1
CPUID HWMonitor 1.21
CSE HTML Validator Professional v11.02 Trial (x32)
CyberLink LabelPrint (x32 Version: 2.0.2908)
CyberLink Power2Go (x32 Version: 6.0.1924)
CyberLink PowerDVD 9 (x32 Version: 9.0.2931.50)
D3DX10 (x32 Version: 15.4.2368.0902)
Daggerfall (x32 Version: 1.00.0000)
Dark Age of Camelot (x32 Version: )
Destinations (x32 Version: 140.0.0.0)
DHTML Editing Component (x32 Version: 6.02.0001)
Ditto
Divinity II - Developer's Cut (x32 Version: 1.4)
Divinity II - DKS (x32 Version: 1.4)
DocProc (x32 Version: 140.0.185.000)
Dragon NaturallySpeaking 11 (x32 Version: 11.50.100)
Dropbox (HKCU Version: 2.0.22)
Dungeon and Dragons: Neverwinter Nights Complete (x32 Version: 1.0.0)
Dungeon Crafter III (remove only) (x32)
Dungeons & Dragons Online® (x32)
eags on! 0.8.81 (x32 Version: 0.8.81)
Ebook Converter 5.7.2 (x32 Version: 5.7.2)
EMCO UnLock IT 3.0 (x32)
EMET (Tech Preview) (x32 Version: 3.5.0)
EMG Mapper (x32 Version: 3.0)
Eraser 6.0.10.2620 (Version: 6.0.2620)
ERUNT 1.1j (x32)
e-Sword (x32 Version: 10.01.0000)
EverQuest (HKCU)
EverQuest II (5) (HKCU)
EverQuest II (HKCU)
ffdshow [rev 3154] [2009-12-09] (x32 Version: 1.0)
File Type Assistant (x32 Version: 2013.4.8.0)
FileASSASSIN (x32 Version: 1.06)
FileHippo.com Update Checker (x32)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0)
Flash Video Capture 4.11.2 build 6420 (x32)
Foxit Reader (x32 Version: 6.1.1.1031)
Fractal Mapper v8.10f (x32 Version: 8.10f)
Free All-In-One Media Player (x32)
Free File Viewer 2012 (x32 Version: 2012.10.9.0)
FreeFileSync 5.12 (x32 Version: 5.12)
FreeOCR v4.2 (x32)
Gateway InfoCentre (x32 Version: 3.02.3000)
Gateway MyBackup (x32 Version: 2.0.2.39)
Gateway Recovery Management (x32 Version: 4.05.3012)
Gateway Registration (x32 Version: 1.03.3003)
Gateway ScreenSaver (x32 Version: 1.1.0506.2010)
Gateway Updater (x32 Version: 1.02.3001)
GIMP 2.8.4 (Version: 2.8.4)
GKrellM 2.3.5 (Version: 2.3.5)
Google Chrome (x32 Version: 31.0.1650.57)
Google Desktop (x32 Version: 5.9.1005.12335)
Google Drive (x32 Version: 1.12.5329.1887)
Google Talk (remove only) (x32)
Google Talk Plugin (x32 Version: 4.9.1.16010)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Greenshot 1.0.6.2228 (Version: 1.0.6.2228)
Guild Wars (x32)
Guild Wars 2 (x32)
Happy Cloud Client (HKCU Version: 3.41)
Hero Lab 4.2d (x32 Version: 4.2d)
Hotkey Utility (x32 Version: 2.05.3005)
HP Imaging Device Functions 14.5 (Version: 14.5)
HP Scanjet G3110 (Version: 14.5)
HP Update (x32 Version: 5.005.000.002)
hpg3110 (x32 Version: 140.000.000.000)
HTML Help Workshop (x32)
Icewind Dale Complete (x32)
Icewind Dale II (x32)
ICQ 8.0 (build 6007, for the current user) (HKCU Version: 8.0.6007.0)
Identity Card (x32 Version: 1.00.3003)
IHA_MessageCenter (x32 Version: 1.1.0)
ImagXpress (x32 Version: 7.0.74.0)
Inspiration Pad Pro 3.01a (x32)
InstaCodecs (x32 Version: 1.0)
InstallIQ Updater (x32 Version: 1.4.1.0)
Intel® Turbo Boost Technology Monitor 2.6 (Version: 2.6.2.0)
Intel® Matrix Storage Manager
Interactive Dungeon (x32)
IObit Malware Fighter (x32 Version: 2.1)
IObit Uninstaller (x32 Version: 3.0.3.1064)
iolo technologies' System Mechanic (x32 Version: 12.0.0)
IrfanView (remove only) (x32 Version: 4.36)
IZArc 4.1.8 (x32 Version: 4.1.8)
Jasc Paint Shop Pro 8 (x32 Version: 8.10.0000)
Java 7 Update 40 (64-bit) (Version: 7.0.400)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 16.4.3508.0205)
jv16 PowerTools 2014 (x32 Version: )
Karen's Directory Printer (x32 Version: 5.3.0.2)
Kingdoms of Amalur: Reckoning (x32 Version: 1.0.0.0)
Kingsoft Office 2013 (9.1.0.4246) (x32 Version: 9.1.0.4246)
Kyodai Mahjongg 2006 v1.42 (x32)
Legends of Norrath (HKCU)
LibreOffice 4.0 Help Pack (English) (x32 Version: 4.0.0.3)
LibreOffice 4.0.4.2 (x32 Version: 4.0.4.2)
LightScribe System Software  1.14.17.1 (x32 Version: 1.14.17.1)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
MAGIX Photo Manager 10 (x32 Version: 8.0.1.143)
MAGIX Photo Manager MX (x32 Version: 9.0.0.228)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Xtreme Photo & Graphic Designer 5 (Silver) (x32 Version: 5.1.2.15876)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Media Player Codec Pack 3.9.7 (x32)
Metacreator (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (64-bit) (Version: 4.0)
Microsoft Mathematics Add-in (32-bit) (x32 Version: 2.0.040811.01)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Text-to-Speech Engine 4.0 (English) (x32)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (x32 Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Windows Media Video 9 VCM (x32)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
mIRC (x32 Version: 7.32)
Mobysaurus Thesaurus (x32)
Morrowind (x32)
Movie Maker (x32 Version: 16.4.3508.0205)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 en-US) (x32 Version: 24.1.1)
MPC-HC 1.6.8 (64-bit) (Version: 1.6.8.7417)
MS Reader Converter (x32)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
My Lockbox 2.9.9 (Version: 2.9.9)
MyInfo Standard 6.16 (build 1666) (x32 Version: 6.16)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero DiscSpeed (x32 Version: 5.4.13.100)
Nero DiscSpeed Help (x32 Version: 5.4.4.100)
Nero DriveSpeed (x32 Version: 4.4.12.100)
Nero DriveSpeed Help (x32 Version: 4.4.4.100)
Nero Express Help (x32 Version: 9.6.2.101)
Nero InfoTool (x32 Version: 6.4.12.100)
Nero InfoTool Help (x32 Version: 6.4.4.100)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.37.100)
Nero StartSmart Help (x32 Version: 9.4.27.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
NeroExpress (x32 Version: 9.4.33.100)
neroxml (x32 Version: 1.0.0)
NetAssistant (x32 Version: 3.6.5)
NetAssistant for Firefox (HKCU Version: 3.6.5)
Network Magic (x32 Version: 5.5.9195.0)
Neverwinter (x32)
Nitro Reader 3 (Version: 3.5.4.10)
NOOK for PC (x32 Version: 2.5.6.9575)
Norton 360 (x32 Version: 21.1.0.18)
Norton Identity Safe (x32 Version: 2013.4.0.10)
Norton Management (x32 Version: 3.2.2.12)
Norton Security Scan (x32 Version: 4.0.3.24)
Norton Zone (x32 Version: 1.0.15.13)
Nostromo (x32 Version: 3.2.4)
Notepad++ (x32 Version: 6.5.1)
NoteTab Light 7 (Remove only) (x32 Version: 7.1)
NoteTab Pro 6 (Remove only) (x32 Version: 6.2)
NVIDIA PhysX (x32 Version: 9.09.0428)
Oblivion (x32 Version: 1.2.0416)
OCR Software by I.R.I.S. 14.5 (Version: 14.5)
Octoshape add-in for Adobe Flash Player (HKCU)
One Million Recipes 6.00 (x32 Version: 6.00)
OpenOffice 4.0.1 (x32 Version: 4.01.9714)
Opera Stable 16.0.1196.73 (x32 Version: 16.0.1196.73)
Origin (x32 Version: 9.1.10.2728)
Pagan Daybook 4 (x32 Version: 4.0.0.11)
Paint.NET v3.5.11 (Version: 3.61.0)
Pando Media Booster (x32 Version: 2.6.0.8)
PerfectDisk 12.5 Professional Business (Version: 12.05.312)
Photo Frame (x32 Version: 5.0.0.3)
Photo Gallery (x32 Version: 16.4.3508.0205)
Picasa 3 (x32 Version: 3.9)
Planescape Torment (x32)
Print Workshop (x32 Version: 1.0.0)
Pure Networks Platform (x32 Version: 11.2.09195.1)
PyMapper 8.0 (x32)
Python 2.6.2 (x32 Version: 2.6.2150)
Python 2.7.4 (x32 Version: 2.7.4150)
Raptr (x32)
Razer Game Booster (x32 Version: 3.5.6.0)
Readiris Pro 12 (x32 Version: 12.00.5639)
Realm Works 0.9.101.139 Beta (x32 Version: 0.9.101.139 Beta)
Realtek Ethernet Controller Driver (x32 Version: 7.47.714.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6662)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30127)
Revo Uninstaller 1.95 (x32 Version: 1.95)
RIFT (HKCU)
Saitek Cyborg Keyboard Volume 6.7.3.0 (Version: 6.7.3.0)
Scan (x32 Version: 14.0.1.0)
ScreenMonkey Lite v1.7h (x32)
Screenshot Captor 4.7.2 (x32)
SE_Aspectarian v1.26 (x32)
SE_Quadruple_Aspects v1.00 (x32)
SE_Triple_Aspects v1.00 (x32)
Seagate Dashboard 2.0 (x32 Version: 2.2.26.0)
SeaMonkey 2.22.1 (x86 en-US) (x32 Version: 2.22.1)
Sid Meier's Alpha Centauri (x32)
Sid Meier's Alpha Centauri 2000/XP Compatibility Update (x32 Version: 1.03.0000)
Sid Meier's Civilization 4 Complete (x32 Version: 1.74)
SimCity 4 Deluxe (x32 Version: 1.0.0.0)
SimCity™ (x32 Version: 1.0.0.0)
SiteAid 2.3 (x32)
SiteSpinner Web Design Studio Pro (x32 Version: 2.91.9)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.11 (x32 Version: 6.11.102)
SlimCleaner (x32 Version: 4.0.29702)
SlimComputer (x32 Version: 1.3.28413)
SlimDrivers (x32 Version: 2.2.30085)
Smart Technology Programming Software 7.0.2.7 (Version: 7.0.2.7)
SmoothDraw version 4.0.1 (x32 Version: 4.0.1)
SparkTrust PC Cleaner Plus (x32 Version: 3.1.10.0)
Speccy (Version: 1.24)
Spelling Dictionaries Support For Adobe Reader 9 (x32 Version: 9.0.0)
Spigot Removal Tool (x32 Version: build_1.0.0.150_rev_3248_date_16:08:32 05-11-13)
Spybot - Search & Destroy (x32 Version: 2.2.25)
SpyHunter (Version: 4.16.5.4290)
Square Enix Secure Launcher (HKCU Version: 1.0.0.108)
Steam (x32 Version: 1.0.0.0)
SumatraPDF (x32 Version: 2.4)
Surfing Protection (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
SyncBackFree (x32 Version: 6.5.15.0)
Temple of Elemental Evil (x32)
TeraCopy 2.27
TES Construction Set (x32)
The Elder Scrolls Arena (x32 Version: 1.00.0000)
The Elder Scrolls V: Skyrim (x32)
The Lord of the Rings Online (HKCU)
The Sims Medieval (x32 Version: 2.0.109)
The Sims Medieval Pirates and Nobles (x32 Version: 2.0.109)
The Sims™ 3 (x32 Version: 1.55.4)
The Sims™ 3 Ambitions (x32 Version: 4.10.1)
The Sims™ 3 Island Paradise (x32 Version: 19.0.101)
The Sims™ 3 Pets (x32 Version: 10.0.96)
The Sims™ 3 Seasons (x32 Version: 16.0.136)
The Sims™ 3 Supernatural (x32 Version: 15.0.135)
The Witcher 2 Enhanced Edition version 3.0 (x32 Version: 3.0)
THX TruStudio PC (x32 Version: 1.0)
Timeline 0.19.0 (x32)
TNA_db v1.13 (x32)
Transits v1.01 (x32)
Trillian (x32)
Turbo Lister 2 (x32 Version: 2.00.0000)
Unity Web Player (HKCU Version: )
Unlocker 1.9.1 (x32 Version: 1.9.1)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
vanBasco's Karaoke Player (x32)
VASSAL (3.2.8) (Version: 3.2.8)
VC 9.0 Runtime (x32 Version: 1.0.0)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0)
Ventrilo Client for Windows x64 (Version: 3.0.8.0)
Verizon Help and Support Tool (x32)
Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (Version: 11.0.200)
Vocation v1.10 (x32)
Vz In Home Agent (x32 Version: 8.03.61)
WebReg (x32 Version: 140.0.297.017)
WebTablet IE Plugin (x32 Version: 1.1.0.7)
WebTablet Netscape Plugin (x32 Version: 1.1.0.5)
Welcome Center (x32 Version: 1.01.3002)
Winamp (x32 Version: 5.65 )
Winamp Detector Plug-in (HKCU Version: 1.0.0.1)
WinDirStat 1.1.2 (HKCU)
Windows 7 Codec Pack 2.8.0 (x32)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Mail (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live Sync (x32 Version: 14.0.8089.726)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinMerge 2.14.0 (x32 Version: 2.14.0)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
Wireshark 1.10.3 (64-bit) (x32 Version: 1.10.3)
WizMouse v1.6.0.2 (x32)
WN111v2 (x32 Version: 1.00.0000)
wxPython 2.8.10.1 (unicode) for Python 2.6 (x32 Version: 2.8.10.1-unicode)
Xvid Video Codec (x32 Version: 1.3.2)
XYplorer 12.50 (x32 Version: 12.50)
ZoneAlarm Firewall (x32 Version: 12.0.104.000)
ZoneAlarm Free Firewall (x32 Version: 12.0.104.000)
ZoneAlarm Security (x32 Version: 12.0.104.000)
ZoneAlarm Security Toolbar  (x32 Version: 1.8.22.0)
Zoo Tycoon 2 - Ultimate Collection (x32 Version: 1.00.0000)
Zoo Tycoon 2 - Zookeeper Collection (x32 Version: 1.00.0000)

==================== Restore Points  =========================

20-11-2013 13:44:07 Installed SpyHunter
21-11-2013 15:30:04 SparkTrust PC Cleaner Plus Backup
21-11-2013 16:02:35 Configured Microsoft Office Home and Student 2007
23-11-2013 11:56:05 Windows Update
23-11-2013 12:30:45 Norton_Power_Eraser_20131123073041722
24-11-2013 12:26:25 Revo Uninstaller's restore point - µTorrent

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-11-21 14:39 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06DFB2C8-DF14-4650-96B1-46DD16AEFAB3} - System32\Tasks\ProgramUpdateCheck => C:\Program Files (x86)\File Type Assistant\tsassist.exe [2013-04-08] (Trusted Software ApS)
Task: {0837B934-CBA3-4AA7-8CC3-3F750E72BCF6} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\symerr.exe [2013-05-29] (Symantec Corporation)
Task: {0F0E0D2D-11B1-4B3A-B657-56E63FE7B703} - System32\Tasks\{1E2DF568-C6F3-47A0-9E95-A8122C3D839E} => D:\autorun.exe
Task: {104890F0-FCE6-4952-93BF-7609C0BD8946} - System32\Tasks\{7F385FFC-F136-4F35-B60E-036455BD4BEE} => C:\Users\gurpsgm\Documents\Downloads\sm_dm.exe
Task: {193D2A92-6E4A-42C6-8ABA-F8EAD9AC0332} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {1F0DD0FB-8BD1-4192-96A8-5F3BC33F8E1E} - System32\Tasks\{A9843C85-E4C4-4086-AFE7-9042C714F914} => D:\autorun.exe
Task: {1FFF37FC-1B1F-48BB-AD4C-13070893885E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA => C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02] (Google Inc.)
Task: {219B38ED-32B2-4CA2-809D-340F563C9F91} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2751017530-556950238-3992346484-1000
Task: {2AED6F44-509F-4ACF-A55D-F0CA59FA64DE} - System32\Tasks\ASC7_SkipUac_gurpsgm => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2013-10-28] (IObit)
Task: {2F52A770-50CA-4FCA-8402-E268D8303036} - \MySearchDial No Task File
Task: {3E1D5B79-E986-4F33-9988-BDB36F35AEDB} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {3E8E7AC5-B14C-487B-96DB-2AE0CD4DED73} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {3F750999-B7A1-44FC-9CC2-0CF1CA763E58} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2013-03-07] (Seagate Technology LLC)
Task: {401E5D33-019F-4ABA-BDB7-444FB0EA9CBD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {46078602-4E47-4762-9CE6-A2366A1885AB} - System32\Tasks\Norton Security Scan for gurpsgm => C:\Program Files (x86)\Norton Security Scan\Engine\4.0.3.24\Nss.exe [2013-10-10] (Symantec Corporation)
Task: {4B476D57-3C82-4C92-B207-55E4B0A2DCA2} - System32\Tasks\PCHB_WaitAndStartAfter => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {523C46FD-6021-40D2-A7F3-0004286719D1} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {55CF1BCE-1E95-48DB-9110-6D4D90EFC654} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {5FE2A708-8538-4FC8-B309-376C5859345F} - System32\Tasks\gurpsgm DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2013-03-07] (Seagate Technology LLC)
Task: {6000DC01-5F03-4097-BAF7-2097D8831B35} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-05-22] (SlimWare Utilities, Inc.)
Task: {60AF3742-966E-4310-990F-3D934A01BB7F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {67979AE0-5029-4B7F-AD7F-547BEE602F85} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {6985C11F-A500-4FE9-BE4A-3FA3566A07A9} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {6EFCE0D8-4C79-4701-AD94-4806CE37D7C2} - System32\Tasks\{72217564-44FF-4AE7-82AC-B4662CA68FBA} => C:\Users\Public\Sony Online Entertainment\Installed Games\EverQuest\LaunchPad.exe [2013-03-04] (Sony Online Entertainment)
Task: {6EFF7D15-F21F-420F-9599-A96895045C1E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05] (Google Inc.)
Task: {70343FD8-CA57-48B4-B53F-E6566AF1EB62} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2751017530-556950238-3992346484-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7556CB7A-7F26-4B5B-BBE4-502466EE3995} - System32\Tasks\Norton Management\Norton Error Analyzer => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {79E815B7-EDCC-4B8E-9D35-D2C1D5FFEC37} - System32\Tasks\SparkTrust Registration3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll [2013-09-11] (SparkTrust Systems)
Task: {7AD5B3A4-29E4-4E83-8DCB-0EB8A05DB114} - \PC Optimizer Pro Idle No Task File
Task: {7FF4C722-99AC-4B44-8698-CABB29DB3369} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core => C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-02] (Google Inc.)
Task: {82474A39-68C4-4F18-84CD-A31A0FCF8CF5} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\symerr.exe [2013-05-29] (Symantec Corporation)
Task: {85491187-737A-4CDC-8013-37449FAD843D} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe
Task: {8A20B6F2-969E-4E33-829F-50EB2E8415CD} - System32\Tasks\SparkTrust Update Version3 Startup Task => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2013-09-11] (SparkTrust Systems)
Task: {8EAEEE09-39D0-4701-9E82-EE420FB2A8A8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {924770FF-710D-4273-8E63-63256E375D89} - System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RM => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {96480BFE-7ED9-43C3-9720-EB1C0BBB2DF7} - System32\Tasks\ProgramRefresh-ATFST => C:\Program Files (x86)\File Type Assistant\TSASetup.exe [2013-04-08] (                                                            )
Task: {98F37938-5725-4985-BCBB-4DFA8737CAD2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {9E9F51CD-928F-49F6-9761-062A9C19C285} - System32\Tasks\PCHB_gurpsgm_PCHealthBoost_UP => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {9F83DCDE-EE9C-4D9C-AE67-15C7559743B1} - \BackgroundContainer Startup Task No Task File
Task: {A746C07A-DC0A-46FD-9480-AA964F970B9C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-16] (Adobe Systems Incorporated)
Task: {ABC01292-DB1D-4767-A3AB-1E7611523E67} - System32\Tasks\Norton Management\Norton Error Processor => C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\symerr.exe [2012-10-18] (Symantec Corporation)
Task: {ABDB54AB-0419-48C8-84BD-419601987910} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software)
Task: {B2E82EB8-57F2-4D51-B9A0-27EEF95AF986} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\symerr.exe [2013-08-01] (Symantec Corporation)
Task: {B655E35D-E225-4A9F-80E1-B7E9EA2E384A} - System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RS => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {BBB2BFD1-F2AC-4A4F-8DDB-2E3CDEE7A3C5} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {BD85E9A1-AAF2-4499-9E82-9927F644CD60} - System32\Tasks\SparkTrust PC Cleaner Plus => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe [2013-09-11] (SparkTrust)
Task: {BF8808C1-C25E-4E0D-94FC-4489400E3897} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {C12CE2E9-D144-4B73-9A95-7B6F2E030BC3} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {C2041C4E-A0DF-4E7D-AD19-770420076084} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-05] (Google Inc.)
Task: {CAE52B08-DF78-4E54-82C5-E9FDD2F3DF34} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {D7D1513F-8B86-431A-8EA4-5A260AA12F39} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {E02778D4-D750-44C4-B2B8-9EF765A85919} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-10-21] (Piriform Ltd)
Task: {E1FDA3A9-D39C-4B6E-BEB5-55955B7D53F6} - System32\Tasks\PCHB_gurpsgm_PCHealthBoost_RN => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
Task: {EA9CF3F2-D5F5-42D3-AE53-180E3346F4A7} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\wscstub.exe [2013-10-08] (Symantec Corporation)
Task: {EF074CD6-EDF6-4094-8A3C-D13EAF95103D} - System32\Tasks\SparkTrust Update Version3 => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe [2013-09-11] (SparkTrust Systems)
Task: {F03652AF-1D2D-4DF6-B71F-C934E54E53E1} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\MouseKeyboardCenter.exe [2013-05-13] (Microsoft)
Task: {F53E5005-EEDA-4345-B2CA-23A57E20D120} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2751017530-556950238-3992346484-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {F981F67E-046A-4C7D-86BA-E17168499511} - System32\Tasks\WpsUpdateTask_gurpsgm => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2013-08-11] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {FC4F63B8-AAF6-409C-BAC4-71688E3C4A00} - System32\Tasks\Microsoft_Hardware_Launch_rundll32_exe => C:\Windows\System32\url.dll [2013-03-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core.job => C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA.job => C:\Users\gurpsgm\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for gurpsgm.job => C:\PROGRA~2\Norton Security Scan\Engine\4.0.3.24\Nss.exe
Task: C:\Windows\Tasks\SparkTrust PC Cleaner Plus.job => C:\Program Files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\SparkTrustPCCleanerPlus.exe
Task: C:\Windows\Tasks\SparkTrust Registration3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\UUS3.dll
Task: C:\Windows\Tasks\SparkTrust Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe
Task: C:\Windows\Tasks\SparkTrust Update Version3.job => C:\Program Files (x86)\Common Files\SparkTrust\UUS3\Update3.exe
Task: C:\Windows\Tasks\WpsUpdateTask_gurpsgm.job => C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2010-10-30 13:17 - 2010-09-21 12:33 - 01182576 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2012-11-13 21:53 - 2012-11-13 21:53 - 00139024 _____ () C:\Program Files (x86)\Razer\Razer Game Booster\GBV3ContextMenu.dll
2013-04-05 11:17 - 2011-10-26 16:41 - 00318976 ____C () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2013-04-05 11:58 - 2013-04-05 11:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll
2012-07-09 09:45 - 2011-02-28 07:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-11-12 09:46 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2013-05-30 06:33 - 2010-06-30 13:03 - 00051512 ____C () C:\Program Files\My Lockbox\fspflt.dll
2013-08-21 13:18 - 2013-10-24 12:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-09-21 09:35 - 2013-10-30 14:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-09-10 13:20 - 2013-10-23 15:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 14:49 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 14:49 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 14:49 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-06-22 10:55 - 2013-06-22 10:55 - 00034816 _____ () C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll
2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-10-30 22:51 - 2013-05-16 09:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-10-30 22:51 - 2013-05-16 09:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2009-11-17 17:16 - 2009-11-17 17:16 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2009-11-17 17:12 - 2009-11-17 17:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll
2013-08-04 07:55 - 2012-05-30 09:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
2013-10-30 22:51 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-10-30 22:51 - 2013-05-16 09:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-10-30 22:51 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-18 23:19 - 2013-11-18 23:20 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0D786AE3
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2013 07:36:44 AM) (Source: Norton Zone) (User: NT AUTHORITY)
Description: Renew Token Failed to bind zone: S-1-5-21-2751017530-556950238-3992346484-1000

Error: (11/23/2013 08:57:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: SMSystemAnalyzer.exe, version: 12.0.0.57, time stamp: 0x522e765f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x11a8
Faulting application start time: 0xSMSystemAnalyzer.exe0
Faulting application path: SMSystemAnalyzer.exe1
Faulting module path: SMSystemAnalyzer.exe2
Report Id: SMSystemAnalyzer.exe3

Error: (11/23/2013 06:38:48 AM) (Source: ESENT) (User: )
Description: taskhost (2148) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\gurpsgm\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (11/22/2013 00:23:31 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/21/2013 05:03:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: SMSystemAnalyzer.exe, version: 12.0.0.57, time stamp: 0x522e765f
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0x18f8
Faulting application start time: 0xSMSystemAnalyzer.exe0
Faulting application path: SMSystemAnalyzer.exe1
Faulting module path: SMSystemAnalyzer.exe2
Report Id: SMSystemAnalyzer.exe3

Error: (11/21/2013 02:13:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x195c
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (11/21/2013 02:13:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x1cb4
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (11/21/2013 02:12:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0xf84
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (11/21/2013 02:12:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x8f0
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3

Error: (11/21/2013 02:12:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Faulting module name: mtee.3XE, version: 2.0.0.0, time stamp: 0x3f4d232a
Exception code: 0xc0000005
Fault offset: 0x00002833
Faulting process id: 0x1290
Faulting application start time: 0xmtee.3XE0
Faulting application path: mtee.3XE1
Faulting module path: mtee.3XE2
Report Id: mtee.3XE3


System errors:
=============
Error: (11/24/2013 07:48:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:47:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:47:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:46:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:46:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:45:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:45:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:44:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:44:18 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126

Error: (11/24/2013 07:43:48 AM) (Source: Service Control Manager) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (10/31/2012 06:38:19 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2013-11-21 14:16:06.315
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-11-21 14:16:06.237
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:16.502
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:16.409
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:16.315
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:16.222
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:09.302
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:09.209
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:09.115
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-09-25 22:02:09.022
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8183.11 MB
Available physical RAM: 5256.38 MB
Total Pagefile: 16364.4 MB
Available Pagefile: 13218.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Left) (Fixed) (Total:911.41 GB) (Free:322.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 71E410C3)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=911 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

There are two Firewalls running on your system, one must go. Norton and ZoneAlarm. Norton FW is part of the NIS security suite so the one to remove (UNinstall) is Zonealarm.

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.


The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware,

Make sure that everything is checked, and click Remove Selected on any found items.

Post those logs in next reply, also give update on any remaining issues or concerns...
 

 

fixlist.txt

Link to post
Share on other sites

OK Part one - the fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by gurpsgm at 2013-11-24 17:03:15 Run:1
Running from C:\Users\gurpsgm\Documents\Bruce\Computer\Problems
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [atr.exe] - [x]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} URL = http://search.yahoo....&type=293224&p={searchTerms}
SearchScopes: HKCU - {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} URL = http://search.yahoo....&type=293224&p={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 WinRing0_1_2_0; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dfg; \??\C:\Windows\system32\drivers\dfg.sys [x]
U3 DfSdkS;
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]
C:\Users\gurpsgm\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0D786AE3
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
End
 
Link to post
Share on other sites

OK - Part 2 - Malwarebytes Log

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.21.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
gurpsgm :: GURPSGM-PC [administrator]
 
11/24/2013 17:30:49
mbam-log-2013-11-24 (17-30-49).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219736
Time elapsed: 4 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by gurpsgm at 2013-11-25 10:37:48 Run:2
Running from C:\Users\gurpsgm\Documents\Bruce\Computer\Problems
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [atr.exe] - [x]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} URL = http://search.yahoo....&type=293224&p={searchTerms}
SearchScopes: HKCU - {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} URL = http://search.yahoo....&type=293224&p={searchTerms}
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 WinRing0_1_2_0; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 dfg; \??\C:\Windows\system32\drivers\dfg.sys [x]
U3 DfSdkS;
S3 WacomPen; \SystemRoot\system32\DRIVERS\wacompen.sys [x]
C:\Users\gurpsgm\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:07BF512B
AlternateDataStreams: C:\ProgramData\Temp:0D786AE3
AlternateDataStreams: C:\ProgramData\Temp:0FF263E8
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
End



*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\atr.exe => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} => Key deleted successfully.
HKCR\CLSID\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - => Key not found.
"CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
WinRing0_1_2_0 => Service deleted successfully.
catchme => Service deleted successfully.
dfg => Service deleted successfully.
DfSdkS => Service deleted successfully.
WacomPen => Service deleted successfully.
"C:\Users\gurpsgm\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\ProgramData\Temp" => ":07BF512B" ADS not found.
"C:\ProgramData\Temp" => ":0D786AE3" ADS not found.
"C:\ProgramData\Temp" => ":0FF263E8" ADS not found.
"C:\ProgramData\Temp" => ":D1B5B4F1" ADS not found.

==== End of Fixlog ====

Link to post
Share on other sites

Ok thanks for log, if bad home page returned we miss out something, run following please and post both logs...

 

Download OTL from any of the following links and save to your desktop.

 

http://itxassociates.com/OT-Tools/OTL.com

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.scr

 

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)

 


  When the window appears, underneath Output at the top, make sure Standard output is selected.
Select Scan all users
Change Drivers to All
Under the Extra Registry section, check Use SafeList
In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
Click Run Scan and let the program run uninterrupted.
When the scan is complete, two text files will be created on your Desktop.
OTL.Txt <- this one will be opened
Extras.txt <- this one will be minimized

 

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTL.Txt and the Extras.txt in your next reply.

Kevin

Link to post
Share on other sites

Sorry - I had to break this up again...  OTL part A below...

 

OTL logfile created on: 11/26/2013 08:14:05 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gurpsgm\Documents\Bruce\Computer\Problems

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16686)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.34% Memory free

15.98 Gb Paging File | 13.04 Gb Available in Paging File | 81.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 911.41 Gb Total Space | 329.79 Gb Free Space | 36.18% Space Free | Partition Type: NTFS

Computer Name: GURPSGM-PC | User Name: gurpsgm | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2013/11/26 07:59:13 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

PRC - [2013/11/26 07:50:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gurpsgm\My Documents\Bruce\Computer\Problems\OTL.exe

PRC - [2013/11/18 23:20:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013/11/10 03:20:01 | 000,143,856 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe

PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe

PRC - [2013/10/28 17:21:00 | 002,289,952 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe

PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

PRC - [2013/10/25 12:07:00 | 000,878,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

PRC - [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

PRC - [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

PRC - [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

PRC - [2013/09/13 08:05:56 | 007,941,304 | ---- | M] (DonationCoder) -- C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe

PRC - [2013/09/09 17:05:56 | 001,164,328 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2013/08/30 18:26:24 | 000,240,288 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE

PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

PRC - [2013/05/28 14:35:44 | 000,408,064 | ---- | M] () -- C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe

PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe

PRC - [2013/05/16 16:45:24 | 002,119,680 | ---- | M] () -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe

PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe

PRC - [2011/05/24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2010/03/17 15:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

PRC - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe

PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe

PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

 

========== Modules (No Company Name) ==========

MOD - [2013/11/18 23:20:03 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll

MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2013/06/22 10:55:37 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Google\Google Desktop Search\gzlib.dll

MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2013/05/28 14:35:44 | 000,408,064 | ---- | M] () -- C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe

MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll

 

========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV:64bit: - [2013/10/18 17:46:52 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)

SRV:64bit: - [2013/08/30 17:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2013/05/28 17:40:10 | 000,230,416 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/10/04 16:29:24 | 001,976,696 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV:64bit: - [2012/10/04 16:29:02 | 003,367,288 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)

SRV:64bit: - [2012/05/30 12:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2011/09/23 09:31:40 | 000,073,728 | ---- | M] (UC-Logic Technology Corp.) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)

SRV:64bit: - [2010/09/21 12:33:10 | 005,788,016 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)

SRV:64bit: - [2010/09/21 12:33:10 | 000,484,720 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)

SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)

SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)

SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (HPSLPSVC)

SRV - [2013/11/16 11:52:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/11/15 21:34:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/11/10 03:20:01 | 000,143,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe -- (NZ)

SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)

SRV - [2013/10/25 12:07:00 | 000,878,368 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)

SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)

SRV - [2013/09/09 17:05:56 | 001,164,328 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013/08/30 18:26:24 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE -- (BBUpdate)

SRV - [2013/08/30 18:26:24 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE -- (BBSvc)

SRV - [2013/08/14 10:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2013/07/30 16:41:32 | 000,346,696 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2013/06/20 10:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)

SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)

SRV - [2013/05/16 16:45:24 | 002,119,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe -- (TrueSwordSchedulerService)

SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/25 15:54:10 | 000,335,168 | ---- | M] (IObit) [On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)

SRV - [2013/03/07 16:10:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)

SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)

SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe -- (MCLIENT)

SRV - [2011/12/02 19:52:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/06/05 19:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)

SRV - [2011/05/24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2011/04/26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

SRV - [2011/02/24 16:38:18 | 001,987,584 | ---- | M] (Security Stronghold) [Auto | Stopped] -- C:\Program Files (x86)\Active Shield 5\ActiveShieldService.exe -- (ServiceAS)

SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)

SRV - [2010/07/29 13:12:40 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)

SRV - [2010/07/29 13:12:38 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)

SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)

SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)

SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

========== Driver Services (All) ==========

DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symefa64.sys -- (SymEFA)

DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)

DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys -- (ccSet_NZ)

DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccsetx64.sys -- (ccSet_N360)

DRV:64bit: - [2013/09/25 11:53:27 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2013/08/30 19:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2013/08/30 17:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2013/08/05 14:32:01 | 000,078,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2013/07/31 22:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symds64.sys -- (SymDS)

DRV:64bit: - [2013/07/30 23:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ironx64.sys -- (SymIRON)

DRV:64bit: - [2013/07/30 22:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2013/07/06 01:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tcpip.sys -- (TCPIP6)

DRV:64bit: - [2013/07/06 01:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tcpip.sys -- (Tcpip)

DRV:64bit: - [2013/07/05 03:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2013/06/14 23:32:16 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tssecsrv.sys -- (tssecsrv)

DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccSetx64.sys -- (ccSet_NST)

DRV:64bit: - [2013/04/12 09:45:08 | 001,656,680 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\ntfs.sys -- (Ntfs)

DRV:64bit: - [2013/04/10 01:01:53 | 000,983,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dxgkrnl.sys -- (DXGKrnl)

DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2013/01/24 01:01:01 | 000,223,752 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)

DRV:64bit: - [2012/10/03 12:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys -- (ccSet_MCLIENT)

DRV:64bit: - [2012/10/03 11:07:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tcpipreg.sys -- (tcpipreg)

DRV:64bit: - [2012/09/12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2012/09/11 14:24:32 | 000,126,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)

DRV:64bit: - [2012/08/24 13:13:17 | 000,154,480 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)

DRV:64bit: - [2012/08/24 13:09:34 | 000,458,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)

DRV:64bit: - [2012/08/23 16:57:16 | 000,083,224 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSFilter)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/22 13:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ndis.sys -- (NDIS)

DRV:64bit: - [2012/07/25 23:55:47 | 000,785,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Wdf01000.sys -- (Wdf01000)

DRV:64bit: - [2012/07/25 21:26:45 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)

DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)

DRV:64bit: - [2012/06/02 00:48:16 | 000,095,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecdd.sys -- (KSecDD)

DRV:64bit: - [2012/05/30 12:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2012/04/27 22:55:21 | 000,210,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpwd.sys -- (RDPWD)

DRV:64bit: - [2012/04/17 07:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)

DRV:64bit: - [2012/03/17 02:58:57 | 000,075,120 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\partmgr.sys -- (partmgr)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/16 23:57:32 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdtcp.sys -- (TDTCP)

DRV:64bit: - [2011/12/27 22:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afd.sys -- (AFD)

DRV:64bit: - [2011/07/08 21:46:28 | 000,288,768 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb10.sys -- (mrxsmb10)

DRV:64bit: - [2011/06/03 23:59:38 | 000,057,648 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd2.sys -- (FSProFilter2)

DRV:64bit: - [2011/04/28 22:06:10 | 000,467,456 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv.sys -- (srv)

DRV:64bit: - [2011/04/28 22:05:49 | 000,410,112 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srv2.sys -- (srv2)

DRV:64bit: - [2011/04/28 22:05:37 | 000,168,448 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\srvnet.sys -- (srvnet)

DRV:64bit: - [2011/04/26 21:40:40 | 000,158,208 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb.sys -- (mrxsmb)

DRV:64bit: - [2011/04/26 21:39:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mrxsmb20.sys -- (mrxsmb20)

DRV:64bit: - [2011/03/24 22:29:26 | 000,343,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbhub.sys -- (usbhub)

DRV:64bit: - [2011/03/24 22:29:14 | 000,098,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbccgp.sys -- (usbccgp)

DRV:64bit: - [2011/03/24 22:29:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbehci.sys -- (usbehci)

DRV:64bit: - [2011/03/24 22:29:04 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbohci.sys -- (usbohci)

DRV:64bit: - [2011/03/24 22:29:03 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbuhci.sys -- (usbuhci)

DRV:64bit: - [2011/03/11 01:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstor.sys -- (nvstor)

DRV:64bit: - [2011/03/11 01:41:34 | 000,148,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvraid.sys -- (nvraid)

DRV:64bit: - [2011/03/11 01:41:26 | 000,410,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorV.sys -- (iaStorV)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 23:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBSTOR.SYS -- (USBSTOR)

DRV:64bit: - [2011/03/02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)

DRV:64bit: - [2011/02/22 23:55:04 | 000,090,624 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bowser.sys -- (bowser)

DRV:64bit: - [2010/11/20 08:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volsnap.sys -- (volsnap)

DRV:64bit: - [2010/11/20 08:34:01 | 000,363,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgrx.sys -- (volmgrx)

DRV:64bit: - [2010/11/20 08:34:01 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volmgr.sys -- (volmgr)

DRV:64bit: - [2010/11/20 08:34:00 | 000,215,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)

DRV:64bit: - [2010/11/20 08:33:57 | 000,063,360 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\termdd.sys -- (TermDD)

DRV:64bit: - [2010/11/20 08:33:54 | 000,103,808 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbp2port.sys -- (sbp2port)

DRV:64bit: - [2010/11/20 08:33:53 | 000,213,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)

DRV:64bit: - [2010/11/20 08:33:48 | 000,184,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pci.sys -- (pci)

DRV:64bit: - [2010/11/20 08:33:45 | 000,366,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msrpc.sys -- (MsRPC)

DRV:64bit: - [2010/11/20 08:33:45 | 000,273,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msiscsi.sys -- (iScsiPrt)

DRV:64bit: - [2010/11/20 08:33:44 | 000,155,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mpio.sys -- (mpio)

DRV:64bit: - [2010/11/20 08:33:44 | 000,140,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdsm.sys -- (msdsm)

DRV:64bit: - [2010/11/20 08:33:44 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msahci.sys -- (msahci)

DRV:64bit: - [2010/11/20 08:33:43 | 000,094,592 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mountmgr.sys -- (mountmgr)

DRV:64bit: - [2010/11/20 08:33:36 | 000,014,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 08:33:34 | 000,289,664 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fltMgr.sys -- (FltMgr)

DRV:64bit: - [2010/11/20 08:32:46 | 000,334,208 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpi.sys -- (ACPI)

DRV:64bit: - [2010/11/20 05:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wanarp.sys -- (Wanarpv6)

DRV:64bit: - [2010/11/20 05:52:37 | 000,088,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wanarp.sys -- (WANARP)

DRV:64bit: - [2010/11/20 05:52:35 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rasl2tp.sys -- (Rasl2tp)

DRV:64bit: - [2010/11/20 05:52:34 | 000,164,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndiswan.sys -- (NdisWan)

DRV:64bit: - [2010/11/20 05:52:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspptp.sys -- (PptpMiniport)

DRV:64bit: - [2010/11/20 05:52:20 | 000,131,584 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\pacer.sys -- (Psched)

DRV:64bit: - [2010/11/20 05:52:20 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndproxy.sys -- (NDProxy)

DRV:64bit: - [2010/11/20 05:52:19 | 000,082,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipfltdrv.sys -- (IpFilterDriver)

DRV:64bit: - [2010/11/20 05:51:50 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tunnel.sys -- (tunnel)

DRV:64bit: - [2010/11/20 05:50:08 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndisuio.sys -- (Ndisuio)

DRV:64bit: - [2010/11/20 05:44:56 | 000,229,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)

DRV:64bit: - [2010/11/20 05:44:37 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\umbus.sys -- (umbus)

DRV:64bit: - [2010/11/20 05:44:34 | 000,184,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo)

DRV:64bit: - [2010/11/20 05:44:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)

DRV:64bit: - [2010/11/20 05:43:52 | 000,109,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio)

DRV:64bit: - [2010/11/20 05:43:49 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidusb.sys -- (HidUsb)

DRV:64bit: - [2010/11/20 05:43:43 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hdaudbus.sys -- (HDAudBus)

DRV:64bit: - [2010/11/20 05:34:00 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_sd.sys -- (sffp_sd)

DRV:64bit: - [2010/11/20 05:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdhid.sys -- (kbdhid)

DRV:64bit: - [2010/11/20 05:33:17 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)

DRV:64bit: - [2010/11/20 05:14:37 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)

DRV:64bit: - [2010/11/20 05:09:59 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)

DRV:64bit: - [2010/11/20 05:04:53 | 000,078,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IPMIDrv.sys -- (IPMIDRV)

DRV:64bit: - [2010/11/20 04:30:42 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)

DRV:64bit: - [2010/11/20 04:27:54 | 000,309,248 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\rdbss.sys -- (rdbss)

DRV:64bit: - [2010/11/20 04:26:42 | 000,140,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mrxdav.sys -- (MRxDAV)

DRV:64bit: - [2010/11/20 04:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfsc.sys -- (DfsC)

DRV:64bit: - [2010/11/20 04:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)

DRV:64bit: - [2010/11/20 04:25:14 | 000,753,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\http.sys -- (HTTP)

DRV:64bit: - [2010/11/20 04:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\netbt.sys -- (NetBT)

DRV:64bit: - [2010/11/20 04:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tdx.sys -- (tdx)

DRV:64bit: - [2010/11/20 04:19:21 | 000,147,456 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrom.sys -- (cdrom)

DRV:64bit: - [2010/09/15 09:13:46 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV:64bit: - [2010/09/15 09:03:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV:64bit: - [2010/09/15 09:02:58 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)

DRV:64bit: - [2010/08/10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)

DRV:64bit: - [2010/08/10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)

DRV:64bit: - [2010/01/27 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)

DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/07/13 20:52:31 | 000,367,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\clfs.sys -- (CLFS)

DRV:64bit: - [2009/07/13 20:52:31 | 000,021,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\compbatt.sys -- (Compbatt)

DRV:64bit: - [2009/07/13 20:52:31 | 000,017,488 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmdide.sys -- (cmdide)

DRV:64bit: - [2009/07/13 20:52:21 | 000,491,088 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adp94xx.sys -- (adp94xx)

DRV:64bit: - [2009/07/13 20:52:21 | 000,339,536 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpahci.sys -- (adpahci)

DRV:64bit: - [2009/07/13 20:52:21 | 000,182,864 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\adpu320.sys -- (adpu320)

DRV:64bit: - [2009/07/13 20:52:21 | 000,097,856 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arcsas.sys -- (arcsas)

DRV:64bit: - [2009/07/13 20:52:21 | 000,087,632 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arc.sys -- (arc)

DRV:64bit: - [2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AGP440.sys -- (agp440)

DRV:64bit: - [2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\atapi.sys -- (atapi)

DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdide.sys -- (amdide)

DRV:64bit: - [2009/07/13 20:52:21 | 000,015,440 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aliide.sys -- (aliide)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:27 | 000,060,496 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\mup.sys -- (Mup)

DRV:64bit: - [2009/07/13 20:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouclass.sys -- (mouclass)

DRV:64bit: - [2009/07/13 20:48:27 | 000,032,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mssmbios.sys -- (mssmbios)

DRV:64bit: - [2009/07/13 20:48:27 | 000,015,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\msisadrv.sys -- (msisadrv)

DRV:64bit: - [2009/07/13 20:48:26 | 000,122,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NV_AGP.SYS -- (nv_agp)

DRV:64bit: - [2009/07/13 20:48:26 | 000,051,264 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nfrd960.sys -- (nfrd960)

DRV:64bit: - [2009/07/13 20:48:04 | 000,284,736 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR.sys -- (MegaSR)

DRV:64bit: - [2009/07/13 20:48:04 | 000,115,776 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV:64bit: - [2009/07/13 20:48:04 | 000,114,752 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_fc.sys -- (LSI_FC)

DRV:64bit: - [2009/07/13 20:48:04 | 000,106,560 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas.sys -- (LSI_SAS)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbdclass.sys -- (kbdclass)

DRV:64bit: - [2009/07/13 20:48:04 | 000,044,112 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iirsp.sys -- (iirsp)

DRV:64bit: - [2009/07/13 20:48:04 | 000,035,392 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\megasas.sys -- (megasas)

DRV:64bit: - [2009/07/13 20:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\isapnp.sys -- (isapnp)

DRV:64bit: - [2009/07/13 20:48:04 | 000,016,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelide.sys -- (intelide)

DRV:64bit: - [2009/07/13 20:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)

DRV:64bit: - [2009/07/13 20:47:48 | 000,530,496 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\elxstor.sys -- (elxstor)

DRV:64bit: - [2009/07/13 20:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\disk.sys -- (Disk)

DRV:64bit: - [2009/07/13 20:47:48 | 000,070,224 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\fileinfo.sys -- (FileInfo)

DRV:64bit: - [2009/07/13 20:47:48 | 000,065,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GAGP30KX.SYS -- (gagp30kx)

DRV:64bit: - [2009/07/13 20:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)

DRV:64bit: - [2009/07/13 20:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)

DRV:64bit: - [2009/07/13 20:45:55 | 000,161,872 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vsmraid.sys -- (vsmraid)

DRV:64bit: - [2009/07/13 20:45:55 | 000,064,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ULIAGPKX.SYS -- (uliagpkx)

DRV:64bit: - [2009/07/13 20:45:55 | 000,064,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UAGP35.SYS -- (uagp35)

DRV:64bit: - [2009/07/13 20:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:45:55 | 000,021,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wd.sys -- (Wd)

DRV:64bit: - [2009/07/13 20:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spldr.sys -- (spldr)

DRV:64bit: - [2009/07/13 20:45:55 | 000,017,488 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viaide.sys -- (viaide)

DRV:64bit: - [2009/07/13 20:45:55 | 000,012,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swenum.sys -- (swenum)

DRV:64bit: - [2009/07/13 20:45:46 | 001,524,816 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql2300.sys -- (ql2300)

DRV:64bit: - [2009/07/13 20:45:46 | 000,080,464 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid4.sys -- (SiSRaid4)

DRV:64bit: - [2009/07/13 20:45:45 | 000,220,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcmcia.sys -- (pcmcia)

DRV:64bit: - [2009/07/13 20:45:45 | 000,128,592 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ql40xx.sys -- (ql40xx)

DRV:64bit: - [2009/07/13 20:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)

DRV:64bit: - [2009/07/13 20:45:45 | 000,043,584 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sisraid2.sys -- (SiSRaid2)

DRV:64bit: - [2009/07/13 20:45:45 | 000,012,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pciide.sys -- (pciide)

DRV:64bit: - [2009/07/13 20:19:07 | 000,286,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerId.sys -- (Brserid)

DRV:64bit: - [2009/07/13 20:01:48 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bridge.sys -- (BridgeMP)

DRV:64bit: - [2009/07/13 20:01:19 | 000,651,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PEAuth.sys -- (PEAUTH)

DRV:64bit: - [2009/07/13 19:38:18 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbprint.sys -- (usbprint)

DRV:64bit: - [2009/07/13 19:35:32 | 000,041,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbscan.sys -- (usbscan)

DRV:64bit: - [2009/07/13 19:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)

DRV:64bit: - [2009/07/13 19:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)

DRV:64bit: - [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPENCDD.sys -- (RDPENCDD)

DRV:64bit: - [2009/07/13 19:16:34 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPCDD.sys -- (RDPCDD)

DRV:64bit: - [2009/07/13 19:16:32 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdpipe.sys -- (TDPIPE)

DRV:64bit: - [2009/07/13 19:10:48 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modem.sys -- (Modem)

DRV:64bit: - [2009/07/13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)

DRV:64bit: - [2009/07/13 19:10:25 | 000,083,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rassstp.sys -- (RasSstp)

DRV:64bit: - [2009/07/13 19:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn)

DRV:64bit: - [2009/07/13 19:10:17 | 000,092,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\raspppoe.sys -- (RasPppoe)

DRV:64bit: - [2009/07/13 19:10:13 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asyncmac.sys -- (AsyncMac)

DRV:64bit: - [2009/07/13 19:10:09 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rasacd.sys -- (RasAcd)

DRV:64bit: - [2009/07/13 19:10:03 | 000,116,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ipnat.sys -- (IPNAT)

DRV:64bit: - [2009/07/13 19:10:00 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndistapi.sys -- (NdisTapi)

DRV:64bit: - [2009/07/13 19:09:48 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qwavedrv.sys -- (QWAVEdrv)

DRV:64bit: - [2009/07/13 19:09:26 | 000,044,544 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\netbios.sys -- (NetBIOS)

DRV:64bit: - [2009/07/13 19:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)

DRV:64bit: - [2009/07/13 19:09:09 | 000,093,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smb.sys -- (Smb)

DRV:64bit: - [2009/07/13 19:08:59 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irenum.sys -- (IRENUM)

DRV:64bit: - [2009/07/13 19:08:51 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rspndr.sys -- (rspndr)

DRV:64bit: - [2009/07/13 19:08:51 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lltdio.sys -- (lltdio)

DRV:64bit: - [2009/07/13 19:08:25 | 000,077,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mpsdrv.sys -- (mpsdrv)

DRV:64bit: - [2009/07/13 19:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)

DRV:64bit: - [2009/07/13 19:07:23 | 000,318,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwifi.sys -- (NativeWifiP)

DRV:64bit: - [2009/07/13 19:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)

DRV:64bit: - [2009/07/13 19:06:52 | 000,100,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbth.sys -- (HidBth)

DRV:64bit: - [2009/07/13 19:06:52 | 000,072,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthmodem.sys -- (BTHMODEM)

DRV:64bit: - [2009/07/13 19:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)

DRV:64bit: - [2009/07/13 19:06:45 | 000,072,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ohci1394.sys -- (ohci1394)

DRV:64bit: - [2009/07/13 19:06:37 | 000,100,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbcir.sys -- (usbcir)

DRV:64bit: - [2009/07/13 19:06:34 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\circlass.sys -- (circlass)

DRV:64bit: - [2009/07/13 19:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)

DRV:64bit: - [2009/07/13 19:06:23 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidir.sys -- (HidIr)

DRV:64bit: - [2009/07/13 19:06:16 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drmkaud.sys -- (drmkaud)

DRV:64bit: - [2009/07/13 19:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)

DRV:64bit: - [2009/07/13 19:01:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffp_mmc.sys -- (sffp_mmc)

DRV:64bit: - [2009/07/13 19:01:02 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sfloppy.sys -- (sfloppy)

DRV:64bit: - [2009/07/13 19:01:01 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sffdisk.sys -- (sffdisk)

DRV:64bit: - [2009/07/13 19:00:54 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fdc.sys -- (fdc)

DRV:64bit: - [2009/07/13 19:00:54 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\flpydisk.sys -- (flpydisk)

DRV:64bit: - [2009/07/13 19:00:41 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\parport.sys -- (Parport)

DRV:64bit: - [2009/07/13 19:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serial.sys -- (Serial)

DRV:64bit: - [2009/07/13 19:00:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serenum.sys -- (Serenum)

DRV:64bit: - [2009/07/13 19:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mouhid.sys -- (mouhid)

DRV:64bit: - [2009/07/13 19:00:20 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sermouse.sys -- (sermouse)

DRV:64bit: - [2009/07/13 19:00:19 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksthunk.sys -- (ksthunk)

DRV:64bit: - [2009/07/13 19:00:18 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mskssrv.sys -- (MSKSSRV)

DRV:64bit: - [2009/07/13 19:00:17 | 000,008,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mstee.sys -- (MSTEE)

DRV:64bit: - [2009/07/13 19:00:17 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspclock.sys -- (MSPCLOCK)

DRV:64bit: - [2009/07/13 19:00:17 | 000,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mspqm.sys -- (MSPQM)

DRV:64bit: - [2009/07/13 19:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)

DRV:64bit: - [2009/07/13 18:38:52 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\monitor.sys -- (monitor)

DRV:64bit: - [2009/07/13 18:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vga.sys -- (VgaSave)

DRV:64bit: - [2009/07/13 18:38:47 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vgapnp.sys -- (vga)

DRV:64bit: - [2009/07/13 18:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)

DRV:64bit: - [2009/07/13 18:35:59 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\blbdrive.sys -- (blbdrive)

DRV:64bit: - [2009/07/13 18:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)

DRV:64bit: - [2009/07/13 18:31:04 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\errdev.sys -- (ErrDev)

DRV:64bit: - [2009/07/13 18:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)

DRV:64bit: - [2009/07/13 18:31:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wmiacpi.sys -- (WmiAcpi)

DRV:64bit: - [2009/07/13 18:26:13 | 000,113,152 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\luafv.sys -- (luafv)

DRV:64bit: - [2009/07/13 18:25:40 | 000,034,304 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\filetrace.sys -- (Filetrace)

DRV:64bit: - [2009/07/13 18:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fastfat.sys -- (fastfat)

DRV:64bit: - [2009/07/13 18:23:29 | 000,195,072 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\exfat.sys -- (exfat)

DRV:64bit: - [2009/07/13 18:21:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nsiproxy.sys -- (nsiproxy)

DRV:64bit: - [2009/07/13 18:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i8042prt.sys -- (i8042prt)

DRV:64bit: - [2009/07/13 18:19:48 | 000,044,032 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\npfs.sys -- (Npfs)

DRV:64bit: - [2009/07/13 18:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)

DRV:64bit: - [2009/07/13 18:19:47 | 000,026,112 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\msfs.sys -- (Msfs)

DRV:64bit: - [2009/07/13 18:19:38 | 000,006,144 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\null.sys -- (Null)

DRV:64bit: - [2009/07/13 18:19:25 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdk8.sys -- (AmdK8)

DRV:64bit: - [2009/07/13 18:19:25 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelppm.sys -- (intelppm)

DRV:64bit: - [2009/07/13 18:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)

DRV:64bit: - [2009/07/13 18:19:25 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\processr.sys -- (Processor)

DRV:64bit: - [2009/07/07 13:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)

DRV:64bit: - [2009/07/07 13:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)

DRV:64bit: - [2009/06/18 06:42:36 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)

DRV:64bit: - [2009/06/18 06:42:18 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)

DRV:64bit: - [2009/06/18 06:42:00 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)

DRV:64bit: - [2009/06/18 06:41:48 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)

DRV:64bit: - [2009/06/10 15:41:10 | 000,047,104 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerWdm.sys -- (BrSerWdm)

DRV:64bit: - [2009/06/10 15:41:10 | 000,014,976 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbMdm.sys -- (BrUsbMdm)

DRV:64bit: - [2009/06/10 15:41:10 | 000,014,720 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSer.sys -- (BrUsbSer)

DRV:64bit: - [2009/06/10 15:41:06 | 000,018,432 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltLo.sys -- (BrFiltLo)

DRV:64bit: - [2009/06/10 15:41:06 | 000,008,704 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrFiltUp.sys -- (BrFiltUp)

DRV:64bit: - [2009/06/10 15:37:19 | 000,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\secdrv.sys -- (secdrv)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2009/04/30 18:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2009/04/30 17:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)

DRV:64bit: - [2009/04/30 17:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)

DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)

DRV:64bit: - [2007/08/14 09:36:58 | 000,035,328 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcgame.sys -- (bcgame)

DRV:64bit: - [1999/12/31 19:00:00 | 004,065,296 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTKVHD64.sys -- (IntcAzAudAddService)

DRV:64bit: - [1999/12/31 19:00:00 | 000,553,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [1999/12/31 19:00:00 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV:64bit: - [1999/12/31 19:00:00 | 000,160,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)

DRV:64bit: - [1999/12/31 19:00:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV - [2013/11/25 13:12:34 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131125.020\ex64.sys -- (NAVEX15)

DRV - [2013/11/25 13:12:34 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131125.020\eng64.sys -- (NAVENG)

DRV - [2013/11/20 22:08:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2013/11/20 22:08:41 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/10/28 12:56:07 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131125.001\IDSviA64.sys -- (IDSVia64)

DRV - [2013/10/22 18:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131114.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2013/03/26 18:34:08 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)

DRV - [2013/03/26 18:33:52 | 000,034,336 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)

DRV - [2013/03/23 14:48:46 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)

DRV - [2010/08/30 13:42:50 | 000,020,480 | ---- | M] (Security Stronghold) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Active Shield 5\ActiveShield.sys -- (DriverAS)

DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

========== Standard Registry (SafeList) ==========

Link to post
Share on other sites

OTL Part B below...

 

 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{554D23B7-A561-8FD7-EB4F-2500C9BEC5FB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7IRFC_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo.com/?type=293224&fr=spigot-yhp-ff"
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - prefs.js..keyword.url: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Users\gurpsgm\Music\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\gurpsgm\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gurpsgm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\ [2013/11/25 06:21:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013/10/09 12:10:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/18 23:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/26 15:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.22.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/11/22 16:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.22.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/18 23:19:53 | 000,000,000 | ---D | M]
 
[2010/10/30 12:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\Extensions
[2013/11/24 17:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\extensions
[2013/10/31 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ohx54ffw.default\extensions
[2013/10/31 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ohx54ffw.default\extensions\staged
[2013/11/18 23:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/18 23:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 23:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/18 23:19:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 23:20:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2013/11/25 06:21:58 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\COFFPLGN
File not found (No name found) -- C:\USERS\GURPSGM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8CKFQQ5X.DEFAULT-1384954388521\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
[2011/09/04 20:12:37 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=293224&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage:
CHR - Extension: Beautiful landscape = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: Google Docs = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Shortcuts for Google = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd\3.2.0_0\
CHR - Extension: YouTube = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Facebook for Chrome = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.3.1_0\
CHR - Extension: StumbleUpon = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.9.19.1_0\
CHR - Extension: eBay Extension for Google Chrome = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.9_0\
CHR - Extension: Wikipedia = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpofdaeejlpkojmbchffjakgmkfigjba\1.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: No name found = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Lyrics for Google Chrome = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek\2.5.4_0\
CHR - Extension: Gmail = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/21 14:39:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Send to MyInfo (Attachment)) - {4DBB4D17-C65B-4868-8E9C-7779FB3DDA27} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll (Milenix Software Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Send to MyInfo) - {A1AD13F3-B8F0-4584-8088-8BCBDB42663F} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll (Milenix Software Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\amd64\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe (FSPro Labs)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [saiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET (Tech Preview)\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RegZooka Scheduler] C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe ()
O4 - HKLM..\Run: [sDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [screenshot Captor] C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe (DonationCoder)
O4 - HKCU..\Run: [steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AnyTime.lnk = C:\Program Files (x86)\AnyTime Organizer Premier\ISI Launcher.exe (Individual Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to MyInfo (Attachment) - {F0D6B094-D85E-4EDB-81EE-971A684343AB} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll (Milenix Software Ltd.)
O9 - Extra 'Tools' menuitem : Send to MyInfo (Attachment) - {F0D6B094-D85E-4EDB-81EE-971A684343AB} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfoAttachment.dll (Milenix Software Ltd.)
O9 - Extra Button: Send to MyInfo - {f192ebcd-82e5-11da-954e-00e08161165f} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll (Milenix Software Ltd.)
O9 - Extra 'Tools' menuitem : Send to MyInfo - {f192ebcd-82e5-11da-954e-00e08161165f} - C:\Program Files (x86)\Milenix\MyInfo 6\SendIEToMyInfo.dll (Milenix Software Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: vzTCPConfig http://my.verizon.com/services/SpeedOptimizer/HSI/vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A60CDF4F-BD12-46F2-8FC2-685CB013FE71}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: ("C:\PROGRA~2\Google\Google Desktop) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/26 07:22:51 | 000,000,000 | ---D | C] -- C:\2d52c0e089a49ffc9b9d8d72e4e4
[2013/11/25 10:36:23 | 000,057,648 | ---- | C] (FSPro Labs) -- C:\Windows\SysNative\drivers\FSPFltd2.sys
[2013/11/25 10:36:23 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox
[2013/11/25 06:57:51 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Thunderbird
[2013/11/25 06:57:51 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\Thunderbird
[2013/11/25 06:50:22 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\My Calendar Wizard 4 Documents
[2013/11/24 16:40:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Sword 5
[2013/11/24 16:40:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\True Sword 5
[2013/11/24 16:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\True Sword 5
[2013/11/24 16:40:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active Shield 5
[2013/11/24 16:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Active Shield 5
[2013/11/24 16:39:59 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Active Shield
[2013/11/24 16:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Suite 5
[2013/11/24 16:39:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Suite 5
[2013/11/24 12:10:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/11/24 12:08:21 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2013/11/24 12:04:31 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/24 07:40:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/24 07:34:52 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\FileTypeAssistant
[2013/11/23 07:02:52 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\NPE
[2013/11/22 17:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2013/11/22 17:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/11/22 17:01:00 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\mIRC
[2013/11/22 17:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
[2013/11/22 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2013/11/22 16:49:06 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2013/11/22 06:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/22 06:52:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/11/21 14:00:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/21 14:00:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/21 14:00:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/21 14:00:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/11/21 13:59:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/20 09:51:54 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\SparkTrust
[2013/11/20 09:51:42 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SparkTrust
[2013/11/20 09:51:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2013/11/20 09:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\SparkTrust
[2013/11/20 09:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SparkTrust
[2013/11/20 08:45:14 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/11/20 08:45:13 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/11/20 08:45:13 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/11/20 08:37:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/11/20 08:37:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/11/20 08:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spigot Removal Tool
[2013/11/20 08:37:07 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2013/11/20 08:37:07 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2013/11/20 08:37:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spigot Removal Tool
[2013/11/20 08:23:06 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/11/20 07:52:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/20 07:39:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/19 11:11:15 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Virtual Mechanics
[2013/11/19 11:11:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Virtual Mechanics
[2013/11/19 11:11:15 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\My IMS Projects
[2013/11/19 11:10:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Mechanics
[2013/11/19 07:43:55 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Malwarebytes
[2013/11/19 07:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/19 07:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/19 07:43:47 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/19 07:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/19 06:52:06 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\LogMeIn Rescue Applet
[2013/11/19 06:38:44 | 000,000,000 | ---D | C] -- C:\temp
[2013/11/18 23:19:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/13 20:32:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Zone
[2013/11/13 10:02:14 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\Updater
[2013/11/13 07:24:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vocation
[2013/11/13 07:24:01 | 000,000,000 | ---D | C] -- C:\Vocation
[2013/11/13 07:23:42 | 000,000,000 | ---D | C] -- C:\Transits
[2013/11/13 07:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transits
[2013/11/13 07:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TNA_db
[2013/11/13 07:23:17 | 000,000,000 | ---D | C] -- C:\TNA_db
[2013/11/13 07:22:59 | 000,000,000 | ---D | C] -- C:\SE_Triple_Aspects
[2013/11/13 07:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Triple_Aspects
[2013/11/13 07:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Quadruple_Aspects
[2013/11/13 07:22:39 | 000,000,000 | ---D | C] -- C:\SE_Quadruple_Aspects
[2013/11/13 07:22:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SE_Aspectarian
[2013/11/13 07:22:17 | 000,000,000 | ---D | C] -- C:\SE_Aspectarian
[2013/11/13 07:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AstroWin
[2013/11/13 07:21:44 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msvbvm50.dll
[2013/11/13 07:21:44 | 000,000,000 | ---D | C] -- C:\AstroWin
[2013/11/13 07:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astro123
[2013/11/13 07:19:34 | 000,260,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Msflxgrd.ocx
[2013/11/13 07:19:34 | 000,000,000 | ---D | C] -- C:\Astro123
[2013/11/12 13:30:08 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\WhiteListing
[2013/11/12 12:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kyodai Mahjongg 2006
[2013/11/12 12:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kyodai Mahjongg 2006
[2013/11/12 12:36:26 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll_old
[2013/11/12 09:46:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2013/11/12 09:46:31 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2013/11/12 09:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
[2013/11/12 08:11:30 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Metacreator
[2013/11/12 07:58:19 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Metacreator
[2013/11/12 06:37:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Saitek SD6 Profiles
[2013/11/10 22:58:40 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Alchemy Mindworks
[2013/11/10 22:58:39 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\My Pagan Daybook Documents
[2013/11/10 22:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alchemy Mindworks
[2013/11/10 22:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Alchemy Mindworks
[2013/11/10 09:04:53 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\My Flash Videos
[2013/11/07 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metacreator Demo
[2013/11/07 19:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metacreator Demo
[2013/11/05 13:35:25 | 000,000,000 | -HSD | C] -- C:\ProgramData\DSS
[2013/11/05 08:36:30 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013/11/04 13:47:05 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
[2013/11/02 16:28:41 | 000,000,000 | ---D | C] -- C:\cc7c692bc60a8fe4f9ebe7f97f
[2013/11/02 16:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2013/11/02 15:52:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Witcher 2
[2013/11/01 14:18:23 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\Print Workshop
[2013/11/01 14:17:28 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Print Workshop
[2013/11/01 14:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Print Workshop
[2013/11/01 14:08:29 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\Documents\Auexsoft
[2013/11/01 14:08:29 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Auexsoft
[2013/11/01 13:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AuexSoft
[2013/11/01 13:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AuexSoft
[2013/11/01 13:53:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFsvg
[2013/11/01 13:53:36 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MS Reader Converter
[2013/11/01 13:37:14 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\NativeMessaging
[2013/11/01 13:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessText Group
[2013/11/01 13:36:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABC Amber LIT Converter
[2013/10/31 19:57:57 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Local\Kingsoft
[2013/10/30 22:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/10/30 22:51:54 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/10/30 22:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SeaMonkey
[2013/10/30 22:40:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SeaMonkey
[2013/10/30 22:38:53 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2013/10/30 22:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Office
[2013/10/30 22:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Kingsoft
[2013/10/30 22:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kingsoft
[2013/10/30 22:31:19 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Kingsoft
[2013/10/28 12:20:17 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/10/27 10:13:12 | 000,000,000 | ---D | C] -- C:\Users\gurpsgm\AppData\Roaming\Belkin
[2013/10/27 10:13:04 | 000,226,288 | ---- | C] (Belkin Corporation) -- C:\Windows\SysNative\bgcpsp.dll
[2013/10/27 10:13:04 | 000,035,328 | ---- | C] (Belkin Corporation) -- C:\Windows\SysNative\drivers\bcgame.sys
[2013/10/27 10:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2013/10/27 10:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/26 08:04:04 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 08:04:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 07:58:01 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_gurpsgm.job
[2013/11/26 07:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/26 07:42:34 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 07:42:34 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 07:32:54 | 000,000,478 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job
[2013/11/26 07:32:53 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/11/26 07:32:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/26 07:17:49 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000UA.job
[2013/11/25 18:00:01 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/11/25 15:10:22 | 000,000,458 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for gurpsgm.job
[2013/11/24 12:04:31 | 000,002,303 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Chrome App Launcher.lnk
[2013/11/23 02:46:33 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2013/11/22 17:06:01 | 000,000,927 | ---- | M] () -- C:\Users\gurpsgm\Desktop\AIMP3.lnk
[2013/11/22 17:04:03 | 000,002,088 | ---- | M] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/11/22 17:00:00 | 000,002,010 | ---- | M] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/11/22 16:52:38 | 000,002,124 | ---- | M] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/11/22 16:49:26 | 000,001,559 | ---- | M] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/11/21 14:39:32 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/21 12:38:07 | 000,001,310 | ---- | M] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/11/20 18:25:59 | 000,002,051 | ---- | M] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/20 17:04:50 | 000,000,526 | ---- | M] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus.job
[2013/11/20 04:17:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2751017530-556950238-3992346484-1000Core.job
[2013/11/18 11:23:57 | 000,001,157 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/18 05:54:25 | 000,449,425 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_PTbackup2.bak
[2013/11/16 11:52:02 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/14 14:26:28 | 000,779,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/14 14:26:28 | 000,660,296 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/14 14:26:28 | 000,121,224 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 20:30:40 | 000,891,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/10 03:20:28 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\isolate.ini
[2013/11/08 16:31:02 | 000,001,344 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Bruce.lnk
[2013/11/07 14:23:48 | 000,001,502 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Metacreator.lnk
[2013/11/07 11:45:12 | 000,001,798 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Chrome.lnk
[2013/11/07 09:08:08 | 000,001,401 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Opera.lnk
[2013/11/07 09:07:02 | 000,001,442 | ---- | M] () -- C:\Users\gurpsgm\Desktop\CD Burner XP.lnk
[2013/11/07 08:58:24 | 000,001,537 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Kindle.lnk
[2013/11/07 08:55:25 | 000,001,504 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Windows Media Player.lnk
[2013/11/07 07:09:58 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\Realm Works.lnk
[2013/11/05 14:38:54 | 001,122,304 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/11/05 14:38:54 | 000,274,432 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/11/04 13:47:06 | 000,001,271 | ---- | M] () -- C:\Users\gurpsgm\Desktop\Dark Age of Camelot.lnk
[2013/11/01 14:17:32 | 000,000,063 | ---- | M] () -- C:\Windows\PrintWorkShop.ini
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/25 10:39:46 | 000,001,683 | ---- | C] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox.lnk
[2013/11/25 10:39:46 | 000,000,821 | ---- | C] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\My Lockbox Control Panel.lnk
[2013/11/24 12:04:31 | 000,002,303 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Chrome App Launcher.lnk
[2013/11/23 06:51:20 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/11/22 17:06:00 | 000,000,927 | ---- | C] () -- C:\Users\gurpsgm\Desktop\AIMP3.lnk
[2013/11/22 17:04:02 | 000,002,088 | ---- | C] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2013/11/22 16:52:37 | 000,002,100 | ---- | C] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2013/11/22 16:49:26 | 000,001,559 | ---- | C] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\Wireshark.lnk
[2013/11/22 16:49:26 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013/11/21 14:00:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/21 14:00:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/21 14:00:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/21 14:00:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/21 14:00:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/21 12:38:06 | 000,001,310 | ---- | C] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2013/11/20 09:52:01 | 000,000,468 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/11/20 09:51:42 | 000,000,478 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3 Startup Task.job
[2013/11/20 09:51:41 | 000,000,426 | ---- | C] () -- C:\Windows\tasks\SparkTrust Update Version3.job
[2013/11/20 09:51:40 | 000,000,526 | ---- | C] () -- C:\Windows\tasks\SparkTrust PC Cleaner Plus.job
[2013/11/20 08:45:21 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013/11/19 11:10:15 | 000,002,444 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Design Studio Pro.lnk
[2013/11/13 07:22:17 | 000,434,176 | ---- | C] () -- C:\Windows\SysWow64\swedll32.dll
[2013/11/12 12:36:26 | 001,761,584 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe_old
[2013/11/07 14:23:48 | 000,001,502 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Metacreator.lnk
[2013/11/07 09:08:42 | 000,001,798 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Chrome.lnk
[2013/11/07 09:08:08 | 000,001,401 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Opera.lnk
[2013/11/07 09:07:01 | 000,001,442 | ---- | C] () -- C:\Users\gurpsgm\Desktop\CD Burner XP.lnk
[2013/11/07 08:58:24 | 000,001,537 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Kindle.lnk
[2013/11/07 08:55:25 | 000,001,504 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Windows Media Player.lnk
[2013/11/07 07:09:56 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\Realm Works.lnk
[2013/11/06 07:22:41 | 000,001,230 | ---- | C] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013/11/06 07:22:35 | 000,001,247 | ---- | C] () -- C:\Users\gurpsgm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Campaign Editor.lnk
[2013/11/04 13:47:06 | 000,001,271 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Dark Age of Camelot.lnk
[2013/11/01 14:17:32 | 000,000,063 | ---- | C] () -- C:\Windows\PrintWorkShop.ini
[2013/10/30 22:51:57 | 000,001,413 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/10/30 22:41:01 | 000,002,010 | ---- | C] () -- C:\Users\gurpsgm\Application Data\Microsoft\Internet Explorer\Quick Launch\SeaMonkey.lnk
[2013/10/30 22:34:21 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/10/30 22:33:16 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\WpsUpdateTask_gurpsgm.job
[2013/10/30 09:00:54 | 000,001,344 | ---- | C] () -- C:\Users\gurpsgm\Desktop\Bruce.lnk
[2013/10/21 10:57:49 | 000,000,150 | ---- | C] () -- C:\Windows\Readiris.ini
[2013/10/04 07:23:13 | 000,000,024 | -HS- | C] () -- C:\Users\gurpsgm\AppData\Roaming\System5908ConfigCollection.dat
[2013/10/04 07:23:13 | 000,000,024 | -HS- | C] () -- C:\Users\gurpsgm\AppData\Roaming\1D959CA221C7573.sys
[2013/09/10 07:41:43 | 000,003,584 | ---- | C] () -- C:\Users\gurpsgm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/10 06:38:28 | 000,000,493 | ---- | C] () -- C:\Windows\EReg072.dat
[2013/09/09 10:42:56 | 000,000,058 | ---- | C] () -- C:\Users\gurpsgm\AppData\Local\Anderson Hu_MobysaurusThesaurus_InstallInfo.dat
[2013/08/30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/27 05:43:23 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2013/08/25 06:09:35 | 000,000,258 | RHS- | C] () -- C:\Users\gurpsgm\ntuser.pol
[2013/08/17 07:55:55 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2013/07/17 12:18:17 | 000,006,066 | ---- | C] () -- C:\Windows\Tablet10000x6250M.ini
[2013/07/04 09:34:49 | 000,000,029 | ---- | C] () -- C:\Windows\Atw.INI
[2013/06/28 10:12:35 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/05/16 04:54:03 | 000,000,422 | ---- | C] () -- C:\Windows\SysWow64\MSST42.DLL
[2013/03/28 21:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/03/28 21:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/09/03 06:16:00 | 000,131,584 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall.exe
[2012/09/03 06:16:00 | 000,001,734 | ---- | C] () -- C:\Windows\SysWow64\SpoonUninstall-Mobysaurus Thesaurus.dat
[2012/08/26 16:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2012/08/23 06:05:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2012/08/20 22:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012/08/20 22:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/08/20 22:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012/08/20 22:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012/08/20 22:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012/08/20 22:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012/08/20 22:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012/08/20 22:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012/08/20 22:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012/08/20 22:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012/07/19 13:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/07/19 13:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012/07/19 13:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012/07/19 13:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/07/19 13:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/07/19 13:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012/07/19 13:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll
[2012/06/30 16:05:17 | 000,004,944 | ---- | C] () -- C:\ProgramData\wmohyyzs.rfd
[2012/06/30 15:43:06 | 000,004,871 | ---- | C] () -- C:\ProgramData\rugqgaaw.ekm
[2012/03/07 08:41:46 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 10:36:44 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/04/10 13:29:16 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\.purple
[2013/01/25 17:06:16 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\0D1F2W1G1I1F1T1Q1H1L2V
[2013/04/06 05:49:22 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\2BrightSparks
[2010/11/04 10:12:41 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\acccore
[2012/06/30 15:43:12 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\AI Internet Solutions
[2013/10/30 08:58:45 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\AIMP3
[2013/10/28 12:13:25 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Audacity
[2013/11/01 14:08:29 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Auexsoft
[2012/07/07 21:18:07 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Auslogics
[2013/02/22 06:02:32 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Barnes & Noble
[2013/10/27 10:13:12 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Belkin
[2013/01/22 08:09:07 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\calibre
[2013/09/10 06:23:48 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Canneverbe Limited
[2012/08/26 07:07:08 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\CBS Interactive
[2013/08/19 21:15:47 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\CheckPoint
[2012/09/02 16:29:56 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\DonationCoder
[2013/05/30 07:09:10 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Downloaded Installations
[2013/08/04 07:44:00 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Dropbox
[2013/08/19 19:34:19 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\EasyDuplicateFinder
[2012/02/15 12:46:32 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\EMCO
[2013/11/21 10:30:40 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Fantasy Grounds II
[2013/05/30 07:10:58 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\FileOpen
[2013/02/25 21:06:57 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\FileZilla
[2013/11/10 09:06:14 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Flash Video Capture Data
[2013/11/22 17:04:12 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Foxit Software
[2013/02/14 05:32:49 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\FreeFileSync
[2013/09/16 06:59:24 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\FreeFileViewer
[2013/04/11 10:26:58 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Greenshot
[2012/04/10 10:43:39 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\gtk-2.0
[2013/09/24 16:21:42 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Guild Wars 2
[2013/03/20 12:19:44 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\ICQ-Profile
[2013/03/20 11:59:43 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\ICQM
[2013/11/21 10:30:38 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\IDM
[2013/01/31 14:40:37 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Individual Software
[2013/11/12 14:03:15 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\IObit
[2013/11/11 07:53:33 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\iolo
[2010/11/05 15:26:34 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\IrfanView
[2010/11/02 12:34:51 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Jasc
[2013/10/30 22:31:19 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Kingsoft
[2013/09/07 12:37:54 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Leadertech
[2013/02/26 16:07:19 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\LibreOffice
[2012/10/25 05:17:06 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Lone Wolf Development, Inc
[2012/10/25 05:24:03 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\LWD Technology, Inc
[2012/09/03 14:45:50 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\MAGIX
[2013/05/01 06:53:28 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Milenix
[2012/10/05 13:56:56 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\NBOS
[2013/05/30 07:10:58 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Nitro
[2013/11/20 10:00:42 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Nitro PDF
[2013/09/25 12:11:45 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Notepad++
[2013/08/15 06:16:15 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\NoteTab Light
[2012/12/28 08:22:46 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\NoteTab Pro
[2013/09/25 12:04:41 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\NoteTab Std
[2012/06/14 13:49:04 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Nuance
[2010/10/22 18:31:54 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\OEM
[2013/09/19 23:35:32 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\OpenOffice
[2013/07/15 16:13:58 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Opera Software
[2012/02/14 14:12:21 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Orbit
[2013/06/16 09:59:17 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Origin
[2012/05/27 23:20:39 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Packard Bell
[2011/08/27 07:39:46 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\ProgSense
[2010/11/12 16:14:41 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Qualcomm
[2013/11/21 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Raptr
[2013/11/21 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\RIFT
[2013/02/07 15:17:42 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Seagate
[2013/07/11 12:55:24 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\SlimCleaner
[2012/08/25 10:38:34 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\SparkPDF
[2013/11/20 09:51:54 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\SparkTrust
[2013/07/10 08:55:04 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\SumatraPDF
[2013/11/23 07:37:59 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\TeraCopy
[2013/11/25 06:57:51 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Thunderbird
[2011/03/22 09:53:24 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Trillian
[2013/03/09 09:38:54 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Unity
[2013/02/04 11:33:58 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Utech Computer Solutions
[2013/09/27 19:42:08 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\VASSAL
[2013/11/19 11:11:16 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Virtual Mechanics
[2011/01/05 11:38:58 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\Windows Live Writer
[2013/11/25 17:43:30 | 000,000,000 | ---D | M] -- C:\Users\gurpsgm\AppData\Roaming\XYplorer
 
========== Purity Check ==========
 
 

< End of report >

Link to post
Share on other sites

Extras.txt below...

 

OTL Extras logfile created on: 11/26/2013 08:14:05 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gurpsgm\Documents\Bruce\Computer\Problems
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.22 Gb Available Physical Memory | 65.34% Memory free
15.98 Gb Paging File | 13.04 Gb Available in Paging File | 81.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.41 Gb Total Space | 329.79 Gb Free Space | 36.18% Space Free | Partition Type: NTFS
 
Computer Name: GURPSGM-PC | User Name: gurpsgm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Users\gurpsgm\Music\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\gurpsgm\Music\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\gurpsgm\Music\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Users\gurpsgm\Music\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\gurpsgm\Music\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\gurpsgm\Music\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011BDFBA-0516-4612-B12E-D9FE21E11F02}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E2A7A6B-3D86-4F43-923A-E95D0DF254EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{248EC2A0-539F-4019-9BC9-D60D3FD8E347}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2A84ED1B-61B1-470F-B7F2-71DCFC2CDD6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2D5E00DE-320D-4A57-B5CA-EBBA92BC7080}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{2F5547BF-2F85-4856-B2A3-78148174281E}" = rport=139 | protocol=6 | dir=out | app=system |
"{3780A74B-A6A5-4BF0-982C-1D162ACD456D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{3A7DC2AD-84E3-406B-B8A5-6E70CA6C88AC}" = lport=139 | protocol=6 | dir=in | app=system |
"{45287985-847C-4319-B570-3A876F956A8F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{63B8BE87-C1D5-4701-A773-827B50B93667}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{69077353-5E91-4A77-8393-4520074E67EB}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6F0FE8CE-D237-4142-9996-ADD940BB5D39}" = rport=137 | protocol=17 | dir=out | app=system |
"{6F4D5078-49E3-468B-AFA6-87C154C622B6}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
"{765AB3E0-717F-4688-BEB1-60B8C6A31164}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8B9D9A45-35B7-416B-8C9B-6405650E2ADF}" = rport=445 | protocol=6 | dir=out | app=system |
"{8E167723-EFF5-493B-A094-CA7867C6D2BE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8FBF5DC6-3C0E-424D-9D37-2D5FC4875B92}" = lport=445 | protocol=6 | dir=in | app=system |
"{920AD594-8911-4832-AABC-C691EFA4A9A6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{946DEE37-EE45-4874-B080-02FE06B6C05E}" = lport=137 | protocol=17 | dir=in | app=system |
"{96523A07-BE0F-4C1A-8439-D426FF59770B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AED1F3B-9298-457F-9356-F6FBC5F9D1A1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9F942C2D-B1A4-40C8-A574-DB94CF5BA67C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A01BB363-F520-492E-A84E-D1D724EA35D2}" = rport=138 | protocol=17 | dir=out | app=system |
"{A365AF5A-92CB-4732-B538-2F4C4E78D3B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{AF5F1145-4765-47B4-BEDB-C1A642897304}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B20EC616-4446-477A-B4A5-C714B3FBBB0B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B7936B45-523B-40C4-8C6F-3639A706E5C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB53A863-6C67-4305-AFB8-001BA0E5F60B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FD50E357-76E3-4082-B41C-A546ACAFF8BD}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F27C14-CD2A-4462-8EC0-66CBD9DF6414}" = protocol=6 | dir=in | app=c:\users\gurpsgm\appdata\roaming\icqm\icq.exe |
"{0192B0A0-D355-434B-B6A9-CFF4F6555D29}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{01E30FAB-4BFC-4F8E-A594-7ED8290495DA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{059AB3E5-F2A0-4973-8BD5-D3C4EC238E31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05A02723-DD9F-422E-8D9C-3FD2A55DCC22}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{0731722C-B32D-421A-93C0-9B08C20838BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0816A956-1E64-4317-A523-0D96BF4887CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0C48A838-0F1B-41E7-884A-14AC52B86FE0}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{10A8C88A-32D0-48C8-89C0-4BEBC2547F79}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{17A64412-C777-4395-B69A-A9E3BB84F38D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons and dragons online\turbineinvoker.exe |
"{18777DDE-3E29-4DE4-B8A5-AB5551C12134}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19794B43-C8DC-457C-BDEA-5E8F04BCAA59}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{1B15DA59-0FD5-4F54-98DA-2FC918C842BA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{1C7BD6B3-0CB4-462D-A83C-E6519E137B76}" = protocol=17 | dir=in | app=c:\users\gurpsgm\appdata\roaming\icqm\icq.exe |
"{1DC55C48-9C14-4CAE-8798-B7F4E81E4681}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\simcity 4 deluxe edition\apps\simcity 4.exe |
"{1F35C90F-4352-4964-B25E-B27FAD27B042}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\simcity\simcity\simcity.exe |
"{1F680EDC-5A71-4284-BA01-6BE75EC56FBF}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{20D5DD38-A5BB-48D3-9460-E78141FF8AA7}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{2564689E-4CE3-4338-BBF1-1633232FAF30}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2593B43F-02A9-4608-AD29-6C79EDDDB785}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\simcity 4 deluxe edition\apps\simcity 4.exe |
"{28A3970F-B420-47E6-9F39-DDC0A2A86A40}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2BE65858-443D-4626-8BB0-113AE57BC6EE}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{2C80A1A4-957D-4BC9-8BD7-2977F2B5D10C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\simcity\simcity\simcity.exe |
"{2E871C6E-72F8-4D2E-B128-295C9C52F871}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3091ABAC-2DFD-4F7B-AEB6-8C5AC17662B8}" = protocol=17 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |
"{31812B7B-15BE-41F3-B36C-394085E6A6DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{34E24056-78B9-4DB3-BDD0-5C87FF846250}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3FAB4572-5052-4A2A-A4E1-4E22D0173815}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3FF29BD5-CE72-4CE9-B34D-49C42ABC5F4F}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |
"{41E57896-F16E-4F23-A447-068ABEE61FC5}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{424C5660-94E5-4A38-A97E-D29D417C7D76}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{45B48A62-8D8D-423C-B3CF-6EB34E731B46}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{48ACB722-803E-4247-846B-E7FA54806008}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A4C7C71-65C1-4B54-B612-EFCB6AD057A0}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\launchpad.exe |
"{4AB43D12-79A0-4845-AFBE-1881F00F2046}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AF909D3-FD66-4649-A028-7884A33BDA20}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4F99FBA6-ADAB-4C30-A3FC-BEB9178644D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{50E4EBBC-A60E-4F7C-ABA6-D5C071777C5B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5736AAF4-D4B1-4367-A0A1-35B462147D44}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{57A686D0-FFD9-4A60-9969-47164671F390}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5882BDB2-D298-497F-9072-49014752A90F}" = protocol=17 | dir=in | app=c:\users\gurpsgm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5BE8AB25-7291-41D7-AA61-BA49771ECE65}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{677A0BDC-3248-4513-A4F3-A025CD0761A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6F710C74-5661-4CF9-9B69-11DBCEF69AAC}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{703C360B-D4D2-455E-AE93-EC3F0DDA81A9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7089C84A-0296-4D2D-8CBE-0EFDC4AC1191}" = protocol=6 | dir=in | app=c:\users\gurpsgm\appdata\roaming\dropbox\bin\dropbox.exe |
"{7327B018-6716-470E-BE18-E356E012A7E7}" = protocol=6 | dir=out | app=system |
"{811799EB-3FCA-4DF0-977B-40066403E701}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{82DA92D4-640A-4C25-A5BA-A86C13F06F22}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{82E46B34-B678-4BFD-8178-1AABEFA3ED2F}" = protocol=17 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{8715A961-3AE2-4B8B-B6F5-045FB65EDCF9}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\launchpad.exe |
"{8BD5C229-3B26-48AF-865F-9EA00F6C5F0D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{8C596960-2913-41C2-90D3-9A48814E846F}" = protocol=6 | dir=in | app=c:\program files (x86)\hero lab\herolab.exe |
"{8D3FDDD5-F723-49D9-A5AB-9929FC9610A4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8E81113F-8DCC-410C-A8CC-F79F12417395}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{927CCB05-C06D-426C-8BAB-6814C3DAD460}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{9CDF63E3-BF93-47E0-B2C8-95A553E198CA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A8497090-BAC5-48C8-9668-7BC5B8C9BF89}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AC226255-B936-4B67-9988-7500392C8A39}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{B22CA8D0-BCF2-4CF0-814E-78C1D4587A98}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\lotroclient.exe |
"{B532013D-BFA6-49CC-A68E-DFC8372502DB}" = protocol=17 | dir=in | app=c:\users\gurpsgm\music\winamp\winamp.exe |
"{B56B8C07-EB09-488D-AB5E-D49E1949E870}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{B78F00BD-5012-4AA6-B269-FD25026B7E23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8505F5B-E7FE-4306-8B7A-CDDA8E860376}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BA5F6DA2-63EB-4DC5-9BBE-8AF56D5B8B89}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{BB5D220D-077C-407C-A2F9-31EFF808CFE0}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{BF9A1F62-97A9-46A9-B18D-B5B5ECA44506}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C28337DB-8D2B-4B2A-BB60-12EBB6B45A48}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C33BF5CF-94B9-4E7A-A289-ACD0086AD62E}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe |
"{C484BBCC-378F-4FF4-99D3-2B9500446FC7}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{C79507C4-8955-47DE-BD7E-C0DE7FE0EC14}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{CD6CFAA9-7969-4C9D-B5B4-32203E08CBBC}" = protocol=17 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |
"{CE2C9AC0-4716-4AC2-8FA2-60763F699DBD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{CF1BFCA1-A854-4974-8D42-3CC4F392FEFE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D1420CAC-4088-4D6F-B95D-695AFF2E754F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeons and dragons online\turbineinvoker.exe |
"{D6C93228-3065-4ADB-A000-9740327B6187}" = protocol=6 | dir=in | app=c:\programdata\turbine\the lord of the rings online\turbinelauncher.exe |
"{D9D75C89-9B35-4A91-AF90-81D25C6A9B5F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{DC097A13-C282-46E7-A98E-A17CD842A567}" = protocol=17 | dir=in | app=c:\program files (x86)\realm works\realmworks.exe |
"{DE5868B4-E6C8-44A6-890C-56CB4422DD44}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E4B8BF57-A483-465D-AEEC-285DDBB567C7}" = dir=in | app=c:\users\gurpsgm\appdata\local\microsoft\skydrive\skydrive.exe |
"{E4CB50C9-F8B2-4743-A138-B94528F8ED83}" = protocol=6 | dir=in | app=c:\program files (x86)\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{E87C9675-F49C-4281-9C7B-709756294DE5}" = protocol=6 | dir=in | app=c:\program files (x86)\realm works\realmworks.exe |
"{EDD34F7D-A174-4A21-A7A7-3EFF100B73B0}" = protocol=6 | dir=in | app=c:\users\gurpsgm\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F0BF42F7-4F2D-480D-8C2C-7CE54A07185F}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F2358DC8-1852-4DBD-A260-27C63E4F9F95}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\kingdoms of amalur reckoning\reckoning.exe |
"{F33591A0-6500-4D43-A0B2-13AE0B5E18D3}" = protocol=6 | dir=in | app=c:\users\gurpsgm\music\winamp\winamp.exe |
"{F8B732CE-6EA3-4151-B2C6-BDFC3348698D}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe |
"{F9AE3C9C-233A-49A5-B892-43A27DFDEBBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F9F308D0-19D0-48BD-9785-F91E8A532DC0}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{FA6730BE-42D4-4DEC-AA20-8F41F9CF2451}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FB54049F-3474-495F-9F71-463905448624}" = protocol=17 | dir=in | app=c:\users\gurpsgm\appdata\roaming\dropbox\bin\dropbox.exe |
"{FD85F6A7-A6C7-4948-9B80-BD75B690BDAA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{FE1B220D-096A-431A-922E-7529CD3BBF36}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{0E0E5789-B13B-4697-9AC7-5A5333356014}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{2525A511-1AB0-462D-A548-8266ACB023D2}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"TCP Query User{A64FBB4A-4F34-4842-AFE5-3C6ABBD74F8F}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{BEC5563F-C855-4D8F-A10B-FB5FA7B09F19}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{D70D2853-01D1-4FAB-8B74-3833E38CA607}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
"UDP Query User{6549951C-710F-4441-89B3-8D9208B38AE7}C:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest\eqvoiceservice.exe |
"UDP Query User{6B3A0087-90D7-42B3-912F-BB81C80ED91A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{72E77E59-073E-4B1E-BDD8-E34A0AFFE7EC}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{BE8240CA-6A69-4604-B3BF-4FF0DF15DFFB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F72803C6-61BA-40AF-A1AF-FB2AAD81415F}C:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\everquest ii\eq2voiceservice.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13351E83-6DCD-4E97-2A8C-5D496259A47F}" = AMD Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417040FF}" = Java 7 Update 40 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = MPC-HC 1.6.8 (64-bit)
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{369FD683-593C-42DE-A463-09F3FACB6C1B}" = Nitro Reader 3
"{3AA627AF-DD36-F927-D91F-207FB3CC32D9}" = ccc-utility64
"{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D533F05-A3F6-F8A9-F1F6-FA6812089D36}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{59A50260-AED9-40E6-80CF-7319C8A7A926}" = Saitek Cyborg Keyboard Volume 6.7.3.0
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}" = Intel® Turbo Boost Technology Monitor 2.6
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6D41B4C4-FCD7-4F9B-99B9-A01F63F71F0F}" = Smart Technology Programming Software 7.0.2.7
"{6E5159B4-A519-41EF-80EF-AD58371515DF}" = Eraser 6.0.10.2620
"{6F0EFDE0-EFEB-41CA-9446-ACB7A942911E}" = HP Scanjet G3110
"{72AAF455-1E54-475B-B0AB-5413C78D0E63}" = SpyHunter
"{72EF03F5-0507-4861-9A44-D99FD4C41418}" = Paint.NET v3.5.11
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B775540C-E635-B6CF-379F-87222AEC77C6}" = AMD Media Foundation Decoders
"{C4838EB8-FCED-B4EB-2777-017DFC3BD65D}" = AMD Accelerated Video Transcoding
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{DDA8FE2D-EA67-194C-D6A5-F52BC4FDA20F}" = ATI AVIVO64 Codecs
"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD310764-B3E5-430F-980E-D6C0016B2660}" = PerfectDisk 12.5 Professional Business
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.67.1
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.21
"Ditto_is1" = Ditto
"GIMP-2_is1" = GIMP 2.8.4
"GKrellM" = GKrellM 2.3.5
"Greenshot_is1" = Greenshot 1.0.6.2228
"HP Imaging Device Functions" = HP Imaging Device Functions 14.5
"HPOCR" = OCR Software by I.R.I.S. 14.5
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"My Lockbox_is1" = My Lockbox 3.0.5
"Pen Tablet Driver" = Bamboo
"Speccy" = Speccy
"TeraCopy_is1" = TeraCopy 2.27
"VASSAL (3.2.8)" = VASSAL (3.2.8)
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{053FFC87-C5BD-4B3C-9D3E-783902D83D21}" = Dungeon and Dragons: Neverwinter Nights Complete
"{074A6C85-32A6-4C4D-9F2F-6FEA213FFA53}" = EMG Mapper
"{0B11C568-7E39-4105-B26F-F0E84A0E1C46}" = calibre
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = The Sims Medieval Pirates and Nobles
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"{118071AB-6572-4FAD-A1FD-67264C994350}" = e-Sword
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{15075E09-0731-4963-AA9E-D2C9E5F09A7F}" = Ebook Converter 5.7.2
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1666B8EC-F539-4D80-85E1-1B43BABD5474}" = MAGIX Photo Manager MX
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A227B-A8C8-4C6D-B939-21FAEB007E1E}" = Google Drive
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3C9EF074-E7E8-1DAD-7B24-E2ACDC48FBDE}" = CCC Help English
"{3DE92282-CB49-434F-81BF-94E5B380E889}" = The Sims™ 3 Seasons
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1" = CloudReading
"{4209F371-88D4-AB00-ED2B-D6520C84D9D5}_is1" = Ashampoo WinOptimizer 10 v.10.2.5
"{43C423D9-E6D6-4607-ADC9-EBB54F690C57}" = Seagate Dashboard 2.0
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}" = Nostromo
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5CE1363A-4E0F-43E5-A9CD-100F9DC8B23B}_is1" = PyMapper 8.0
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62E2BBFA-BE97-42CD-AE89-A4EEF7F36992}" = The Elder Scrolls Arena
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{6423EAA8-1495-4291-A7F9-D957AA0D3273}" = MAGIX Xtreme Photo & Graphic Designer 5 (Silver)
"{6672A809-A0D9-A47E-7CFE-AF0B0D599D40}" = Catalyst Control Center Localization All
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{68E3C15B-7222-48AB-9D73-4C859D4DF88E}" = Print Workshop
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71D30D86-88C0-4A6E-8A9B-5403A8A5D6D4}" = Bing Bar
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733C5FC0-F0C4-405B-A983-61C24CC60E39}_is1" = Photo Frame
"{75118CF3-44B5-411A-B3DD-C10432217693}" = Daggerfall
"{760AA190-82DF-4A80-BE05-B9FEEC88946D}_is1" = Hero Lab 4.2d
"{77021F03-7C6A-4278-9AE4-3AFED74C74F6}" = hpg3110
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7AC0886A-CE48-4EB6-9CC3-4C56D427F2E1}" = Cisco Network Magic
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = The Sims Medieval
"{84ADC96C-B7E0-4938-9D6E-2B640D5DA224}" = Python 2.7.4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88084ECA-7832-4746-A965-229D24415AEA}" = Pagan Daybook 4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{914A2D68-B818-46D4-B3AD-6C887EB247F5}" = SiteSpinner Web Design Studio Pro
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.8
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{9F1EC361-9231-4FAD-8956-3846D0D858F0}" = Amazon Cloud Drive
"{A24F20F6-3BE3-4D25-BD0C-D7AEF7D180D4}" = Readiris Pro 12
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CC8D58-397F-4241-86C7-5463274E9B08}" = Scan
"{A9FE59F0-5BFA-4FDF-84C6-F45457715379}" = InstallIQ Updater
"{AA5009F6-E65C-4DBD-92B8-988F0ADD1E99}" = SlimDrivers
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}" = The Sims™ 3 Supernatural
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{BA45BD32-4DF8-4BE8-8558-83A0280CEE8E}" = Vz In Home Agent
"{BAF19BB1-7716-4F37-5C47-E9DD9A70BC0F}" = Catalyst Control Center InstallProxy
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = The Sims™ 3 Pets
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB5FFA66-7880-4329-BEDD-90EC69A2D024}" = Calendar Wizard 4
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC45C792-5348-9446-1FBB-2A287A19D48E}" = AMD Catalyst Control Center
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0B6D037-9DBE-4E1A-A17B-AAE0CA2C281C}_is1" = Realm Works 0.9.101.139 Beta
"{D0DFDFA8-1C04-407B-9CB2-A25AB20DD54D}" = Destinations
"{D0E2AD1D-07B7-491C-8877-171A03680AE0}" = SlimCleaner
"{d1a692f3-f2ee-404e-87b7-78f70e35a85f}" = Nero 9 Essentials
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{DB21639E-FE55-432C-BCA2-0C5249E3F79E}" = The Sims™ 3 Island Paradise
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DD6A1515-D001-4988-A8ED-F36F6C6D4A47}" = MAGIX Screenshare
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET (Tech Preview)
"{DF647248-AE86-40EB-B88B-DE303B2A5646}" = SlimComputer
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E7E71065-1152-440D-F258-5B6DE3817E41}" = Catalyst Control Center Graphics Previews Common
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EDAAC216-AC73-4152-9654-E12FE5A69F5D}_is1" = CBR Reader
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}" = Dragon NaturallySpeaking 11
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1F5C7EE-23BB-47A3-943E-9F290DD267F0}" = THX TruStudio PC
"{F286530E-62C6-417C-8F74-47830B2503CE}" = MAGIX Photo Manager 10
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F88FFBE5-6A07-6206-0B13-4F648A6718C9}" = Catalyst Control Center InstallProxy
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FDF9A4DA-AE9A-4240-BDEC-5CF6E22E57CB}" = LibreOffice 4.0 Help Pack (English)
"{FE88323B-9F0E-4596-8F56-37757C6918E9}" = LibreOffice 4.0.4.2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Active Shield 5_is1" = Active Shield 5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Advanced SystemCare 7_is1" = Advanced SystemCare 7
"Age of Conan_is1" = Age of Conan: Unchained
"AIM_7" = AIM 7
"AIMP3" = AIMP3
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.2
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon Kindle" = Amazon Kindle
"Amiasoft SiteAid_is1" = SiteAid 2.3
"AnyTime Organizer" = AnyTime Organizer
"Astro123_is1" = Astro123 v1.62
"AstroWin_is1" = AstroWin v3.67
"Audacity_is1" = Audacity 2.0.4
"AutoREALM_is1" = AutoREALM Version 2.1
"Baldur's Gate Complete" = Baldur's Gate Complete
"Baldur's Gate II - Shadows of Amn + Throne Bhaal" = Baldur's Gate II - Shadows of Amn + Throne Bhaal
"Big Kahuna Reef_is1" = Big Kahuna Reef
"BitZipper_is1" = BitZipper 2013
"BN_DesktopReader" = NOOK for PC
"Campaign Suite Extended Edition" = Campaign Suite Extended Edition
"CDCE6956-DCDC-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - Developer's Cut
"CDCE6956-DD16-4F82-ACA0-E4C7BAD6B26A_is1" = Divinity II - DKS
"CleanUp!" = CleanUp!
"Codecs for Windows 7 Pack" = Codecs for Windows 7 Pack 4.0.5
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"CSEHTMLVALIDATOR110_is1" = CSE HTML Validator Professional v11.02 Trial
"Daily Transits_is1" = Transits v1.01
"Dark Age of Camelot" = Dark Age of Camelot
"DCrafter3" = Dungeon Crafter III (remove only)
"eags on!_is1" = eags on! 0.8.81
"EMCO UnLock IT 3_is1" = EMCO UnLock IT 3.0
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileASSASSIN" = FileASSASSIN
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.7.3
"Flash Video Capture_is1" = Flash Video Capture 4.11.2 build 6420
"Foxit Reader_is1" = Foxit Reader
"Fractal Mapper_is1" = Fractal Mapper v8.10f
"Free Media Player_is1" = Free All-In-One Media Player
"FreeFileSync" = FreeFileSync 5.12
"FreeFileViewer_is1" = Free File Viewer 2012
"freeocr_is1" = FreeOCR v4.2
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Guild Wars" = Guild Wars
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"HTML Help Workshop" = HTML Help Workshop
"Icewind Dale Complete" = Icewind Dale Complete
"Icewind Dale II" = Icewind Dale II
"Identity Card" = Identity Card
"Inspiration Pad Pro_is1" = Inspiration Pad Pro 3.01a
"InstaCodecs_is1" = InstaCodecs
"InstallShield_{102E4D60-5A93-4A3C-8105-FE390427C60D}" = Sid Meier's Alpha Centauri 2000/XP Compatibility Update
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Gateway MyBackup
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"IObit Malware Fighter_is1" = IObit Malware Fighter
"IObit Surfing Protection_is1" = Surfing Protection
"IObitUninstall" = IObit Uninstaller
"IrfanView" = IrfanView (remove only)
"jv16 PowerTools 2014" = jv16 PowerTools 2014
"Karen's Directory Printer" = Karen's Directory Printer
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4246)
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"MAGIX_{1666B8EC-F539-4D80-85E1-1B43BABD5474}" = MAGIX Photo Manager MX
"MAGIX_{DD6A1515-D001-4988-A8ED-F36F6C6D4A47}" = MAGIX Screenshare
"MAGIX_MSI_Foto_Manager_10" = MAGIX Photo Manager 10
"MAGIX_MSI_XtremeGrafik5_Silver" = MAGIX Xtreme Photo & Graphic Designer 5 (Silver)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCLIENT" = Norton Management
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.7
"Metacreator" = Metacreator
"mIRC" = mIRC
"Mobysaurus Thesaurus" = Mobysaurus Thesaurus
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"Mozilla Thunderbird 24.1.1 (x86 en-US)" = Mozilla Thunderbird 24.1.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyInfo 6_is1" = MyInfo Standard 6.16 (build 1666)
"N360" = Norton 360
"Network MagicUninstall" = Network Magic
"Neverwinter" = Neverwinter
"Neverwinter Nights Kingmaker" = BioWare Premium Module: Neverwinter Nights Kingmaker
"Notepad++" = Notepad++
"NoteTab Light 7_is1" = NoteTab Light 7 (Remove only)
"NoteTab Pro 6_is1" = NoteTab Pro 6 (Remove only)
"NSS" = Norton Security Scan
"NST" = Norton Identity Safe
"NZ" = Norton Zone
"One Million Recipes 6.00" = One Million Recipes 6.00
"Opera 16.0.1196.73" = Opera Stable 16.0.1196.73
"Origin" = Origin
"Picasa 3" = Picasa 3
"Planescape Torment" = Planescape Torment
"Raptr" = Raptr
"ReaderConverter" = MS Reader Converter
"Revo Uninstaller" = Revo Uninstaller 1.95
"ScreenMonkey Lite_is1" = ScreenMonkey Lite v1.7h
"ScreenshotCaptor_is1" = Screenshot Captor 4.7.2
"SE_Aspectarian_is1" = SE_Aspectarian v1.26
"SE_Quadruple_Aspects_is1" = SE_Quadruple_Aspects v1.00
"SE_Triple_Aspects_is1" = SE_Triple_Aspects v1.00
"SeaMonkey 2.22.1 (x86 en-US)" = SeaMonkey 2.22.1 (x86 en-US)
"Security Suite_is1" = Security Suite
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"SmoothDraw_is1" = SmoothDraw version 4.0.1
"Spigot Removal Tool_is1" = Spigot Removal Tool
"ST6UNST #1" = Interactive Dungeon
"Steam App 206480" = Dungeons & Dragons Online®
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SumatraPDF" = SumatraPDF
"SyncBackFree_is1" = SyncBackFree
"Temple of Elemental Evil" = Temple of Elemental Evil
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition version 3.0
"Timeline_is1" = Timeline 0.19.0
"TNA_db_is1" = TNA_db v1.13
"Trillian" = Trillian
"True Sword 5_is1" = True Sword 5
"Trusted Software Assistant_is1" = File Type Assistant
"Unlocker" = Unlocker 1.9.1
"Verizon Help and Support" = Verizon Help and Support Tool
"VMidi" = vanBasco's Karaoke Player
"Vocation_is1" = Vocation v1.10
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"Windows 7 - Codec Pack" = Windows 7 Codec Pack 2.8.0
"WinLiveSuite" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.14.0
"WinPcapInst" = WinPcap 4.1.3
"Wireshark" = Wireshark 1.10.3 (64-bit)
"WizMouse_is1" = WizMouse v1.6.0.2
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"wxPython2.8-unicode-py26_is1" = wxPython 2.8.10.1 (unicode) for Python 2.6
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"XYplorer" = XYplorer 12.50
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"48e4cff94f039634" = Best Buy pc app
"Adobe Photoshop CS2 Packages" = Adobe Photoshop CS2 Packages
"CNET TechTracker" = CNET TechTracker
"Dropbox" = Dropbox
"HappyCloud" = Happy Cloud Client
"ICQ" = ICQ 8.0 (build 6007, for the current user)
"lotro_midres_en" = The Lord of the Rings Online
"NetAssistant" = NetAssistant for Firefox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"RIFT" = RIFT
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-EverQuest" = EverQuest
"SOE-EverQuest II" = EverQuest II
"SOE-EverQuest II (5)" = EverQuest II (5)
"SOE-LegendsOfNorrath" = Legends of Norrath
"Square Enix Secure Launcher" = Square Enix Secure Launcher
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/24/2013 08:36:44 | Computer Name = gurpsgm-PC | Source = Norton Zone | ID = 48
Description = Renew Token Failed to bind zone: S-1-5-21-2751017530-556950238-3992346484-1000
 
Error - 11/24/2013 12:44:37 | Computer Name = gurpsgm-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
 Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/24/2013 17:40:33 | Computer Name = gurpsgm-PC | Source = ServiceAS | ID = 0
Description =
 
Error - 11/24/2013 18:11:25 | Computer Name = gurpsgm-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Check Point Install Utility' could not be
shut down.
 
Error - 11/24/2013 18:20:57 | Computer Name = gurpsgm-PC | Source = ServiceAS | ID = 0
Description =
 
Error - 11/25/2013 07:19:33 | Computer Name = gurpsgm-PC | Source = ServiceAS | ID = 0
Description =
 
Error - 11/25/2013 08:16:50 | Computer Name = gurpsgm-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4  Faulting module name: ContextMenu64.dll, version: 9.5.5.316,
 time stamp: 0x518a2eac  Exception code: 0xc0000005  Fault offset: 0x000000000006949e
Faulting
 process id: 0x554  Faulting application start time: 0x01cee9cfc19d5f07  Faulting application
 path: C:\Windows\Explorer.EXE  Faulting module path: C:\Program Files (x86)\Adobe\Acrobat
 9.0\Acrobat Elements\ContextMenu64.dll  Report Id: 761b2421-55cb-11e3-8edc-4487fccb4f3a
 
Error - 11/25/2013 16:13:41 | Computer Name = gurpsgm-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Python26\Lib\distutils\command\wininst-8_d.exe".
Dependent
 Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/26/2013 08:14:22 | Computer Name = gurpsgm-PC | Source = ServiceAS | ID = 0
Description =
 
Error - 11/26/2013 08:35:25 | Computer Name = gurpsgm-PC | Source = ServiceAS | ID = 0
Description =
 
[ OSession Events ]
Error - 10/31/2012 19:38:19 | Computer Name = gurpsgm-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6662.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 52
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ Spybot - Search and Destroy Events ]
Error - 11/17/2013 11:29:40 | Computer Name = gurpsgm-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 11/17/2013 11:29:49 | Computer Name = gurpsgm-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 11/17/2013 20:19:25 | Computer Name = gurpsgm-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 11/26/2013 09:20:33 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:21:03 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:21:33 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:22:03 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:22:33 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:23:03 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:23:33 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:24:03 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:24:33 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
Error - 11/26/2013 09:25:03 | Computer Name = gurpsgm-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
 error:   %%126
 
 
< End of report >

Link to post
Share on other sites

I see two installed programs that I strongly advise you remove at your earliest convenience:

 

SparkTrust PC Cleaner Plus
IOBit

 

They may have come bundled with unwanted extras, I recommend you use RevoUninstaller to remove both as follows...

 

download and install Revo Uninstaller Free

 

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.

 

Next,

 

Re-Run otlDesktopIcon.png  by double left click, Vista and Widows 7 users accept UAC alert.

  • Under the customFix.png box at the bottom, paste in the following, start with and include the colon plus OTL . :OTL

    :OTLIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ieIE - HKCU\..\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}: "URL" = http://search.yahoo....&type=293224&p={searchTerms}FF - prefs.js..browser.startup.homepage: "http://search.yahoo....r=spigot-yhp-ff"FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.1.2FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1FF - prefs.js..keyword.url: "http://search.yahoo....&type=293224&p="FF - user.js - File not foundCHR - default_search_provider: Yahoo! (Enabled)CHR - default_search_provider: search_url = http://search.yahoo....&type=293224&p={searchTerms}CHR - default_search_provider: suggest_url = http://ff.search.yah...fxjson&command={searchTerms},O2:64bit: - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O20:64bit: - AppInit_DLLs: ("C:\PROGRA~2\Google\Google Desktop) -  File not foundO20 - Winlogon\Notify\klogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not foundO20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - No CLSID value found.[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ][1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ][1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]:Filesipconfig /flushdns /c:Commands[emptytemp][CREATERESTOREPOINT]
  • Then click runFixbutton.png button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.



Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter  *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

 

Double click on OTL to run it again. Make sure all other windows are closed and to let it run uninterrupted.

When the main interface opens change the Standard Registry box to All

Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.

Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

 

Post new logs, also give update on any remaining issues or concerns....

Link to post
Share on other sites

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}\ not found.
Prefs.js: "http://search.yahoo....r=spigot-yhp-ff" removed from browser.startup.homepage
Prefs.js: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.1.2 removed from extensions.enabledAddons
Prefs.js: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1 removed from extensions.enabledAddons
Prefs.js: "http://search.yahoo....&type=293224&p=" removed from keyword.url
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
Use Chrome's Settings page to remove the default_search_provider items.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:"C:\PROGRA~2\Google\Google Desktop deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}\ not found.
C:\Windows\SysNative\SETEAE3.tmp deleted successfully.
C:\Windows\SysNative\SETEC5D.tmp deleted successfully.
C:\Windows\SysNative\SETF7C9.tmp deleted successfully.
C:\Windows\SysNative\SETF868.tmp deleted successfully.
C:\Windows\SysNative\drivers\~GLH0023.TMP deleted successfully.
C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP\WiseCustomCalla37.exe deleted successfully.
C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP folder deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\cmd.bat deleted successfully.
C:\Users\gurpsgm\Documents\Bruce\Computer\Problems\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57472 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: gurpsgm
->Temp folder emptied: 3682612 bytes
->Temporary Internet Files folder emptied: 212605 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4430757 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3380 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 262144 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 532736 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 9.00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 11272013_105510

Files\Folders moved on Reboot...
C:\Users\gurpsgm\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\fb_3812.lck moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

OTL log still too big - part a

 

OTL logfile created on: 11/27/2013 11:07:54 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\gurpsgm\Documents\Bruce\Computer\Problems
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.99 Gb Total Physical Memory | 5.20 Gb Available Physical Memory | 65.04% Memory free
15.98 Gb Paging File | 12.95 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.41 Gb Total Space | 332.94 Gb Free Space | 36.53% Space Free | Partition Type: NTFS
 
Computer Name: GURPSGM-PC | User Name: gurpsgm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2013/11/26 07:59:13 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/26 07:50:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\gurpsgm\My Documents\Bruce\Computer\Problems\OTL.exe
PRC - [2013/11/18 23:20:03 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/16 11:52:02 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/11/10 03:20:01 | 000,143,856 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe
PRC - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/10/30 14:25:54 | 001,820,584 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/10/28 17:21:00 | 002,289,952 | ---- | M] (FSPro Labs) -- C:\Program Files\My Lockbox\mylbx.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/10/25 12:07:00 | 000,878,368 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013/10/15 11:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\n360.exe
PRC - [2013/09/20 09:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 09:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/09/13 08:05:56 | 007,941,304 | ---- | M] (DonationCoder) -- C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
PRC - [2013/09/09 17:05:56 | 001,164,328 | ---- | M] (iolo technologies, LLC) -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2013/08/30 18:26:24 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE
PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/28 14:35:44 | 000,408,064 | ---- | M] () -- C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
PRC - [2013/05/16 16:45:24 | 002,119,680 | ---- | M] () -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
PRC - [2011/05/24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2010/03/17 15:53:24 | 000,207,872 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2010/01/25 05:20:00 | 002,288,128 | ---- | M] (Fookes Holding Ltd) -- C:\Program Files (x86)\NoteTab Pro 6\NotePro.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/10/13 13:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/08 01:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/11/18 23:20:03 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/16 11:52:02 | 016,237,448 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/10/30 14:25:56 | 001,123,240 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/10/24 12:45:32 | 000,691,200 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2013/10/23 15:07:26 | 020,625,832 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/06/14 18:49:12 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2013/06/14 18:49:12 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2013/06/14 18:49:12 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2013/05/28 14:35:44 | 000,408,064 | ---- | M] () -- C:\Program Files (x86)\RegZooka\RegZookaScheduler.exe
MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV:64bit: - [2013/10/18 17:46:52 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2013/08/30 17:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/28 17:40:10 | 000,230,416 | ---- | M] (Nitro PDF Software) [Disabled | Stopped] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/10/04 16:29:24 | 001,976,696 | ---- | M] (Raxco Software, Inc.) [Disabled | Stopped] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)
SRV:64bit: - [2012/10/04 16:29:02 | 003,367,288 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2012/05/30 12:11:34 | 000,149,544 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2011/09/23 09:31:40 | 000,073,728 | ---- | M] (UC-Logic Technology Corp.) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2010/09/21 12:33:10 | 005,788,016 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/09/21 12:33:10 | 000,484,720 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (HPSLPSVC)
SRV - [2013/11/16 11:52:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/15 21:34:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/10 03:20:01 | 000,143,856 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Zone\Engine\1.0.15.13\NZ.exe -- (NZ)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/25 12:07:00 | 000,878,368 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013/10/08 07:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/09/09 17:05:56 | 001,164,328 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/30 18:26:24 | 000,240,288 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.EXE -- (BBUpdate)
SRV - [2013/08/30 18:26:24 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.EXE -- (BBSvc)
SRV - [2013/08/14 10:10:26 | 003,291,008 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/07/30 16:41:32 | 000,346,696 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2013/06/20 10:29:38 | 000,173,192 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO)
SRV - [2013/05/16 16:45:24 | 002,119,680 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\True Sword 5\TrueSwordSchedule.exe -- (TrueSwordSchedulerService)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/25 15:54:10 | 000,335,168 | ---- | M] (IObit) [On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2013/03/07 16:10:50 | 000,016,000 | ---- | M] (Seagate Technology LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe -- (Seagate Dashboard Services)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/12/04 20:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe -- (MCLIENT)
SRV - [2011/12/02 19:52:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/05 19:12:44 | 000,296,808 | ---- | M] (Nuance Communications, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2011/05/24 09:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011/04/26 12:54:12 | 002,702,848 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011/02/24 16:38:18 | 001,987,584 | ---- | M] (Security Stronghold) [Auto | Stopped] -- C:\Program Files (x86)\Active Shield 5\ActiveShieldService.exe -- (ServiceAS)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/07/29 13:12:40 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/07/29 13:12:38 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 04:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/11/17 17:18:20 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/23 11:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Disabled | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,590,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NZx64\01000F0.00D\ccSetx64.sys -- (ccSet_NZ)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/25 11:53:27 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/08/30 19:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/30 17:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/08/05 14:32:01 | 000,078,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2013/07/31 22:19:50 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symds64.sys -- (SymDS)
DRV:64bit: - [2013/07/30 23:13:30 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/07/30 22:44:44 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/05 03:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/04/15 21:41:14 | 000,169,048 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD04000.00A\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/10/03 12:19:14 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MCLIENTx64\0302020.00C\ccsetx64.sys -- (ccSet_MCLIENT)
DRV:64bit: - [2012/09/12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/09/11 14:24:32 | 000,126,232 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2012/08/23 16:57:16 | 000,083,224 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFSFilter)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/05/30 12:10:50 | 000,016,168 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2012/04/17 07:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/03 23:59:38 | 000,057,648 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd2.sys -- (FSProFilter2)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/02 17:17:20 | 000,013,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/15 09:13:46 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/09/15 09:03:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/09/15 09:02:58 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/08/10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2010/08/10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2010/01/27 20:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 13:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 13:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/06/18 06:42:36 | 000,022,696 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2009/06/18 06:42:18 | 000,027,304 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2009/06/18 06:42:00 | 000,017,064 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2009/06/18 06:41:48 | 000,027,304 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 18:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 18:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/30 18:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/04/30 17:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2009/04/30 17:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2008/07/26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/08/14 09:36:58 | 000,035,328 | ---- | M] (Belkin Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcgame.sys -- (bcgame)
DRV:64bit: - [1999/12/31 19:00:00 | 000,553,576 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [1999/12/31 19:00:00 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [1999/12/31 19:00:00 | 000,160,264 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [1999/12/31 19:00:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV - [2013/11/25 13:12:34 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131126.016\ex64.sys -- (NAVEX15)
DRV - [2013/11/25 13:12:34 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\VirusDefs\20131126.016\eng64.sys -- (NAVENG)
DRV - [2013/11/20 22:08:41 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/20 22:08:41 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/28 12:56:07 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\IPSDefs\20131126.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 18:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.0.2.1\Definitions\BASHDefs\20131114.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/26 18:34:08 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013/03/26 18:33:52 | 000,034,336 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013/03/23 14:48:46 | 000,023,048 | ---- | M] (IObit) [File_System | Disabled | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2010/08/30 13:42:50 | 000,020,480 | ---- | M] (Security Stronghold) [Kernel | Auto | Stopped] -- C:\Program Files (x86)\Active Shield 5\ActiveShield.sys -- (DriverAS)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{554D23B7-A561-8FD7-EB4F-2500C9BEC5FB}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7IRFC_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{8293C2B2-E7B8-44BE-82D1-DCEF01778D8C}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.whsv.com/"
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.6.1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files (x86)\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Users\gurpsgm\Music\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@coreonline.com/run3d,version=1.0: C:\Users\gurpsgm\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\gurpsgm\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\gurpsgm\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\gurpsgm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\coFFPlgn\ [2013/11/27 11:02:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\IPSFF [2013/10/09 12:10:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/18 23:19:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/09/26 15:18:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.1.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.22.1\extensions\\Components: C:\Program Files (x86)\SeaMonkey\components [2013/11/22 16:59:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.22.1\extensions\\Plugins: C:\Program Files (x86)\SeaMonkey\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/11/18 23:19:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/18 23:19:53 | 000,000,000 | ---D | M]
 
[2010/10/30 12:59:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\Extensions
[2013/08/26 08:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/11/24 17:12:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\Firefox\Profiles\8ckfqq5x.default-1384954388521\extensions
[2013/10/31 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ohx54ffw.default\extensions
[2013/10/31 12:47:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\gurpsgm\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ohx54ffw.default\extensions\staged
[2013/11/18 23:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/18 23:19:53 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 23:19:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/18 23:19:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/18 23:20:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/27 11:02:58 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.2.1\COFFPLGN
[2013/06/22 10:55:37 | 000,119,808 | ---- | M] (Google) -- C:\Program Files (x86)\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2013/09/26 13:00:39 | 000,208,760 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2013/05/26 10:35:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2013/05/26 10:35:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2013/05/26 10:35:45 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2013/05/26 10:35:46 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2013/05/26 10:35:47 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2010/09/01 14:52:56 | 000,035,136 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll
[2013/06/22 10:55:38 | 000,002,020 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\googledesktop.xml
[2011/09/04 20:12:37 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=293224&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage:
CHR - Extension: Beautiful landscape = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\ambfimhigppdidfmelpjmojccbfdoeig\1_0\
CHR - Extension: Google Docs = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Shortcuts for Google = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd\3.2.0_0\
CHR - Extension: YouTube = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Spotify - Music for every moment = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh\0.2.3_0\
CHR - Extension: Google Search = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Facebook for Chrome = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp\6.3.1_0\
CHR - Extension: StumbleUpon = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\5.9.19.1_0\
CHR - Extension: eBay Extension for Google Chrome = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.9_0\
CHR - Extension: Wikipedia = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpofdaeejlpkojmbchffjakgmkfigjba\1.0_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: No name found = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\
CHR - Extension: Google Wallet = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Lyrics for Google Chrome = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglbipcbkmlknhfhabolnniekmlhfoek\2.5.4_0\
CHR - Extension: Gmail = C:\Users\gurpsgm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 

Link to post
Share on other sites