Jump to content

iSafe Redirect Virus


Recommended Posts

OTL.txt info

 

 

OTL logfile created on: 11/13/2014 11:09:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nate\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17420)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 52.58% Memory free
7.50 Gb Paging File | 4.50 Gb Available in Paging File | 60.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 390.53 Gb Total Space | 185.14 Gb Free Space | 47.41% Space Free | Partition Type: NTFS
Drive E: | 151.03 Gb Total Space | 42.83 Gb Free Space | 28.36% Space Free | Partition Type: NTFS
Drive M: | 156.98 Gb Total Space | 153.57 Gb Free Space | 97.83% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-AMD | User Name: Nate | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/13 23:09:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nate\Downloads\OTL.exe
PRC - [2014/10/21 23:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/08/01 06:13:26 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2014/08/01 06:12:36 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2014/07/28 15:25:46 | 001,723,760 | ---- | M] (NDS Technologies) -- C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
PRC - [2014/07/28 15:25:38 | 001,523,560 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
PRC - [2014/04/17 20:07:28 | 004,672,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/07/25 17:11:38 | 000,443,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
PRC - [2013/07/25 17:11:36 | 001,102,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
PRC - [2010/01/22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/01/22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/01/22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/01/22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/04/01 23:27:28 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009/03/16 00:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 00:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 00:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
PRC - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/10/21 23:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/21 23:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/21 23:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/21 23:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/08/01 06:12:38 | 019,329,904 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
MOD - [2014/08/01 06:12:36 | 000,301,152 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MOD - [2014/07/28 15:27:28 | 000,091,976 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\z.dll
MOD - [2014/07/28 15:27:14 | 000,338,784 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\ndsLogStore.dll
MOD - [2014/07/28 15:27:10 | 001,403,224 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libxml2-2.dll
MOD - [2014/07/28 15:26:54 | 000,043,880 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
MOD - [2014/07/28 15:26:50 | 000,689,000 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
MOD - [2014/07/28 15:26:46 | 000,060,272 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
MOD - [2014/07/28 15:26:30 | 000,205,672 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
MOD - [2014/07/28 15:26:08 | 007,742,304 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\gsttspplugin.dll
MOD - [2014/07/28 15:25:42 | 005,979,488 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServer.dll
MOD - [2014/07/28 15:25:38 | 001,523,560 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
MOD - [2014/07/28 15:25:32 | 003,261,280 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\DrmSingleton.dll
MOD - [2014/07/28 15:25:26 | 002,229,096 | ---- | M] () -- C:\Users\Nate\AppData\Local\DIRECTV Player\DiscoveryManager.dll
MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2013/07/10 17:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/05 22:30:08 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/01 06:12:36 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/11/16 15:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/16 14:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:10 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\iprip.dll -- (iprip)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2014/11/11 22:51:13 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 04:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [On_Demand | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/25 17:11:38 | 000,443,416 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe -- (RUBotSrv)
SRV - [2013/02/28 20:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2012/04/20 20:19:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/01/22 20:57:08 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/01/22 20:56:44 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/01/22 20:56:28 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/01/22 20:00:48 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 13:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/07/17 15:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/04/22 12:01:30 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/04/01 23:27:28 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009/03/16 00:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2008/02/29 01:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2006/12/19 08:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/08/01 06:13:22 | 000,427,360 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/08/01 06:12:41 | 000,092,008 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/08/01 06:12:40 | 001,041,168 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/08/01 06:12:40 | 000,224,896 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/08/01 06:12:40 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/08/01 06:12:40 | 000,079,184 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/08/01 06:12:40 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/08/01 06:12:40 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/11/16 16:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 16:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 14:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/05 14:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:49:51 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/05/20 14:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/05/10 09:44:46 | 000,028,984 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\DVDSYS64_100507.sys -- (MSI_DVD_010507)
DRV:64bit: - [2010/05/10 09:44:40 | 000,033,592 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\msibios64_100507.sys -- (MSI_MSIBIOS_010507)
DRV:64bit: - [2010/05/10 09:44:18 | 000,014,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\MSIWDev\VGASYS64_100507.sys -- (MSI_VGASYS_010507)
DRV:64bit: - [2010/04/27 21:02:24 | 000,783,360 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WN111v2w7x.sys -- (WN111v2)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/22 20:58:24 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010/01/22 20:58:22 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/01/22 20:58:20 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/01/22 20:58:16 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/01/22 20:58:16 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/01/22 20:00:44 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/01/22 16:12:58 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/01/22 16:12:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009/07/15 22:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 22:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/10/23 21:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2008/10/23 21:55:28 | 000,043,008 | R--- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2008/10/01 16:44:06 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007/12/10 21:49:54 | 000,026,624 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2007/12/02 21:20:54 | 000,024,064 | R--- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2006/11/28 21:46:20 | 000,043,328 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCAMp50a64.sys -- (PCAMp50a64)
DRV:64bit: - [2006/11/28 21:46:20 | 000,041,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PCASp50a64.sys -- (PCASp50a64)
DRV:64bit: - [2006/10/16 09:35:50 | 000,867,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\phc700.sys -- (phc700)
DRV - [2010/01/28 16:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 16:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/12 13:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF B1 0C F5 10 C2 CA 01  [binary data]
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes,DefaultScope = {17E5E1D0-E848-46A0-8664-EAD13704F731}
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes\{17E5E1D0-E848-46A0-8664-EAD13704F731}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\SearchScopes\{E5EC57EE-7BEB-4CB1-ADD5-7CB74D18E48E}: "URL" = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;
 
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF B1 0C F5 10 C2 CA 01  [binary data]
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes\{17E5E1D0-E848-46A0-8664-EAD13704F731}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;
 
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E3 2A 38 A1 D0 78 CD 01  [binary data]
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NNVC_enUS496
IE - HKU\S-1-5-21-549523805-167737923-3235466408-1020\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1456
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:15.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1426
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: links@rivalgaming.com:1.0.0
FF - prefs.js..browser.search.defaultengine: "Microsoft (Bing)"
FF - prefs.js..browser.search.defaultthis.engineName: "Microsoft (Bing)"
FF - prefs.js..keyword.URL: "http://www.bing.com/search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nate\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Nate\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Nate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin64: C:\Users\Nate\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (DIRECTV)
FF - HKCU\Software\MozillaPlugins\NDS.com/PlayerPlugin: C:\Users\Nate\AppData\Local\DIRECTV Player\npPlayerPlugin.dll (DIRECTV)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2014/08/01 06:12:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\Nate\AppData\Local\Mozilla Firefox\components [2014/04/23 19:26:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\Nate\AppData\Local\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/08/29 01:35:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/10/10 12:35:28 | 000,000,000 | ---D | M]
 
[2010/03/15 21:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Extensions
[2014/10/18 12:27:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\extensions
[2010/04/27 10:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 23:00:31 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\extensions\firefox@tvunetworks.com
[2014/08/02 12:25:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\kinvk3dd.default\extensions
[2014/08/03 03:12:59 | 000,005,830 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\searchplugins\bing-avast.xml
[2010/10/28 07:37:30 | 000,001,832 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\searchplugins\bing.xml
[2014/08/31 12:51:05 | 000,000,609 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Mozilla\Firefox\Profiles\k7og3s3k.default\searchplugins\Google.xml
[2012/03/14 13:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/13 22:55:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/09 12:50:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/12 13:07:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/22 00:08:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/04/11 19:35:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/22 12:09:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/02/23 15:27:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2014/08/01 06:12:43 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2012/02/23 15:27:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilnddakjdkpofoablibghfikpeknhbia\1.5_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Nate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/11/03 18:17:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-549523805-167737923-3235466408-1020\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Akamai NetSession Interface] C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Facebook Update] "C:\Users\Nate\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Google Update] "C:\Users\Nate\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 File not found
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1001..\Run: [Akamai NetSession Interface] C:\Users\Nate\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1001..\Run: [PCShowServer] C:\Users\Nate\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe (NDS Technologies)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1020..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1020..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-549523805-167737923-3235466408-1020..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - Startup: C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-549523805-167737923-3235466408-1020\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: com ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A4B01F0-FD66-4CAB-94EA-6057AB9DC64E}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B78FDB-3395-4DF5-9A17-FDDDF67F6B09}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49B78FDB-3395-4DF5-9A17-FDDDF67F6B09}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5FCB0C-F7C9-4603-B465-F79427CE7ED6}: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{835D3CF6-13C7-45CB-96CC-0D76846F6FAD}: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{835D3CF6-13C7-45CB-96CC-0D76846F6FAD}: NameServer = 208.69.150.250,208.69.150.252
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8C944E4-F889-46A2-B738-A628A8C87211}: NameServer = 208.69.150.250,208.69.150.252
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/11 22:48:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/11/09 22:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/11/03 18:20:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/11/03 18:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/11/03 18:02:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/11/03 18:02:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/11/03 18:01:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/11/01 11:46:53 | 000,000,000 | ---D | C] -- C:\FRST
[2014/10/26 23:02:33 | 000,000,000 | ---D | C] -- C:\Users\Nate\Desktop\The Kids Files
[2014/10/25 10:43:17 | 001,706,144 | ---- | C] (Thisisu) -- C:\Users\Nate\Desktop\JRT_NEW.exe
[2014/10/18 13:56:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/10/18 13:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/10/18 12:16:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/10/18 11:55:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/10/18 11:54:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Trend Micro
[2014/10/18 02:15:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2014/10/17 19:29:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2014/10/17 19:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2014/10/17 19:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
[2014/10/17 19:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/10/17 19:08:45 | 000,175,528 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysNative\drivers\tmcomm.sys
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/13 23:11:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/13 22:50:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/13 22:48:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020UA.job
[2014/11/13 14:48:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-549523805-167737923-3235466408-1020Core.job
[2014/11/13 10:08:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Angela.job
[2014/11/13 09:11:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/13 09:08:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Angela.job
[2014/11/13 02:24:21 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/13 02:13:49 | 001,399,020 | ---- | M] () -- C:\Users\Nate\Desktop\Label-315770431 (1).pdf
[2014/11/12 02:43:50 | 000,026,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/12 02:43:50 | 000,026,336 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/11 23:07:52 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2014/11/11 23:04:47 | 000,804,158 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/11 23:04:47 | 000,676,794 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/11 23:04:47 | 000,128,386 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/11 22:59:46 | 000,001,912 | ---- | M] () -- C:\Users\Nate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600.lnk
[2014/11/11 22:59:31 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Angela.job
[2014/11/11 22:57:44 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/11/11 22:57:33 | 005,028,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/11 22:57:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/11 22:56:22 | 3019,247,616 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/03 18:17:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/10/28 08:13:25 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/28 00:37:49 | 000,817,100 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/10/25 12:04:21 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/10/21 13:25:16 | 001,706,144 | ---- | M] (Thisisu) -- C:\Users\Nate\Desktop\JRT_NEW.exe
[2014/10/17 19:25:35 | 000,134,437 | ---- | M] () -- C:\Users\Nate\AppData\Local\census.cache
[2014/10/17 19:25:25 | 000,202,855 | ---- | M] () -- C:\Users\Nate\AppData\Local\ars.cache
[2014/10/17 19:16:45 | 000,000,010 | ---- | M] () -- C:\Users\Nate\AppData\Local\sponge.last.runtime.cache
[2014/10/17 19:08:16 | 000,000,036 | ---- | M] () -- C:\Users\Nate\AppData\Local\housecall.guid.cache
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/13 02:13:49 | 001,399,020 | ---- | C] () -- C:\Users\Nate\Desktop\Label-315770431 (1).pdf
[2014/11/03 18:02:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/11/03 18:02:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/11/03 18:02:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/11/03 18:02:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/11/03 18:02:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/10/17 19:25:35 | 000,134,437 | ---- | C] () -- C:\Users\Nate\AppData\Local\census.cache
[2014/10/17 19:25:25 | 000,202,855 | ---- | C] () -- C:\Users\Nate\AppData\Local\ars.cache
[2014/10/17 19:16:45 | 000,000,010 | ---- | C] () -- C:\Users\Nate\AppData\Local\sponge.last.runtime.cache
[2014/10/17 19:08:16 | 000,000,036 | ---- | C] () -- C:\Users\Nate\AppData\Local\housecall.guid.cache
[2014/08/30 10:35:02 | 000,010,797 | ---- | C] () -- C:\Users\Nate\10006249_259757174198444_1442326992_n.jpg
[2014/08/03 20:39:56 | 000,000,002 | ---- | C] () -- C:\Windows\msoffice.ini
[2013/11/14 18:37:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/09/30 23:07:02 | 000,000,600 | ---- | C] () -- C:\Users\Nate\AppData\Local\PUTTY.RND
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/11/16 15:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/16 15:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011/10/18 17:39:44 | 000,000,128 | ---- | C] () -- C:\Users\Nate\AppData\Roaming\default.pls
[2011/01/03 18:26:43 | 000,000,092 | ---- | C] () -- C:\Users\Nate\AppData\Local\fusioncache.dat
[2010/11/15 14:44:01 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2010/05/14 11:17:39 | 000,007,606 | ---- | C] () -- C:\Users\Nate\AppData\Local\Resmon.ResmonCfg
[2010/04/15 13:24:26 | 000,001,472 | ---- | C] () -- C:\Users\Nate\.recently-used.xbel
[2010/03/16 21:51:23 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/03/12 14:43:45 | 000,001,024 | ---- | C] () -- C:\Users\Nate\.rnd
[2010/02/04 18:23:15 | 000,001,024 | ---- | C] () -- C:\Users\Nate\ (1).rnd
[2009/08/23 17:53:51 | 000,000,176 | ---- | C] () -- C:\Users\Nate\.packettracer
[2009/02/01 02:04:49 | 029,873,247 | ---- | C] () -- C:\Users\Nate\mob.zip
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/21 01:14:27 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVAST Software
[2013/11/25 12:46:41 | 000,000,000 | ---D | M] -- C:\Users\Angela\AppData\Roaming\AVAST Software
[2010/03/14 00:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\acccore
[2013/11/25 02:46:43 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\AVAST Software
[2010/08/25 00:41:50 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/08/18 02:57:32 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\CupidChat
[2010/05/25 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Facebook
[2014/02/11 02:39:57 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\FileZilla
[2013/10/30 16:28:59 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Free-backup.info
[2010/04/15 13:24:26 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\gtk-2.0
[2010/07/01 13:54:53 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\ImgBurn
[2014/07/27 19:38:43 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Opera
[2012/04/27 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\qBittorrent
[2014/10/24 17:31:28 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\SanDisk
[2012/05/11 16:20:16 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\WeatherBug
[2010/12/18 21:48:04 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 741 bytes -> C:\Users\Nate\Documents\Hi, It's me again.eml:OECustomProperty
@Alternate Data Stream - 304 bytes -> C:\Users\Nate\Desktop\usmcguideon.jpg:Updt_SummaryInformation
@Alternate Data Stream - 304 bytes -> C:\Users\Nate\Desktop\clonewarsconf.png:Updt_SummaryInformation
@Alternate Data Stream - 1001 bytes -> C:\Users\Nate\Documents\Do whatever ya want, if it eases your soul.eml:OECustomProperty
 
< End of report >
Link to post
Share on other sites

OTL Extras logfile created on: 11/13/2014 11:09:21 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Nate\Downloads

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17420)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.75 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 52.58% Memory free

7.50 Gb Paging File | 4.50 Gb Available in Paging File | 60.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 390.53 Gb Total Space | 185.14 Gb Free Space | 47.41% Space Free | Partition Type: NTFS

Drive E: | 151.03 Gb Total Space | 42.83 Gb Free Space | 28.36% Space Free | Partition Type: NTFS

Drive M: | 156.98 Gb Total Space | 153.57 Gb Free Space | 97.83% Space Free | Partition Type: NTFS

 

Computer Name: ADMIN-AMD | User Name: Nate | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0215FFB4-7D18-4933-B9B1-B3769EC6D15E}" = lport=137 | protocol=17 | dir=in | app=system | 

"{02D111E1-4295-4E47-98E7-95D951868793}" = rport=138 | protocol=17 | dir=out | app=system | 

"{0451EB7F-EFFA-4E4C-8031-D775DD327E1A}" = rport=137 | protocol=17 | dir=out | app=system | 

"{053B5B1D-D2CB-413B-92A2-9F321A366BF2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{0A34065A-1088-406B-B0EE-91AB77087461}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{0D7DBE49-CF2E-4E9A-BE4D-20E85104FF07}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{0F56DF5B-631F-4945-A9E9-D3A19E8A4171}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{1EBE9B73-0C2B-49F2-A8CC-4731A12E6805}" = rport=445 | protocol=6 | dir=out | app=system | 

"{2891EF0E-B714-44F7-9FF0-50F35E37DD5E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 

"{2CD0B752-B1F3-44DB-9822-1DAACB9E3566}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{33F267FC-0B19-40B9-BC5B-D146A318B29C}" = rport=139 | protocol=6 | dir=out | app=system | 

"{3482B119-4E1D-4C41-B54D-71BFE424EE0C}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface | 

"{4B6068AF-1148-4589-80A0-1872BB349C2A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{501F4265-B5B0-46D1-BEAB-0EC074436A11}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5239B96C-3BB3-4899-9CC8-2ED80DB4EA86}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 

"{5B166A88-DCF1-4B78-8FF6-968A53EC8487}" = lport=138 | protocol=17 | dir=in | app=system | 

"{65AAD040-12E7-4222-9832-29C807BAED88}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{6FA65EE8-43F0-4FAF-B855-3BCF7AC136FF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{72266655-BA55-4790-83B8-1FC96F404B27}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

"{73D3A677-0100-4221-9668-3AF52E1403B1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{73D8AC28-4585-48D5-A3F0-AB0B80EF9305}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{766DF524-D750-4746-B23A-8D39A68F0597}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{7C806AA2-C93E-4716-8BF4-0957CACF1CB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{7EBED219-EDEC-44D6-B515-41E7B9E3651A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{8405A096-18E4-4663-B50C-34E64BB38A3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{8C7185F0-342C-4A3C-B6E9-FE940D0358EE}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{A7DFF022-8B82-446F-A336-3308EF8221B7}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{AAF06957-5B4D-427A-A882-2BC7B04E8617}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{B3AF3925-E585-4A33-BB3C-8BA3F61F4E51}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{C932FAD0-54C1-40D0-B477-A0D2589DA88D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{D08D828E-CFC0-4028-8602-06E39A5B7ECB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{D1ADE2FF-9A66-469E-89A6-CC7AF9F5E3E6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{DA844372-B656-43D2-A530-6DBFF6D0C491}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E26BCCE4-D58D-44C8-A586-9064D1517CA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{E52AE16B-D43A-48A0-82D4-4C07AB05C4CD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{E562C187-7328-4945-90F4-CC119ECE3CAC}" = lport=445 | protocol=6 | dir=in | app=system | 

"{E67D54C9-CF99-4A72-B0D2-5EC955C4E7C9}" = lport=139 | protocol=6 | dir=in | app=system | 

"{EDF3B42E-6CC3-4EA7-B154-E3F44F8CF734}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{EECD8618-C422-4425-ACD9-04769C065352}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01CCAEA2-52D1-4F1B-B634-4FCCAA0E48DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{03B0DC86-2F48-4C04-BD35-59745957D6F1}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicatorcom.exe | 

"{065E4F7C-182E-4354-BE75-C76DFA5DA826}" = protocol=6 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | 

"{0E707256-77A5-4092-B4BD-AA141A077FEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{0FE905C3-51F2-4D8C-89C9-A652DD084A19}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{118443DB-3599-4BE0-AF2D-7A2B13ACD4A4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{13A947B2-A3C8-4AAF-AC29-EAEB9CC02B11}" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\akamai\netsession_win.exe | 

"{1A6A9692-D0F9-437A-85A9-1D642C98D217}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{1A7E3DC8-A9EA-400E-82FE-599DAB1D073E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{1F0CEED8-FE84-4F9D-98A6-CFD97C9349F7}" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | 

"{23824044-0010-4EE6-949E-B6F3245B4FD4}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe | 

"{25015370-A80B-46A5-A9EB-4756295F91B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 

"{2C56F56A-3C1D-4F6F-A5A7-1FABE98C0A80}" = protocol=6 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | 

"{2D45BA54-2C77-4C57-BF90-49B77EC1BF63}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 

"{2EB76295-BDB0-4F0F-A066-4EB949C06AE3}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{311D4654-32A5-4817-BFA6-079DFECDC85B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 

"{31B94348-B94F-429E-9DEA-6CE5CA95CB11}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 

"{3407390C-4580-4A53-B051-D8D8DBD00BA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{362AB26A-5A18-4E85-8722-63E4D764355A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 

"{37FB121C-A170-423F-9C6A-AF2E63333D09}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 

"{3C9706D3-D16C-409B-BC6A-E698A42567DE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{3FBCFD67-5EA5-4A23-B050-EF079B66B691}" = protocol=6 | dir=out | app=system | 

"{41B713A0-4185-4E4D-B565-B481781BD8E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 

"{46C0382B-3872-4853-BF50-C8731AE246BB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{47B1FE8D-123C-4541-B0C0-6EEAE4352DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | 

"{47D9EA41-2C8D-4CB4-9899-239D1DDFA2AF}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 

"{4A48E48E-ECE9-4683-9F3E-3DE8E3731D82}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{5440458E-BD70-4DF5-BABB-397D1CF5F57A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{54B2EA6A-8FD1-4E3B-AE21-6E819C9271CA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 

"{54F8A697-3249-449B-8DE4-3373E0EFBA32}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\faxapplications.exe | 

"{5543C80A-5D39-46C6-85E3-AB15BBCC9735}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | 

"{55BD44A1-6E95-4435-8BAE-5E83C018D9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\acrobat.com\acrobat.com.exe | 

"{5778797D-255F-4BA7-9F02-27CC1BA3F789}" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | 

"{580E2D73-339A-4EAD-A9E9-36A04D1E9BE2}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | 

"{5911988C-221B-4986-8751-6B58049A3DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{5B36989D-1857-40D2-AD6A-F2404B8B389B}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 

"{5BDA3314-9F15-4B9C-93D7-C9CDD456960D}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{5D0454F4-BAB1-46E3-ADC2-9CDE71A004D6}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | 

"{5D848B69-BF94-46EF-A545-060ADF2BD97B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{64E1D659-54E6-46A2-AAAE-B1707774B127}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 

"{66CAD457-48EA-42A7-8A12-B009788F66C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{6BC6A7A2-21C2-42FE-BEDB-2DA675F8E854}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | 

"{6E095105-9208-46B8-80C4-D7EE786764E4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | 

"{6EEA8F0C-8A6E-49BC-A5EC-FBFE2F3BF9F5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | 

"{74776EFD-B0FA-49A0-BDD0-A1760070E23F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{755587BE-B55F-4AF5-8C19-B9FA6BD9C8EB}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\digitalwizards.exe | 

"{78AA970B-14CB-443A-B7D7-7722C0123296}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{7A35AFBB-5B0F-461F-9832-ABCA54100A66}" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | 

"{810AA327-D469-495C-A834-438D77E15CC3}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 

"{81F7543D-A7AD-4576-8549-D155E090BC4D}" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\temp\~os90cc.tmp\rlvknlg.exe | 

"{889336A1-E0B5-4BFF-BDE6-5E979ADCBA84}" = protocol=17 | dir=in | app=d:\setup.exe | 

"{8987989E-3B58-4227-89C5-B85B3A7C9C4F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{8BFE8D59-85D1-41A4-9A1F-09C8B7DA140A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{90CD36DA-BFE9-48EA-9D27-B1B01A6C97D8}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe | 

"{971F24BC-B58E-4761-AC14-B214F4A19938}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{97420AC1-6DD7-4DDA-915C-2254A110A12A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{98F3A00D-4D9C-4542-86A6-5A78620119C5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{98F688E9-B0ED-4FFC-85BA-A245285249E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{9B85BD74-E290-4215-9809-DEC97ADC25CB}" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | 

"{9B8EBD9B-25BF-4FAA-AA8B-00FE47D58F1B}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\sendafax.exe | 

"{9F278B08-4E59-465B-A1AD-8E4F97499E5B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{A55F1398-55EA-43D0-AE80-DF1C803A0533}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aolacsd.exe | 

"{A611AA9A-2CAC-46C3-A8F0-3ADA5E3773EB}" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\acrobat.com\acrobat.com.exe | 

"{A6FD3170-B316-4041-8E00-5160260EAF09}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 

"{A824B23A-93C5-4F98-AA1C-B058930E2622}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe | 

"{ACE3DB4C-496B-4443-AF58-5003BCC5C4AD}" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | 

"{B3B27D4F-7B85-4750-8B87-F91034BEB0FE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 

"{B7C4863F-1FF8-4F4A-AB8A-2D5433594819}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\loader\aolload.exe | 

"{BB08271B-0383-47C1-96AB-922178AE2361}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe | 

"{BDAE532F-D715-4CD4-82AD-02BDE3B8B9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\system information\sinf.exe | 

"{BE57797E-EDEC-4B74-8C9A-80303C0605E3}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\acs\aoldial.exe | 

"{BE88BA69-6E50-43BF-B495-2E5FC0CE9BD5}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{C614A42A-4CBC-4DAE-B593-3D9F275EB094}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe | 

"{C679407A-B035-40FD-A7F0-C45312BA35E0}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 

"{C7502F82-EFCD-4AE1-A1AC-3AE41339D890}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\1268542844\ee\aolsoftware.exe | 

"{C7B9DD27-AC5D-4899-AA4A-78872E5C1E41}" = protocol=17 | dir=in | app=c:\program files (x86)\aol 9.5\waol.exe | 

"{C907A254-2F3C-41F5-9F8C-8D5A227CB6A9}" = protocol=6 | dir=in | app=d:\setup.exe | 

"{CA2C6C2B-D0CB-449F-AE4B-8E51E92F9EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 

"{CD11067C-CC7C-40D4-95A2-4218B80DD07A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\topspeed\3.0\aoltpsd3.exe | 

"{CF6321EA-7945-4557-B125-6F6AA138267C}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"{CF6B01F3-8335-426D-8D45-8C970E00344F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{D0A32F5A-1A68-4BF8-AEFD-2C115FD70EB8}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 

"{D2212F9C-D290-4B3D-B6F7-BC830D2E718F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\aol\1268542844\ee\aolsoftware.exe | 

"{D3D6F0A9-7130-4538-A511-4E1D83E55DC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{D3EAB5F6-C33C-485B-9F74-D6B12A7CF122}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D525CE45-4C3C-4F95-9E75-7E0A350EE674}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{DA587FFA-A0EB-4F9A-9211-FA178888993B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbfpswx.exe | 

"{DE0E1981-A816-4C3D-8B30-720D4F13EE7E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | 

"{E0541C19-03A4-423C-BE37-C2B259B64C03}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{E178B6E2-ABC3-4F83-800A-A85B0B1CC127}" = protocol=17 | dir=in | app=c:\users\nate\appdata\local\akamai\netsession_win.exe | 

"{E711DC1E-91C0-472E-9A52-1C2FE37D6634}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 

"{E848458D-52AD-4873-A34F-8A59DB5C507D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E8DF5435-BBA0-45F5-8701-074192E3DF7A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | 

"{ECC26D29-4FBA-4F87-A66E-7545A01E08A1}" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | 

"{EE7AFCAE-40E4-49B1-BBDF-0BC73E6AC040}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 

"{EED409C0-E7AB-4D4B-8E61-158A51A0E5BD}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbfcoms.exe | 

"{F062ED1D-F78D-4DF6-B9AE-7623377DFA7F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{F1D96548-6CFC-4C90-918D-37A1387DFB0B}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe | 

"{F237F273-2DC2-4CAE-ADA8-FE4DAD1EAB0A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{F6EBE7FD-FA5E-45D2-A5F3-AA8665611B07}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"{FB130A62-C17C-429B-8418-984FF0734685}" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | 

"{FB66CBE8-C26E-4C1A-9E33-8A63ACAF44BC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 

"TCP Query User{049303CA-6704-4C8E-8672-998EFC821332}C:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | 

"TCP Query User{3468D7B8-C100-41E2-B360-ABEEDBE790F6}C:\program files (x86)\qbittorrent\qbittorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | 

"TCP Query User{36B5C5F7-9AD7-43DC-9381-7AC9C60A7A69}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"TCP Query User{4B164C9D-3900-4F68-87F2-A036FCD74BA3}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 

"TCP Query User{6017DFFB-860A-4511-8A21-A7D2C0188FF9}C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | 

"TCP Query User{6869B386-56E4-4FD6-9A89-518267DF859D}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"TCP Query User{A1B23107-C584-4466-A7CC-B7BC4B850585}C:\program files (x86)\nero\nero8\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | 

"TCP Query User{EA45B4E4-8F3A-4ABF-AE47-5BE86C16A337}C:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe" = protocol=6 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | 

"TCP Query User{FCBDBF04-42B3-4618-8998-46F184195649}D:\setup.exe" = protocol=6 | dir=in | app=d:\setup.exe | 

"UDP Query User{066C982D-1F0C-453F-992E-9DE536FE7F66}C:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webcanvas 2006\bin\webcanvas.exe | 

"UDP Query User{17554A1A-6CC6-442D-AAC4-8D1BE0D6F6D9}C:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe" = protocol=17 | dir=in | app=c:\program files (x86)\namo\webeditor 2006\bin\webeditor.exe | 

"UDP Query User{1B41E439-04B9-41CA-89FE-A477F01AB5B7}C:\program files (x86)\qbittorrent\qbittorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qbittorrent\qbittorrent.exe | 

"UDP Query User{26907F1C-4538-4EF4-8AE6-2BA94E95470C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 

"UDP Query User{726E0C42-2D7B-4787-B56F-BC8A8643B5C5}D:\setup.exe" = protocol=17 | dir=in | app=d:\setup.exe | 

"UDP Query User{736AA735-5E93-410C-AC4D-4D2B5F91FE7C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 

"UDP Query User{78B44464-1F84-4FE3-AF62-F42BD0BA33D2}C:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero mediahome\nmmediaserver.exe | 

"UDP Query User{91F00020-EE33-4749-97A7-7EA28BB5CDC2}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 

"UDP Query User{B507D855-93A1-4E93-8797-5CA0F748F79A}C:\program files (x86)\nero\nero8\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero8\nero home\nerohome.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1F6306D6-FB66-10D2-D474-5ADE4D57EE6B}" = AMD Fuel

"{1F85668C-CEB7-7A2E-356C-C42F950A982C}" = AMD Accelerated Video Transcoding

"{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}" = Microsoft Mouse and Keyboard Center

"{4161341F-AE84-E404-4291-4E0322CCE809}" = AMD Media Foundation Decoders

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{7FD0FD0D-AC40-A3BF-F2D4-54EFEDB0008F}" = AMD Drag and Drop Transcoding

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{AB58402A-43DE-551C-2B40-DD1CF0E21240}" = ccc-utility64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B407F586-D027-45C3-9109-CC2943E839FA}" = HP Officejet 6600 Basic Device Software

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager

"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{095EEF8C-F689-6A5A-0367-15DE9404F5EB}" = Application Profiles

"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0C432DEB-FBF2-A5E0-FDB7-4B39F7FAF0D4}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai

"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center

"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet

"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = WN111v2

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish

"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{3356EDC7-9373-4D5D-852D-9AB7DBB5A7FC}" = GPU NOS

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish

"{38D95956-E92C-4473-904B-CD877EA04410}" = Philips SPC210NC Webcam

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10

"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese

"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10

"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech

"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11

"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1" = Trend Micro RUBotted 2.0 Beta

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German

"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish

"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility

"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2

"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{7BBAEC47-1CC0-4CB8-ADB4-531B78DBD1DD}" = Adobe AIR

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 

"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer

"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002A-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0116-0409-1000-0000000FF1CE}_ULTIMATER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007

"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard

"{980A3C34-1652-472D-84AC-2A4D3D4955BF}" = Namo WebEditor 2006

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C5B9ED6-0344-4550-A4AB-C4499EB36053}" = SPC 700NC PC Camera

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy

"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player

"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7B5CF5F-6BB3-4616-950E-0CF3C9A023AD}" = Namo WebUtilities 2006

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9DE7D74-A4D9-465A-9EE1-49D1577983AA}" = Namo WebCanvas 2006

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)

"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2

"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish

"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation

"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0

"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese

"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key

"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer

"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common

"{C9FFC925-E27E-436E-A2DF-652324D51033}" = Nero 8 Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{ced7d84f-76e6-4ae6-8de8-4501b4755bd7}" = DIRECTV Player

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English

"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0

"{EA57A1B9-0DD2-44DD-9B70-64E8DA553F6F}" = Philips VLounge

"{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}" = AMD OverDrive

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian

"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin

"Adobe Illustrator CS2" = Adobe Illustrator CS2

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player 11.6

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Age of Empires 2.0" = Microsoft Age of Empires II

"avast" = avast! Free Antivirus

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"Diablo" = Diablo

"FileZilla Client" = FileZilla Client 3.7.3

"Google Chrome" = Google Chrome

"Hoyle Board Games 4" = Hoyle Board Games 4

"ImgBurn" = ImgBurn

"InstallShield_{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}" = RangeMax Wireless-N USB Adapter WN111v2

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)

"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Picasa 3" = Picasa 3

"PictureItPrem_v10" = Microsoft Picture It! Premium 10

"ULTIMATER" = Microsoft Office Ultimate 2007

"VMware_Player" = VMware Player

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.3

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

"Facebook Plug-In" = Facebook Plug-In

"Google Chrome" = Google Chrome

"IMVU Avatar chat client software BETA" = IMVU Avatar Chat Software

"RivalGaming" = RivalGaming

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Facebook Plug-In" = Facebook Plug-In

"Sansa Updater" = Sansa Updater

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1020\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11/5/2014 1:02:24 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/5/2014 1:02:24 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/5/2014 3:53:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/5/2014 3:53:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/8/2014 2:04:40 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/8/2014 2:04:40 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/11/2014 2:12:59 AM | Computer Name = Admin-AMD | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image

 of binary 6891467drv.  System Error: The system cannot find the file specified.  .

 

Error - 11/11/2014 3:59:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnap.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/11/2014 3:59:10 AM | Computer Name = Admin-AMD | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Nero\Nero8\Nero

 PhotoSnap\PhotoSnapViewer.exe".Error in manifest or policy file "" on line .  A component

 version required by the application conflicts with another component version already

 active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Component

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

 

Error - 11/11/2014 11:33:49 PM | Computer Name = Admin-AMD | Source = Microsoft-Windows-CAPI2 | ID = 513

Description = Cryptographic Services failed while processing the OnIdentity() call

 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image

 of binary 6891467drv.  System Error: The system cannot find the file specified.  .

 

[ OSession Events ]

Error - 10/18/2011 6:41:18 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 0, Application Name: Microsoft Office Word, Application Version:

 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 2/14/2012 1:12:17 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 2/16/2012 3:48:51 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 2/20/2012 11:50:09 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 87

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 4/2/2012 1:59:56 AM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 32

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 4/8/2012 12:03:37 AM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 7/29/2012 10:14:34 AM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 12

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 5/11/2013 1:18:12 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 5/12/2013 5:37:03 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 5/14/2013 2:29:11 PM | Computer Name = Admin-AMD | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 226

 seconds with 60 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 10/30/2014 4:00:17 AM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

 key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

 

Error - 11/2/2014 9:33:41 PM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

 key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

 

Error - 11/3/2014 7:06:48 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7034

Description = The ASUS System Control Service service terminated unexpectedly.  

It has done this 1 time(s).

 

Error - 11/3/2014 7:12:14 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 11/3/2014 7:15:57 PM | Computer Name = Admin-AMD | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

 with this system. Please contact your software vendor for a compatible version 

of the driver.

 

Error - 11/3/2014 7:17:14 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service.  However,

 the system is configured to not allow interactive services.  This service may not

 function properly.

 

Error - 11/4/2014 3:09:11 PM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

 key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

 

Error - 11/11/2014 11:46:53 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the Windows

 Search service to connect.

 

Error - 11/11/2014 11:46:53 PM | Computer Name = Admin-AMD | Source = Service Control Manager | ID = 7000

Description = The Windows Search service failed to start due to the following error:

   %%1053

 

Error - 11/11/2014 11:58:07 PM | Computer Name = Admin-AMD | Source = SNMP | ID = 16713180

Description = The SNMP Service encountered an error while accessing the registry

 key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

 

 

< End of report >
Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\..\URLSearchHook: - No CLSID value found

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\URLSearchHook: - No CLSID value found

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;127.0.0.1:9421;

    FF - prefs.js..extensions.enabledItems: links@rivalgaming.com:1.0.0

    CHR - default_search_provider: search_url =

    CHR - default_search_provider: suggest_url =

    CHR - plugin: Error reading preferences file

    [2012/04/27 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Nate\AppData\Roaming\qBittorrent

    :files

    ipconfig /flushdns /c

    :Commands

    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.
Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles
Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-549523805-167737923-3235466408-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

HKEY_USERS\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-549523805-167737923-3235466408-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Prefs.js: links@rivalgaming.com:1.0.0 removed from extensions.enabledItems

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

C:\Users\Nate\AppData\Roaming\qBittorrent folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Nate\Downloads\cmd.bat deleted successfully.

C:\Users\Nate\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Admin

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 1111053 bytes

 

User: All Users

 

User: Angela

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 895699 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 465501855 bytes

->Flash cache emptied: 1556 bytes

 

User: AppData

->Temp folder emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Dennis

->Temp folder emptied: 0 bytes

 

User: Nate

->Temp folder emptied: 19339323 bytes

->Temporary Internet Files folder emptied: 85146784 bytes

->Java cache emptied: 137 bytes

->FireFox cache emptied: 57146824 bytes

->Google Chrome cache emptied: 386478872 bytes

->Flash cache emptied: 58195 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 8768 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 6943600 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67825 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 975.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 11162014_170610

 

Files\Folders moved on Reboot...

C:\Users\Nate\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Nate\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

C:\Windows\temp\vmware-SYSTEM-2405924255\vmware-usbarb-SYSTEM-2672.log moved successfully.

File\Folder C:\Windows\temp\hsperfdata_ADMIN-AMD$\1892 not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...
Link to post
Share on other sites

I am going to pop in an example screenshot of what it kicked out. There were no threats found, and I adjusted the settings as high as I could find to scrub everything it gives me an option for, and it didn't find anything. However, I have a Spybot directory that is showing "password protected" though I have not set a password. I also thought I uninstalled my old version of Spybot but I have 2 directories. Any thoughts?

 

I also thought I had stopped auto backup (which I have it written to another partitioned drive on the same hard drive), but I had not, and I deleted the whole backup and anything else that was showing on that particular letter Drive, I have not reformatted it. And right now, things are well, as in I go to Chrome, search, and it is a normal Google search. But this has kept coming back, even without a backup, so any thoughts? Or just another wait and see for a few days?

 

And thank you for your help on this, as you know it can get frustrating. 

Link to post
Share on other sites

Don't worry about SpyBot.

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Link to post
Share on other sites

Thanks for letting me know! :)

Step 1

  • Run OTL.exe
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP and Junkware Removal Tool.

Step 4

Malware prevention tips:

https://forums.malwarebytes.org/index.php?/topic/81386-so-how-did-i-get-infected-in-the-first-place/

Safe surfing! :)

Link to post
Share on other sites

  • 2 weeks later...

Maniac, 

I do apologize, but I already was working on it, because I was so mad about this. I ran RegEdit and deleted the files. I kept Spyhunter open and looked up the registry files and deleted them. 

 

Hopefully, after uninstalling the software, running literally 12 different scans and removal tools, I have removed a lot of junk. However, hopefully on the isafe virus, aka searchsafe. com virus level, hopefully I just removed the registry files to keep this from returning. 

 

I do appreciate your help, but this iSafe, aka searchsafe. com virus has been around for a while, and needs to be put in the MBAM database. 

 

Thanks again!

Link to post
Share on other sites

  • 2 weeks later...

It is seemingly gone. No more re-directs and no more "SSL Search is off" via Chrome. 

When I first got it, I had no clue, then I don't remember if I manually removed the software or used "Remove Programs" via the control panel, but the registry values got stuck in there, and well, I finally got them out. All of them. 

 

Thank you for all of your help, and please, get MBAM to get this in their database. 

Link to post
Share on other sites

  • 4 months later...
  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.