Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer won't run anti-virus software, please help!


  • Please log in to reply

#1
Dmac24

Dmac24

    New Member

  • Member
  • Pip
  • 2 posts
Hi there,

After turning my computer on this morning, I found my anti-virus software had been disabled. Thinking this a strange occurance, I proceeded to attempt to re-enable it, which is when I encountered my problem - it wouldn't let me. The program appeared unresponsive. I'm current using Avast!, and whenever I try to search for help online, my browser (Google Chrome) is automatically shut down.
I've endeavoured to acquire Malwarebytes Anti-Malware, and on my 5th attempt have succeeded in performing a full scan (Currently in progress).

I am running Windows 7 x64, on a custom built desktop. I've never had any problems, but I'm freaking out!

I imagine you'll want the details of this malware scan, but I thought I'd post this anyway to see if there's anything else I can do.

Thanks in advance,

Dave.

**Malwarebytes found PUP.HackTool.Patcher and Affiliate.Download as infected files. Upon searching these on my phone, the general consensus was to remove these ASAP, which I have gone ahead and done. I still cannot activate my anti-virus software.

Edited by Dmac24, 11 July 2012 - 09:51 PM.

  • 1

Advertisements


#2
Dmac24

Dmac24

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I also took the liberty of doing OTL scans, and the results are as follows:


OTL Extras logfile created on: 12-07-12 2:42:50 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy

7.98 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 64.69% Memory free
15.96 Gb Paging File | 12.97 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 16.73 Gb Free Space | 28.06% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 584.53 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09E5426F-2460-4755-B39C-78FDAB5262D1}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1359D34D-4DF4-4DE3-BF98-E50F8C659021}" = rport=445 | protocol=6 | dir=out | app=system |
"{15542EE4-565C-4D5A-B923-3E4073338E25}" = lport=138 | protocol=17 | dir=in | app=system |
"{17DAABE5-A5AC-4D77-8664-3EA2F361DC12}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1ED41D70-435F-48A3-A0BF-04F95D9D30DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{2415630B-02F0-4CC1-8F2F-39A938C194E4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F4449EF-176C-49A9-B75C-2DC0AD4B16D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3490CCB4-3A30-4BF2-A128-0E52241D83FE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{34FBA110-235B-46C6-9E30-FCD374DD942C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{39AD1A20-0E34-4E39-8FBA-F720E5443F20}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C70F904-4DF3-43AE-8CBB-F6AD214285F5}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{3F0B5B96-DEB2-4EC4-BB1B-A172693726FD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47419685-6ECD-476A-A5AE-35C73E87EE21}" = lport=445 | protocol=6 | dir=in | app=system |
"{70262512-5A93-49DE-83CD-BECD633E0598}" = lport=139 | protocol=6 | dir=in | app=system |
"{81B42BC0-4BF1-4883-A3F8-5535F346C2A4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{82A4C534-6352-4113-88F9-8A50FCE11782}" = rport=139 | protocol=6 | dir=out | app=system |
"{859E56F8-3498-4D19-9DC5-3E18AC18ABF2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86498B37-E0FF-42E4-BDF4-2CD74AD0FD17}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{895CF1F5-F52B-42F9-9156-C9EAADFCD7D8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AD47058-112B-44EF-9B49-7ACC93CC88C5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A29E5025-2402-4F6C-9056-C02BB329DD66}" = rport=138 | protocol=17 | dir=out | app=system |
"{B23347FE-DED1-4DA1-95F9-594A50D72C24}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{CD7DB8C1-40DB-4B7D-96EF-6EF7CAEB1D53}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D0BCA899-490F-4F98-B0FF-0E538B8CC0E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6B84CAD-2CCF-48B1-BEFE-54476A91412A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DB8BB003-1B68-4505-B8D6-C9061B41C0B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED61A411-19FE-48E9-9146-28CCDB8A1D87}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{FBCCF067-C374-417F-94A6-BAF49686198F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00412521-9C2E-42BC-8DE5-0295D513218E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0046E335-C75C-4A28-BDB3-63F914309D75}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{033E25CD-0DD9-4594-8776-3D4A3D5E0257}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{04EC6D82-35B2-4C5D-86A5-118B8CB91545}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0842E55F-5246-4B0A-83FB-F57F5756DB0E}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{08E44068-8D60-42BC-9835-C65898136273}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0BC78322-619C-4F86-AC89-10D65894854E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C901486-77BB-492B-A94E-84F83BCF3C36}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{0E0A36DB-FDB2-4A13-8E06-89C5FCD5FD05}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1549CFC0-2C83-4BC4-93CB-0AEF56AA4A5E}" = protocol=6 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |
"{185ADA2B-B8F2-40C5-A166-3427D5FAE283}" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{1B6EF986-D949-48ED-A8B4-8B1D61F1D56C}" = protocol=17 | dir=in | app=d:\program files\ventrilo\ventrilo.exe |
"{1BD86E87-5775-4068-888B-FCB2808C00E5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{1C38192F-0023-4E73-AE90-C6D7263DC185}" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"{1D022550-7200-4CB5-83B0-E2FCAB8BB6BE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{1E66CA40-450B-4BCA-B4ED-AF9E46746E92}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{220EA1F4-A0A0-498A-BEA1-65E39B564E63}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{25857E25-7D0F-4C02-B3F6-A2EA0DC56424}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{2623770B-1FB6-420B-8D5B-3A74B278B548}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{2FCF6598-8EEB-4602-AC8F-706C1D476485}" = dir=in | app=d:\program files (x86)\hp\hp software update\hpwucli.exe |
"{30FB4DE2-FC27-4866-ACDC-60596B51AFC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{33637755-7FBC-4E5A-B0AB-27D731D31F53}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{390EC7C0-E52E-42D8-B3A2-AB2731502B0E}" = protocol=58 | dir=out | [email protected],-28546 |
"{395B9F64-32B0-4439-B15C-7A6F246DCC9D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3974B183-0F8E-4E73-8692-5703026BE1D9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe |
"{41B727E2-6769-41A9-984F-983D18489DBB}" = dir=in | app=e:\setup\hpznui40.exe |
"{4A83C3EF-FF8C-4C97-8EA1-9E92D52F4DE5}" = protocol=1 | dir=out | [email protected],-28544 |
"{4B8862D1-C413-4847-B887-8CE00CD5C6E5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{555B666C-C879-46F2-8CDC-7D6168B89103}" = protocol=6 | dir=out | app=system |
"{5B104980-B8F1-44A5-8885-5F66AF346209}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{63A8F414-BDBE-4DE9-8259-E2C33F564E56}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{69798056-111E-4632-BD04-18BDCF1A1ECA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{6DAF3D85-7CED-4B27-AAA2-CFDC0F52A7D4}" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"{6E2D6381-735F-4603-B05F-E89ADA914440}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{72B92E05-ED42-4038-9FFF-FD1113155D85}" = dir=in | app=d:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7C9D2090-61DE-4F50-8D98-8A65F957B12C}" = protocol=17 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{7DDB1A41-4DB0-4CD7-8095-CD3E3DB8341D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7FDCD3A2-23EF-4F28-B181-8FCEEF3DDB1A}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{853F980D-DDDF-488E-ADC5-CD877386522A}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{87124D61-C44A-44C3-821A-D656666A5BF3}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{8D0B51B7-5B70-4795-BE14-D598914BEBC8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{91DFEFB4-D79F-4B15-A6E0-960C1397CF06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98DADF74-8AE8-443E-B4BE-7546194DD3AA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{9DED70A5-FAB5-4586-84C9-FEDFCAACED5D}" = protocol=6 | dir=in | app=d:\program files (x86)\utorrent\utorrent.exe |
"{9FEFB1B9-2FE1-4575-AA4C-E36DC2E1F181}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4DAA28C-BEB2-4098-87B1-47524EB50D06}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{A75294B0-4B0F-4ED8-9DDD-9359993051AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8AE9B5C-63A6-4F6A-B7F3-CBB0BFBCF585}" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"{AA4332AA-ECFB-4F72-887E-F72A7CF43BB6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B477C9EA-DC79-4B38-B20E-5DD69038D0B4}" = dir=in | app=d:\program files (x86)\itunes\itunes.exe |
"{B722F39E-6898-45F8-9EF9-B6F7BABB7A4D}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{B7843B92-35A1-4176-9C18-05D9F0506450}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{BF348903-79E8-48DC-94E5-8A8F6F55ABDC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF6B9703-E7F9-4EB0-B767-DB42F8D50F05}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C2B3F108-317F-49F0-9FD9-1B80275019D6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{C521BF2A-5139-4E6C-8813-CECA9A7F1540}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C5F127A6-8EBF-4970-8316-23405B4DDD58}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe |
"{C73BE6EB-FD14-4ABF-84FA-2F11EE7C1A2F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D5805019-3B1F-46FC-A433-830F76DE83F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{D69AB39A-D222-4178-B6A7-B6D404C49E9D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D7906AE6-5525-42A3-870E-4B45A40606D3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DAA2F736-6519-467E-9EA7-4FC465397D2B}" = dir=in | app=d:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{E710D4E7-C7CA-4EE5-A6F9-87292F9D18CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{E72DD620-47A9-4AC4-9D92-0381046B88DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8DC8247-4FEA-47EA-8200-53BC78814A80}" = protocol=58 | dir=in | [email protected],-28545 |
"{FF471270-6B5E-43A3-91A9-769165F39DD6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0DC7912C-6176-4C75-A08A-5C682B670A13}D:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"TCP Query User{52A21736-8B4E-4177-BB67-BBADCD8788E5}C:\windows\kmsemulator.exe" = protocol=6 | dir=in | app=c:\windows\kmsemulator.exe |
"TCP Query User{5D432E65-D614-4D7B-906D-1F8C6CC486E6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{71A643C1-2183-437B-9D06-6DF6BE740D42}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{B9285F50-C308-4FD5-86EB-BBE0B5CD8A53}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C4A4BF49-C235-4603-B08E-B3DB27D66BE5}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{EE038FEB-A1DC-4C3A-B850-643FD4D1F7B1}D:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"TCP Query User{EF7DDF19-1279-43A6-BBEB-2D0C1DD5FFA0}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{F8440424-99E6-45AB-B64A-2FDF3398AEBE}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"UDP Query User{0DC29316-AE67-4645-9D2D-49A2EDA83565}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{23AB21BA-95F3-415C-926D-87DD2E4D9626}C:\windows\kmsemulator.exe" = protocol=17 | dir=in | app=c:\windows\kmsemulator.exe |
"UDP Query User{5DA4276C-E8CD-4B6E-93BE-C1331DF5FEB1}D:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\launcher.exe |
"UDP Query User{64512798-CBE6-4AF9-9956-E41B5C994250}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{6EA8990D-C22A-44BD-868D-10996710715C}D:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe |
"UDP Query User{7D34C248-BD4E-465D-BDDA-A45D3DA6199E}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{9840800C-F01F-4782-96BC-C3B6BE6A2B02}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |
"UDP Query User{A42C9424-9818-41A5-ADFB-4F32FF77B7E1}D:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=d:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{D8E8BE67-E425-4326-AAA1-15F358AB3AEB}C:\users\dave\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dave\appdata\roaming\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3ABFAF33-D6EE-9348-CE96-AF51E9D6D2FF}" = AMD Drag and Drop Transcoding
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{59C83C08-63F4-4AEC-81D6-392C5E23B843}" = HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4925C0C2-E4E2-456B-9791-0F228BDDC428}" = Facebook Messenger 2.1.4570.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1" = Free Mouse Auto Clicker 2.8.2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F9A2D22-7E30-4546-B817-10644FFB9935}" = B110
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = Catalyst Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3F2803C-B6FA-4D36-8CFE-A8AE92683E92}" = XSplit
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F88E2E04-7EF5-488C-8E38-C94EB808458E}" = PS_AIO_07_B110_SW_Min
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diablo III" = Diablo III
"hon" = Heroes of Newerth
"HP Photo Creations" = HP Photo Creations
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"PS3 Media Server" = PS3 Media Server
"Security Task Manager" = Security Task Manager 1.8d
"uTorrent" = µTorrent
"VirtualDJ" = VirtualDJ
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"World of Warcraft Beta" = World of Warcraft Beta

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11-07-12 11:12:49 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x721b5b9b Faulting
process id: 0x2c4 Faulting application start time: 0x01cd5fdc03136451 Faulting application
path: C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: mdnsNSP.dll Report Id: 75942d11-cbcf-11e1-8de8-002522a0ba71

Error - 11-07-12 11:14:52 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x710e5b9b Faulting
process id: 0x9f4 Faulting application start time: 0x01cd5fdc4be81ac2 Faulting application
path: C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: mdnsNSP.dll Report Id: be909057-cbcf-11e1-8de8-002522a0ba71

Error - 11-07-12 11:17:04 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.62.0.87, time stamp:
0x4fc6d5ba Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0, time stamp:
0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x710b5b9b Faulting process id:
0xfa4 Faulting application start time: 0x01cd5fdccbccee09 Faulting application path:
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
mdnsNSP.dll Report Id: 0d3ce03d-cbd0-11e1-8de8-002522a0ba71

Error - 11-07-12 11:17:15 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.62.0.87, time stamp:
0x4fc6d5ba Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0, time stamp:
0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x6f6e5b9b Faulting process id:
0x684 Faulting application start time: 0x01cd5fdcd358f4a3 Faulting application path:
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
mdnsNSP.dll Report Id: 13956b67-cbd0-11e1-8de8-002522a0ba71

Error - 11-07-12 11:18:00 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.62.0.87, time stamp:
0x4fc6d5ba Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0, time stamp:
0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x6ff65b9b Faulting process id:
0xc50 Faulting application start time: 0x01cd5fdce0c3c0be Faulting application path:
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
mdnsNSP.dll Report Id: 2ec9037e-cbd0-11e1-8de8-002522a0ba71

Error - 11-07-12 11:45:54 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mbam.exe, version: 1.62.0.87, time stamp:
0x4fc6d5ba Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0, time stamp:
0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x722e5b9b Faulting process id:
0x1318 Faulting application start time: 0x01cd5fdcf4723025 Faulting application path:
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Faulting module path:
mdnsNSP.dll Report Id: 14b43382-cbd4-11e1-8de8-002522a0ba71

Error - 11-07-12 11:49:37 PM | Computer Name = Dave-PC | Source = WinMgmt | ID = 10
Description =

Error - 11-07-12 11:54:06 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x73d95b9b Faulting
process id: 0x948 Faulting application start time: 0x01cd5fe1b5f550f0 Faulting application
path: C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: mdnsNSP.dll Report Id: 39f8e3de-cbd5-11e1-b87f-002522a0ba71

Error - 12-07-12 12:27:34 AM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: WINHTTP.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7ba3e Exception code: 0xc000001d Fault offset: 0x00005b9b Faulting process
id: 0x6fc Faulting application start time: 0x01cd5fe67f8bf6f6 Faulting application
path: C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: C:\Windows\system32\WINHTTP.dll Report Id: e6e050bf-cbd9-11e1-b87f-002522a0ba71

Error - 12-07-12 12:27:34 AM | Computer Name = Dave-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program Google Chrome because of this error. Program: Google Chrome File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: 00000000
Disk
type: 0

Error - 12-07-12 12:29:27 AM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: mdnsNSP.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e5dca4c Exception code: 0xc0000005 Fault offset: 0x71645b9b Faulting
process id: 0x10c4 Faulting application start time: 0x01cd5fe6a7fc8292 Faulting application
path: C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe Faulting
module path: mdnsNSP.dll Report Id: 29d768b1-cbda-11e1-b87f-002522a0ba71

Error - 12-07-12 12:31:28 AM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: chrome.exe, version: 20.0.1132.47, time
stamp: 0x4fec0d4d Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x72bf5b9b Faulting process id: 0x11c4 Faulting application
start time: 0x01cd5fe706ca2fa6 Faulting application path: C:\Users\Dave\AppData\Local\Google\Chrome\Application\chrome.exe
Faulting
module path: unknown Report Id: 72561b67-cbda-11e1-b87f-002522a0ba71

[ Media Center Events ]
Error - 25-05-12 12:48:09 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:48:07 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 26-05-12 12:19:36 AM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:19:36 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 26-05-12 12:21:06 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:21:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 27-05-12 12:29:28 AM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:29:28 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 27-05-12 5:33:24 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 7:33:19 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 28-05-12 12:30:13 AM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:30:13 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 28-05-12 12:24:34 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:24:32 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 29-05-12 12:19:07 AM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:19:07 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 29-05-12 12:47:45 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 2:47:44 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 29-05-12 1:48:04 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 3:48:04 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

[ System Events ]
Error - 11-07-12 10:44:11 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 3 time(s).

Error - 11-07-12 11:13:11 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 4 time(s).

Error - 11-07-12 11:47:22 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7043
Description = The Windows Update service did not shut down properly after receiving
a preshutdown control.

Error - 11-07-12 11:48:04 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 11-07-12 11:48:09 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7031
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.

Error - 11-07-12 11:48:15 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 3 time(s).

Error - 11-07-12 11:49:16 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 4 time(s).

Error - 11-07-12 11:49:53 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 5 time(s).

Error - 11-07-12 11:50:44 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7034
Description = The avast! Antivirus service terminated unexpectedly. It has done
this 6 time(s).

Error - 12-07-12 12:37:38 AM | Computer Name = Dave-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.


< End of report >



OTL logfile created on: 12-07-12 2:42:50 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = D:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MM-yy

7.98 Gb Total Physical Memory | 5.16 Gb Available Physical Memory | 64.69% Memory free
15.96 Gb Paging File | 12.97 Gb Available in Paging File | 81.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59.62 Gb Total Space | 16.73 Gb Free Space | 28.06% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 584.53 Gb Free Space | 62.76% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-07-12 14:42:28 | 000,596,480 | ---- | M] (OldTimer Tools) -- D:\Users\Dave\Downloads\OTL.exe
PRC - [2012-07-11 11:08:24 | 001,192,664 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012-07-03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012-04-11 08:35:58 | 000,137,536 | ---- | M] (Facebook Inc.) -- C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2012-01-03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012-07-11 11:08:24 | 001,192,664 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2011-09-27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011-09-27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012-04-06 12:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012-02-24 03:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010-05-20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009-07-14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012-07-03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012-06-23 19:10:17 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012-01-03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-01-29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- D:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009-06-11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012-04-06 15:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012-04-06 11:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012-03-01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-02-24 03:12:43 | 000,817,496 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012-02-24 03:12:42 | 000,335,704 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012-02-24 03:11:04 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012-02-24 03:10:43 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012-02-24 03:10:38 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012-02-24 03:10:19 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012-02-23 22:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012-02-15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011-04-22 01:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011-03-11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011-03-11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010-11-21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010-11-21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010-11-21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010-10-19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010-01-29 01:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009-09-15 03:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009-07-14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009-07-14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009-07-14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009-07-14 10:35:32 | 000,000,000 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009-06-11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009-06-11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009-06-11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009-06-11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009-05-18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008-01-17 15:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2009-07-14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://iat.ninemsn.c...er/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 87 E9 7D 47 95 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "WOT Safe Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Dave\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-23 16:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-12 12:43:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: D:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-01-23 16:11:39 | 000,000,000 | ---D | M]

[2011-10-28 18:01:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2012-05-20 18:38:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ouw9tmhb.default\extensions
[2012-05-20 18:38:32 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ouw9tmhb.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-04-24 20:10:15 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ouw9tmhb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012-05-09 00:09:48 | 000,002,103 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\ouw9tmhb.default\searchplugins\wot-safe-search.xml
[2012-05-09 01:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012-03-02 07:50:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012-07-12 12:43:44 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - homepage: http://www.facebook.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.facebook.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Dave\AppData\Local\Facebook\Messenger\2.1.4570.0\npFbDesktopPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dave\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: iTunes Application Detector (Enabled) = D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Slinky Elegant = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\
CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {687578B9-7132-4A7A-80E4-30EE31099E03} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] D:\Program Files (x86)\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dave\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Dave\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Dave\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Dave\AppData\Local\Facebook\Messenger\2.1.4570.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 61.9.133.193 61.9.134.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15CF2B04-8FCF-4680-960B-89297A43FC58}: DhcpNameServer = 61.9.133.193 61.9.134.49
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A8D195-6108-4AD3-94FB-51306DB23BE0}: DhcpNameServer = 61.9.133.193 61.9.134.49
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012-07-12 13:16:58 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes
[2012-07-12 13:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012-07-12 13:16:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012-07-12 13:16:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-07-12 13:03:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012-07-12 13:03:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012-07-12 12:43:50 | 000,335,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012-07-12 12:43:50 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012-07-12 12:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012-07-12 12:43:49 | 000,817,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012-07-12 12:43:49 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012-07-12 12:43:49 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012-07-12 12:43:49 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012-07-12 12:43:38 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012-07-12 12:43:38 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012-07-10 23:48:42 | 000,000,000 | ---D | C] -- C:\Users\Dave\riotsGamesLogs
[2012-07-10 23:47:18 | 000,000,000 | ---D | C] -- D:\Users\Dave\Documents\Wondershare Video Editor
[2012-07-10 14:41:53 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012-07-09 18:44:35 | 000,000,000 | ---D | C] -- D:\Users\Dave\Desktop\flvtoavi
[2012-07-08 23:01:52 | 000,000,000 | ---D | C] -- D:\Users\Dave\Documents\CyberLink
[2012-07-08 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\CyberLink
[2012-07-08 23:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012-07-08 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
[2012-07-08 22:56:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2012-07-08 22:53:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012-07-08 22:50:21 | 000,000,000 | ---D | C] -- D:\Users\Dave\Desktop\CYBERLINK POWERDIRECTOR 8_SERIAL
[2012-07-03 16:59:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard
[2012-07-03 16:59:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Blizzard Entertainment
[2012-06-23 18:43:48 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012-06-23 18:42:11 | 000,000,000 | ---D | C] -- D:\Users\Dave\Documents\My Curse
[2012-06-23 17:15:17 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012-06-23 17:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012-06-23 17:12:34 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012-06-23 17:12:34 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012-06-23 17:12:33 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012-06-23 17:12:33 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012-06-23 17:12:18 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012-06-23 17:12:18 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012-06-23 17:07:58 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Windows Live
[2012-06-23 17:07:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2012-06-23 17:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012-06-23 17:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012-06-23 17:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012-06-23 17:05:12 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012-06-23 17:05:12 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012-06-23 15:45:20 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012-06-23 15:45:20 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012-06-23 15:45:20 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012-06-23 15:45:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012-06-23 15:45:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012-06-23 15:45:05 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012-06-23 15:45:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012-06-22 08:50:17 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\MediaPlayerSongReader
[2012-06-19 10:00:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012-06-19 09:59:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012-06-18 16:02:06 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\LolClient2
[2012-06-15 18:16:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012-06-15 18:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012-06-15 18:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012-06-15 18:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012-06-15 18:13:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012-06-13 10:40:05 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012-06-13 10:40:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012-06-13 10:40:04 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012-06-13 10:40:04 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012-06-13 10:40:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012-06-13 10:40:03 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012-06-13 10:40:03 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012-06-13 10:39:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012-06-13 10:39:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012-06-13 10:39:58 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012-06-13 10:39:55 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012-06-13 10:39:54 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012-06-13 10:39:54 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

========== Files - Modified Within 30 Days ==========

[2012-07-12 14:41:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1970735221-35658206-986194737-1000UA.job
[2012-07-12 14:26:22 | 000,007,599 | ---- | M] () -- C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
[2012-07-12 14:10:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012-07-12 13:55:07 | 000,017,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012-07-12 13:55:07 | 000,017,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012-07-12 13:54:08 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012-07-12 13:54:08 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012-07-12 13:54:08 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012-07-12 13:51:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1970735221-35658206-986194737-1000UA.job
[2012-07-12 13:48:09 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012-07-12 13:48:04 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012-07-12 13:47:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012-07-12 13:47:43 | 2133,872,639 | -HS- | M] () -- C:\hiberfil.sys
[2012-07-12 13:16:51 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-12 12:43:50 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-07-12 12:43:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012-07-12 08:00:09 | 000,003,296 | ---- | M] () -- C:\bootsqm.dat
[2012-07-11 19:51:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1970735221-35658206-986194737-1000Core.job
[2012-07-11 18:53:58 | 000,000,768 | ---- | M] () -- D:\Users\Dave\Desktop\World of Warcraft.lnk
[2012-07-10 14:41:54 | 000,001,330 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012-07-09 13:17:39 | 000,418,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012-07-07 23:19:39 | 000,000,788 | ---- | M] () -- D:\Users\Dave\Desktop\PS3 Media Server.lnk
[2012-07-06 08:56:31 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1970735221-35658206-986194737-1000Core.job
[2012-07-03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012-06-30 13:52:10 | 000,002,283 | ---- | M] () -- D:\Users\Dave\Desktop\Google Chrome.lnk
[2012-06-23 19:10:17 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012-06-23 19:10:17 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012-06-23 18:43:50 | 000,000,000 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012-06-23 18:43:48 | 000,000,318 | ---- | M] () -- D:\Users\Dave\Desktop\Curse Client.appref-ms
[2012-06-23 17:05:34 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012-06-23 15:59:18 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-06-19 09:59:52 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012-06-19 09:59:52 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012-06-15 18:16:13 | 000,001,571 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012-07-12 13:16:51 | 000,000,789 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012-07-12 12:43:50 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012-07-12 08:00:09 | 000,003,296 | ---- | C] () -- C:\bootsqm.dat
[2012-07-07 23:20:11 | 000,000,788 | ---- | C] () -- D:\Users\Dave\Desktop\PS3 Media Server.lnk
[2012-06-23 18:43:50 | 000,000,000 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012-06-23 18:43:48 | 000,000,318 | ---- | C] () -- D:\Users\Dave\Desktop\Curse Client.appref-ms
[2012-06-23 17:14:45 | 000,001,308 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012-06-23 17:14:27 | 000,001,377 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012-06-23 17:05:34 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2012-06-22 08:43:46 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012-06-15 18:16:13 | 000,001,571 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012-04-28 16:19:47 | 000,007,599 | ---- | C] () -- C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
[2012-04-06 11:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012-04-06 11:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012-03-09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012-01-23 16:08:08 | 000,208,196 | ---- | C] () -- C:\Windows\hpoins47.dat
[2012-01-22 17:22:58 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011-12-12 12:43:49 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011-10-29 18:50:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011-10-28 18:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011-09-13 08:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

< End of report >



I hope this helps!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP