Microsoft Security Essentials and Malwarebytes detected Sirefef viruses and caused my computer to restart a lot. I system restored and the problems have temporarily disappeared, but I think its still there. Thanks!
Order of scans:
1)OTL
2)OTL Extra
3)aswMBR
In my next post I shall provide a regular Farbar Scan along with a services.exe search
1)OTL
OTL logfile created on: 8/4/2012 6:10:47 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Dan\Desktop\Touhou\New folder 2
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.96 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 83.72% Memory free
15.92 Gb Paging File | 14.46 Gb Available in Paging File | 90.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 419.24 Gb Free Space | 45.49% Space Free | Partition Type: NTFS
Drive K: | 488.84 Mb Total Space | 292.94 Mb Free Space | 59.92% Space Free | Partition Type: FAT
Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/04 06:08:38 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\Touhou\New folder 2\OTL.exe
PRC - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/02/11 12:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/02/11 12:53:00 | 000,348,480 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2009/12/29 17:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 09:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2007/05/07 11:40:26 | 000,910,896 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007/05/07 11:40:06 | 000,149,040 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/13 07:16:24 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll
MOD - [2012/06/13 07:16:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:02:19 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 03:01:56 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 03:01:49 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/05/11 07:13:20 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/11 03:45:36 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 03:44:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/11 03:44:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/11 03:44:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/11 03:44:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/11 03:44:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/02/11 12:56:00 | 000,415,040 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2010/02/11 12:53:00 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
MOD - [2010/02/11 12:53:00 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
MOD - [2010/02/11 12:53:00 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
MOD - [2010/02/11 12:53:00 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
MOD - [2010/02/11 12:53:00 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
MOD - [2010/02/11 12:53:00 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
MOD - [2010/02/11 12:53:00 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
MOD - [2010/02/11 12:53:00 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
MOD - [2010/02/11 12:53:00 | 000,025,920 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
MOD - [2010/02/11 12:52:00 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll
MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 17:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 04:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/12/10 18:15:04 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2012/08/03 02:48:19 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 12:35:38 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/22 16:31:49 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/10/21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/07/10 18:47:00 | 004,792,624 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/11 12:53:00 | 000,660,800 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 09:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/16 04:57:57 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/06/30 21:08:25 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/04/27 17:16:24 | 000,528,616 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/04/27 17:16:24 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/04/27 17:16:24 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/04/27 17:16:24 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/04/27 17:16:24 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/04/27 17:16:24 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/04/27 17:16:24 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/04/27 17:16:24 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/10 20:40:28 | 006,179,328 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/24 01:49:46 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/16 07:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/01 02:34:00 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {356C09E7-84CD-4E87-B949-E9605061B623}
IE:64bit: - HKLM\..\SearchScopes\{356C09E7-84CD-4E87-B949-E9605061B623}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D5A4956C-33D6-4496-846A-6E3AB0477B8C}
IE - HKLM\..\SearchScopes\{D5A4956C-33D6-4496-846A-6E3AB0477B8C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.4
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.17
FF - prefs.js..extensions.enabledItems: [email protected]:0.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.88
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Dan\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/11 19:48:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 12:35:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 08:03:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 12:35:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 08:03:20 | 000,000,000 | ---D | M]
[2010/06/30 20:39:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions
[2012/08/03 01:51:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions
[2012/08/03 01:51:15 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/10/04 22:29:24 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/09/04 09:27:33 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2012/04/07 17:37:13 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/09/04 09:27:33 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2012/08/03 01:51:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/24 15:12:00 | 000,000,000 | ---D | M] (Text-to-Image) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2010/12/09 04:29:00 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/03/27 13:57:49 | 000,000,000 | ---D | M] (Restart Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\[email protected]
[2011/03/02 23:26:18 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\[email protected]
[2010/09/26 13:10:14 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\extensions\vshare@toolbar
[2012/03/31 12:53:31 | 000,001,210 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\676katd7.default\searchplugins\search.xml
[2012/04/26 09:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/01 10:19:46 | 000,050,631 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\676KATD7.DEFAULT\EXTENSIONS\{54BB9F3F-07E5-486C-9B39-C7398B99391C}.XPI
[2012/07/30 10:23:41 | 000,526,190 | ---- | M] () (No name found) -- C:\USERS\DAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\676KATD7.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/07/18 12:35:39 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/04/08 09:50:47 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/17 10:32:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 10:32:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\20.0.1132.57\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Dan\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Dan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Dan\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Dan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20100702013854.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4:64bit: - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{188E3497-00E4-4A42-8BE9-DA21A77401D7}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e73a99fb-c428-11e0-b42b-a4badbf4896d}\Shell - "" = AutoRun
O33 - MountPoints2\{e73a99fb-c428-11e0-b42b-a4badbf4896d}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/02 22:47:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/13 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\Documents\Might & Magic Heroes VI
[2012/07/13 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Might & Magic Heroes VI
[2012/07/13 14:07:32 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Ubisoft Game Launcher
[2012/07/13 13:45:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012/07/13 12:17:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\Might.and.Magic.Heroes.VI-SKIDROW
[2012/07/13 12:15:18 | 000,000,000 | ---D | C] -- C:\Users\Dan\.swt
[2011/05/16 04:57:57 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dan\AppData\Roaming\pcouffin.sys
========== Files - Modified Within 30 Days ==========
[2012/08/04 06:11:24 | 000,782,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/04 06:11:24 | 000,662,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/04 06:11:24 | 000,122,236 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/04 06:09:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/04 06:09:17 | 2115,330,047 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/04 00:13:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/04 00:13:02 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/03 13:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/03 05:53:38 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2240605761-2948181791-427216315-1001UA.job
[2012/08/03 00:18:47 | 000,000,020 | ---- | M] () -- C:\Users\Dan\defogger_reenable
[2012/08/02 16:33:56 | 000,001,041 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\vso_ts_preview.xml
[2012/07/29 16:53:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2240605761-2948181791-427216315-1001Core.job
[2012/07/27 09:11:10 | 003,154,787 | ---- | M] () -- C:\Users\Dan\Desktop\LeAnn Rimes-Can't Fight the Moonlight(Live).mp3
[2012/07/27 08:57:08 | 003,216,227 | ---- | M] () -- C:\Users\Dan\Desktop\Empire of the Sun - Walking on a Dream.mp3
[2012/07/24 17:36:42 | 003,708,583 | ---- | M] () -- C:\Users\Dan\Desktop\Maroon 5 - Payphone.mp3
[2012/07/18 12:35:42 | 000,002,046 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/13 14:23:50 | 000,001,908 | ---- | M] () -- C:\Users\Dan\Desktop\Might & Magic Heroes VI - Shortcut.lnk
[2012/07/11 19:49:12 | 000,002,389 | ---- | M] () -- C:\Users\Dan\Desktop\Google Chrome.lnk
[2012/07/11 11:44:34 | 000,423,440 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2012/08/03 00:18:47 | 000,000,020 | ---- | C] () -- C:\Users\Dan\defogger_reenable
[2012/07/27 09:11:09 | 003,154,787 | ---- | C] () -- C:\Users\Dan\Desktop\LeAnn Rimes-Can't Fight the Moonlight(Live).mp3
[2012/07/27 08:57:06 | 003,216,227 | ---- | C] () -- C:\Users\Dan\Desktop\Empire of the Sun - Walking on a Dream.mp3
[2012/07/24 17:36:40 | 003,708,583 | ---- | C] () -- C:\Users\Dan\Desktop\Maroon 5 - Payphone.mp3
[2012/07/13 14:23:36 | 000,001,908 | ---- | C] () -- C:\Users\Dan\Desktop\Might & Magic Heroes VI - Shortcut.lnk
[2012/03/31 12:53:31 | 000,000,288 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\9DD5068.reg
[2011/05/16 04:59:10 | 000,001,041 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\vso_ts_preview.xml
[2011/05/16 04:57:57 | 000,099,384 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\inst.exe
[2011/05/16 04:57:57 | 000,007,859 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.cat
[2011/05/16 04:57:57 | 000,001,167 | ---- | C] () -- C:\Users\Dan\AppData\Roaming\pcouffin.inf
[2011/04/22 07:01:36 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/18 20:49:35 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2010/07/03 20:55:47 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\acccore
[2011/04/23 04:57:34 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Auslogics
[2010/10/04 22:23:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AVG10
[2011/10/25 22:00:09 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\avidemux
[2012/07/13 13:42:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Azureus
[2011/10/23 22:35:53 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Canon
[2010/06/30 21:27:12 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DAEMON Tools Lite
[2011/10/20 18:01:49 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\DVDVideoSoft
[2012/03/02 08:21:19 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Ebniut
[2010/09/04 09:27:33 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\IrfanView
[2012/08/02 19:52:16 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Might & Magic Heroes VI
[2012/03/02 12:08:04 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mufoef
[2012/05/21 10:16:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Replay Media Catcher 4
[2010/12/27 20:58:31 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\savedata
[2010/10/04 22:29:25 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ShanghaiAlice
[2012/04/06 16:23:59 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\StreamTorrent
[2012/08/02 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Vso
[2012/06/28 13:33:03 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
2)OTL Extras
OTL Extras logfile created on: 8/4/2012 6:10:47 AM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Dan\Desktop\Touhou\New folder 2
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.96 Gb Total Physical Memory | 6.66 Gb Available Physical Memory | 83.72% Memory free
15.92 Gb Paging File | 14.46 Gb Available in Paging File | 90.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921.59 Gb Total Space | 419.24 Gb Free Space | 45.49% Space Free | Partition Type: NTFS
Drive K: | 488.84 Mb Total Space | 292.94 Mb Free Space | 59.92% Space Free | Partition Type: FAT
Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E3EB9E-AAB4-48E4-8926-3F91C19C7B60}" = rport=445 | protocol=6 | dir=out | app=system |
"{0176F357-9E3C-4026-B95F-754F75B6D122}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{03CFAC93-E718-4A5B-B2A7-8A276E77EF15}" = lport=445 | protocol=6 | dir=in | app=system |
"{140F001D-C284-4835-A71E-B39CA3359152}" = lport=139 | protocol=6 | dir=in | app=system |
"{173D0602-F4F8-4BD2-A886-7722EC327934}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{191E959E-72A4-42B8-9349-E2F8FD670120}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{1E14FBD0-ACED-4AF9-9CA9-BC2F383D8631}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A587939-8858-4859-B16C-DF66611AED12}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{4447F733-419D-4F4A-ABFC-DF388D203590}" = lport=10243 | protocol=6 | dir=in | app=system |
"{48E84D91-57BC-4EED-8A69-B7340A253397}" = lport=138 | protocol=17 | dir=in | app=system |
"{56C646D5-126E-4EF6-98AC-3F8796BE2598}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{56FA86F9-517A-41A8-9EB4-DA5718EC90C3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6E6CE88C-36BB-4880-BA16-39CA80020B19}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DEC4A2C-1416-4C3E-920D-4FBF9771756E}" = lport=137 | protocol=17 | dir=in | app=system |
"{91A6C7F6-9305-457A-BA63-ABB4EA3B0387}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A4A8B33E-4C60-4786-B78C-C2BCFADC50E1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCA4CBE9-7A06-4A36-AFFD-BD912063FDC0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BFCE1982-193B-4E1F-B9E0-4B04CFD73B96}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C430962C-04E4-45F2-9170-3ACE35E5145E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C6C1E363-CD1B-4F9E-A301-6B7C26A4585B}" = rport=138 | protocol=17 | dir=out | app=system |
"{D3B560CF-371E-4C7B-830F-877A8DCB8D3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D9C1CA54-FCB8-4219-BB03-B9D43B4DBB29}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DD24B772-F822-4BEA-A9C1-C980B1C0779C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DEB48973-AEBC-4EA9-B81E-2AAB2419B73A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{E0FAD781-3050-4C0F-B1C6-4F79173E329A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E5DFE3A9-04B9-4CAA-96F7-19F7014853BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{ED103280-9B97-4218-AE37-86F49240E583}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C0BB61-526A-4F4D-A693-B099FA34D496}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{043F0144-3000-4DD2-A825-8B1742B51EF5}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{059B8FFB-2155-4D9C-9421-59FA8C739A8A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{13A71BD7-ED5D-442C-8A1F-84D3EFE44FEA}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{19A9AAE3-ED16-4780-9568-93DD1814CA69}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{1A8C09AC-F0B1-499D-B1C6-FE518E9DB06E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{238AC8C0-F893-4241-BEFA-BC3975A2B6D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2469E3AD-157D-4CB2-8499-DAEEE16D67B5}" = protocol=58 | dir=in | [email protected],-28545 |
"{2AC8832C-F7EB-425D-BC3F-258D591915E4}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{2E42828C-34CC-40FC-BC14-9B0A862C6A2F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{31CDE137-712C-4CCA-9EF2-6D0E25A494EC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3ACDC2EC-1149-4204-AF83-AD301A1C3FFB}" = protocol=1 | dir=out | [email protected],-28544 |
"{41425E63-05C9-4F58-A5FD-FA1FF88DB9FF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{465B7BB9-E074-4BD2-AD2B-89279BFC54B8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{465CCEC6-D9C2-498E-8B2A-7B19636F1C42}" = protocol=1 | dir=in | [email protected],-28543 |
"{4798DA19-D97A-43DA-B97F-9759376A03DE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{48B5BF22-FAA1-49F8-8FBD-916B26AA0C3B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{50FDBA9B-E2F7-46FC-88E0-7B9F334CD3B8}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{59D2C4BB-AB8E-4DF6-826B-25D41EEFBFD4}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{5EEC4CF3-3F9C-4387-9D11-22D1B3AF151C}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{620CBC11-5D21-4DFF-B693-CE28499A3E6F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{63FA1F50-9257-477B-828A-56C3C4A8E8B2}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{66C8A1AD-6A52-4829-BEA5-D3E9E91BC148}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{6763580D-B3C6-456E-8326-B0FD267C6E39}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{6935B33D-FEDA-49D8-A0A6-DD5764A406D8}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{71337CEE-93A7-4703-8AD6-18EFB8848EBF}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{71C15685-C4A4-4096-A6BE-9EDAF9829D37}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{732B9F2D-25E3-4821-9634-BB4E05A92DCA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{75B6B931-6B21-4013-9046-E29C2375BA9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80138C30-EC19-4554-A568-D0BEB5AC7582}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8108957C-B13B-4C85-B8BC-B8E0DBB77506}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{88C6AD72-3A61-445C-8032-3232DD61278E}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{8C35B2AD-711C-4484-BA92-24A47D73096E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{921272D4-2F6E-40AD-8175-564E907745FB}" = protocol=58 | dir=out | [email protected],-28546 |
"{981F6892-AF35-4CE5-936D-820FF8E540E5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{99E8D147-1FF2-4045-A7FA-DA8DCC9BC0CC}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base15405\sc2.exe |
"{A33427EB-CFBA-4E54-96DA-88116FD8B070}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{A42089F4-16AC-4866-AA11-0FE432D99FDF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{AD9FA644-92AC-4AE3-9210-AB210A6FC03F}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{B435F4E7-5B67-4410-BCB4-F4D057951B82}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{B7024DFA-8EF3-4FB7-8A37-64B86E842DE3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8AA2180-7E63-4343-8A74-D7E4BB0D82C5}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BFB1069B-3AC5-4638-A06C-D4B38BDB4FB4}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{C346B8C4-5ACF-452E-8834-06C938FF2888}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DA7B59B6-5313-48CD-9FDA-55E5C53A0B9A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DB42F972-2B8A-4A18-A5B2-9AF94638C20D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEF0A42F-7D0B-4E09-96D9-0754F2C567B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5FB4174-47BE-4F3A-A7FF-BEC544205109}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E61D15CC-2355-4CC6-8D3F-DB819AFF5A79}" = protocol=6 | dir=out | app=system |
"{F03147BD-41FE-4592-8960-BCC27B28D9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F63F1A6B-5A6C-4DFC-A12E-9B54616B03F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FD1D2312-B0EF-4564-8B6E-2534146CF9C7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"TCP Query User{0CD959B6-E57C-437B-9C9F-E8921CCFBF1A}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{176A92E2-5A99-43DD-A69C-FC813B4350EB}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"TCP Query User{2467457F-1CF6-472E-85D5-8589BA5FD4C3}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
"TCP Query User{4CC82D2D-AC69-4AA2-8F10-BD5606881EC3}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"TCP Query User{E125925C-C093-4400-8A7E-26BF4843DCC0}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{E46DFD47-1AF3-4565-A720-8E3B39C1B240}C:\users\dan\appdata\roaming\mufoef\faaryh.exe" = protocol=6 | dir=in | app=c:\users\dan\appdata\roaming\mufoef\faaryh.exe |
"UDP Query User{4EF5BA0E-35AB-404D-8543-5EC6DF9479C7}C:\program files (x86)\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{555FA223-47B4-4A8A-BC51-A1DCD2474683}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{7AEDB8D5-7C72-4A19-B643-FF84FC7A43B3}C:\program files (x86)\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{8BBEB08F-9DCE-420C-B664-0F8C7FD3327B}C:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gretech\gomtvstreamer\gomtvstreamerlive.exe |
"UDP Query User{F0F2DD4B-4195-4614-9FEC-C6FF97697D6E}C:\users\dan\appdata\roaming\mufoef\faaryh.exe" = protocol=17 | dir=in | app=c:\users\dan\appdata\roaming\mufoef\faaryh.exe |
"UDP Query User{FF777013-2975-4686-94D8-F9F78EB41938}C:\nexon\vindictus\en-us\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\vindictus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{BFE972A5-DC62-03F9-F03E-8AC751DFE770}" = ccc-utility64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
".sol Editor" = .sol Editor 1.1.0.1
"{03CEC5A3-648C-3E00-7CDB-C049B47A5EDC}" = CCC Help Spanish
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{051EF664-EB85-8320-1184-35136C6B0BEF}" = CCC Help Portuguese
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0566E404-1FCB-16C4-C265-9415012650D5}" = CCC Help Korean
"{07BB25C3-55B6-303C-1E7C-2C528555014D}" = CCC Help Dutch
"{0E892FBB-0060-44C9-9E8C-017855956193}" = DBO_CT_TW
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1583FB9E-D1D7-A29B-F3D3-7D6B74D75128}" = Catalyst Control Center Graphics Previews Vista
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"{1EE6959C-49F2-5D45-A007-776A7A053043}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{222E1C7F-5892-0015-BF94-914B7EBEB564}" = CCC Help Finnish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0
"{38001EBD-D270-2BBC-CEAE-B88BDE197E16}" = CCC Help Russian
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"{42E0794B-B4A6-CDB6-308F-04A5CA54B81E}" = CCC Help French
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{599EAA99-BBA8-C8FF-C2EA-04D0C8FA6D89}" = Catalyst Control Center InstallProxy
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5DFB9027-0099-5816-8428-CF25B64B46C9}" = CCC Help Czech
"{634CE363-2BB8-FF85-83C3-734699DFC570}" = CCC Help German
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6545416A-A60A-8DE4-3590-15F0662461DF}" = CCC Help Polish
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774A70C8-29CA-565A-FB84-01B408F119B2}" = CCC Help Chinese Standard
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A9DE8C3-5B21-34EC-DE5D-BAFAB8D8C9D9}" = CCC Help Greek
"{8DAE4336-2B71-11D4-9A6C-006067325E47}" = Baldur's Gate™ II - Shadows of Amn™
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91D1580F-35C5-8D29-144C-605E3568B3A5}" = Catalyst Control Center Graphics Full Existing
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{958FD5FD-1F71-493B-CC6C-4922F3EA2356}" = CCC Help Danish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FDFB9AE-B7A9-3481-E85C-08E7FA6D620B}" = Catalyst Control Center Graphics Full New
"{A0AD3E2F-427D-09F9-85FB-450E35A03046}" = CCC Help Hungarian
"{A1D31E2C-C7E1-2E6E-EAE9-0C3BAFB5B1F9}" = CCC Help Thai
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2C07E85-76D6-DC01-48A9-7577AD95CD70}" = CCC Help Swedish
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B91C2CFE-15D0-C863-963A-DFF09D2AE726}" = Catalyst Control Center Core Implementation
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BACF2A73-2F91-9657-F9B5-10723A9B1E5B}" = CCC Help Italian
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"{C8694EE7-24F3-6593-FE50-00E575C79272}" = Skins
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDF7810C-10AB-7E95-ABC5-0D60C5761876}" = Catalyst Control Center Graphics Light
"{D5D35107-8CFE-5FFB-2D64-1CE29202493B}" = Catalyst Control Center Graphics Previews Common
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8D98FAB-17E7-A123-D654-6574E6187EE2}" = CCC Help Chinese Traditional
"{DAC44207-C17F-DAFA-CE5D-010AB94A38AB}" = CCC Help Norwegian
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E11BD6A7-5046-4D25-ABCB-386A54F71033}" = Nero 7 Essentials
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E31C77D0-B0F0-318B-0A39-F57BF54D22AD}" = ccc-core-static
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA3CD5E7-0C84-2479-6490-B6228F87B174}" = CCC Help Japanese
"{ECEB9207-85FE-3004-CD20-5DAEE0F1D1E0}" = CCC Help Turkish
"{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F68AFC71-77CD-0B22-4C4F-C09097E058E9}" = Catalyst Control Center Localization All
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Combat Arms" = Combat Arms
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"Dell Dock" = Dell Dock
"DivX Setup" = DivX Setup
"DragonNest" = DragonNest
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"G-Senjou_no_Maou_Aegis" = G-Senjou no Maou English
"InstallShield_{19B5CAAF-3E36-40F4-83F2-45E0D258000C}" = 神採りアルケミーマイスター Append02
"InstallShield_{41810510-3CE0-425B-BE07-B9793731737F}" = 神採りアルケミーマイスター
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"InstallShield_{C7B5C8A0-CE3F-4645-A0B6-B5515794076D}" = 神採りアルケミーマイスター Ver2.00 Update
"InstallShield_{EFE563B0-DDDB-45AF-B49A-C109C93E5F35}" = 神採りアルケミーマイスター Append01
"IrfanView" = IrfanView (remove only)
"KitsuSaga" = KitsuSaga
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"SCHOOLDAYS HQ" = SCHOOLDAYS HQ
"Sengoku Rance English_is1" = Sengoku Rance English v1.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 440" = Team Fortress 2
"StreamTorrent 1.0" = StreamTorrent 1.0
"Vindictus" = Vindictus
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AikaOnline" = AikaOnline
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/31/2011 4:29:36 PM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4232 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: c50 Start
Time: 01cc68153c0e3134 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: f069ee73-d40f-11e0-8a26-a4badbf4896d
Error - 8/31/2011 4:59:59 PM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4259 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1114 Start
Time: 01cc681cbadf4575 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 2ec63545-d414-11e0-8a26-a4badbf4896d
Error - 9/1/2011 9:17:55 AM | Computer Name = Dan-PC | Source = SideBySide | ID = 16842824
Description = Activation context generation failed for "c:\program files\microsoft
security client\MSESysprep.dll".Error in manifest or policy file "c:\program files\microsoft
security client\MSESysprep.dll" on line 10. The element imaging appears as a child
of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by
this version of Windows.
Error - 9/1/2011 9:18:38 AM | Computer Name = Dan-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 9/1/2011 9:18:57 AM | Computer Name = Dan-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files (x86)\microsoft\search
enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
"c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll"
on line 2. Invalid Xml syntax.
Error - 9/1/2011 10:23:20 PM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4259 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: a24 Start
Time: 01cc690f85e60827 Termination Time: 4 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 850b14fe-d50a-11e0-a734-a4badbf4896d
Error - 9/2/2011 7:48:04 AM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4259 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 11b8 Start
Time: 01cc695ec7afc3cb Termination Time: 4 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 69e087ba-d559-11e0-8545-a4badbf4896d
Error - 9/2/2011 9:25:19 AM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4259 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b18 Start
Time: 01cc6967fd43791a Termination Time: 5 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: ffd29c2f-d566-11e0-8545-a4badbf4896d
Error - 9/2/2011 9:50:53 AM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4259 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f9c Start
Time: 01cc6973c42639a7 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 91da26a6-d56a-11e0-8545-a4badbf4896d
Error - 9/2/2011 12:34:54 PM | Computer Name = Dan-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.4259 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1230 Start
Time: 01cc697756db2814 Termination Time: 4 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 7bdc2af2-d581-11e0-8545-a4badbf4896d
[ System Events ]
Error - 8/4/2012 12:04:48 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.
Error - 8/4/2012 12:04:49 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.
Error - 8/4/2012 12:04:51 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/4/2012 12:05:00 AM | Computer Name = Dan-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 8/4/2012 12:05:23 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.
Error - 8/4/2012 6:09:31 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.
Error - 8/4/2012 6:09:31 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.
Error - 8/4/2012 6:09:34 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060
Error - 8/4/2012 6:09:36 AM | Computer Name = Dan-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 8/4/2012 6:10:03 AM | Computer Name = Dan-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.
< End of report >
3)aswMBR
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-04 07:24:04
-----------------------------
07:24:04.923 OS Version: Windows x64 6.1.7601 Service Pack 1
07:24:04.923 Number of processors: 4 586 0x1E05
07:24:04.923 ComputerName: DAN-PC UserName: Dan
07:24:06.951 Initialize success
07:24:11.007 AVAST engine defs: 12080400
07:24:15.297 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
07:24:15.297 Disk 0 Vendor: WDC_WD1001FAES-75W7A0 05.01D05 Size: 953869MB BusType: 3
07:24:15.328 Disk 0 MBR read successfully
07:24:15.344 Disk 0 MBR scan
07:24:15.344 Disk 0 Windows VISTA default MBR code
07:24:15.360 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:24:15.360 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10118 MB offset 81920
07:24:15.375 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 943710 MB offset 20803584
07:24:15.438 Disk 0 scanning C:\Windows\system32\drivers
07:24:28.588 Service scanning
07:24:51.754 Modules scanning
07:24:51.754 Disk 0 trace - called modules:
07:24:51.786 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006cf42c0]<<spus.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
07:24:51.801 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e9e060]
07:24:51.801 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> [0xfffffa8007b6e520]
07:24:51.801 5 ACPI.sys[fffff880010377a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007b82060]
07:24:51.801 \Driver\atapi[0xfffffa8007afa9a0] -> IRP_MJ_CREATE -> 0xfffffa8006cf42c0
07:24:53.611 AVAST engine scan C:\Windows
07:24:57.168 AVAST engine scan C:\Windows\system32
07:28:32.744 AVAST engine scan C:\Windows\system32\drivers
07:28:47.455 AVAST engine scan C:\Users\Dan
07:44:58.432 AVAST engine scan C:\ProgramData
07:49:56.517 Scan finished successfully
07:51:06.593 Disk 0 MBR has been saved successfully to "K:\New folder 2\New folder\MBR.dat"
07:51:06.608 The log file has been saved successfully to "K:\New folder 2\New folder\aswMBR.txt"
Sign In
Create Account
