Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

idp.hacktool downloads on startup [Solved]

Started by GunShipCat , Nov 18 2012 04:04 PM

  • This topic is locked This topic is locked

#1
GunShipCat
Posted 18 November 2012 - 04:04 PM

GunShipCat

    New Member

  • Member
  • Pip
  • 3 posts
Everytime I boot up my pc IDP.Hacktool.B87C2318 Ends up in my temp folder.
I need to stop because my mom is freaking out that someone is going to steal her bank account details.
So please help i would be forever grateful :D
  • 0

Advertisements

#2
Essexboy
Posted 19 November 2012 - 09:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there first I will need to take a look at the system

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image


On completion of the scan click save log, save it to your desktop and post in your next reply
  • 1

#3
GunShipCat
Posted 19 November 2012 - 08:30 PM

GunShipCat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Heres the OTL logs
OTL logfile created on: 20/11/2012 3:14:06 p.m. - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peakman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 4.54 Gb Available Physical Memory | 56.82% Memory free
15.96 Gb Paging File | 12.37 Gb Available in Paging File | 77.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1845.80 Gb Total Space | 1595.09 Gb Free Space | 86.42% Space Free | Partition Type: NTFS
Drive D: | 17.12 Gb Total Space | 2.14 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PEAKMAN-HP | User Name: Peakman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/19 10:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peakman\Desktop\OTL.exe
PRC - [2012/11/14 14:15:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/11/09 21:55:01 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/11/06 12:27:25 | 000,711,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2012/10/27 21:49:07 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Peakman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/25 07:48:07 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/09 10:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Peakman\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/09/01 03:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/08/08 02:24:18 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/07/28 09:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/15 03:59:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/03/01 16:03:40 | 001,277,952 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
PRC - [2012/03/01 15:58:30 | 000,368,640 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
PRC - [2011/12/17 09:37:30 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/12/17 09:37:26 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/12/17 09:37:18 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2011/12/13 10:06:44 | 002,678,784 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
PRC - [2011/11/15 19:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
PRC - [2011/11/02 04:24:46 | 000,616,088 | ---- | M] (Oberon Media ) -- C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe
PRC - [2011/08/17 10:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/17 10:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/13 05:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2011/07/21 07:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/07/13 19:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
PRC - [2011/03/26 13:19:08 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2011/02/24 20:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2008/11/21 06:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/15 10:03:41 | 001,072,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\aaf1ee6452691a0129bfd4a982c1464c\System.IdentityModel.ni.dll
MOD - [2012/11/15 10:03:40 | 018,058,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5273b47aa159f2aff854210c9f23a970\System.ServiceModel.ni.dll
MOD - [2012/11/15 10:02:48 | 002,906,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\0b9006d375fa5e432ce41b1f9bfa37f0\ReachFramework.ni.dll
MOD - [2012/11/15 10:02:34 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\8a8d61b84948cb58f9cf0f32b630e16d\System.Runtime.DurableInstancing.ni.dll
MOD - [2012/11/15 10:02:33 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b347108b7fd646ef7394352a242da23b\System.Runtime.Serialization.ni.dll
MOD - [2012/11/15 10:02:33 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\69c443a8321bb072f9769fad6800d399\SMDiagnostics.ni.dll
MOD - [2012/11/15 00:32:24 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\78a485faba9584cfb1a5052a4cbe71e8\PresentationCore.ni.dll
MOD - [2012/11/15 00:32:18 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\df5142941549ff71737438c85e565ab3\WindowsBase.ni.dll
MOD - [2012/11/15 00:30:12 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll
MOD - [2012/11/15 00:30:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll
MOD - [2012/11/15 00:30:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll
MOD - [2012/11/15 00:30:06 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll
MOD - [2012/11/15 00:30:06 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c15c94b675becb485d940f8f0068dc5d\System.Configuration.ni.dll
MOD - [2012/11/15 00:30:05 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll
MOD - [2012/11/15 00:30:02 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll
MOD - [2012/11/09 21:55:01 | 000,997,320 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/11/06 12:27:25 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll
MOD - [2012/11/06 12:27:25 | 000,134,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll
MOD - [2012/11/01 11:15:05 | 000,460,312 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/11/01 11:15:04 | 012,455,448 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/11/01 11:15:02 | 004,007,448 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/11/01 11:13:47 | 000,587,288 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/11/01 11:13:46 | 000,123,928 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/11/01 11:13:35 | 000,156,712 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/11/01 11:13:34 | 000,274,984 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/11/01 11:13:32 | 002,168,360 | ---- | M] () -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/10/25 07:48:05 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/25 07:47:57 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/10/25 07:47:57 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/25 07:47:57 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/25 07:47:55 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/05/30 21:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 21:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/30 20:55:48 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
MOD - [2012/04/30 20:55:45 | 008,358,400 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
MOD - [2012/04/30 20:55:45 | 001,152,512 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
MOD - [2012/04/30 20:55:45 | 000,333,824 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
MOD - [2012/04/30 20:55:45 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-51.dll
MOD - [2009/02/27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/12/09 12:38:24 | 000,607,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2011/03/26 13:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/10/11 22:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 14:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 14:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/14 14:15:50 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/11/13 08:13:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/11/06 12:27:25 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2012/10/25 07:48:07 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/11 14:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/09/19 18:16:25 | 000,668,768 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/09/01 03:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/28 09:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/15 03:59:00 | 002,458,944 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/06 01:19:00 | 003,953,632 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/12/17 09:37:30 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/12/17 09:37:26 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/12/17 09:37:18 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2011/11/15 19:41:18 | 000,249,856 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2011/08/17 10:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/13 05:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/02 10:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/21 07:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/07/13 19:57:58 | 000,082,544 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe -- (VIPAppService)
SRV - [2011/02/24 20:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/21 16:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/21 16:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/21 16:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/10/13 06:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/02 11:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/19 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/11 10:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/06 12:27:25 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/18 15:36:19 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/05/18 15:07:44 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/18 15:07:44 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 19:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 05:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/30 03:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/10 22:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/05/11 14:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/03/26 15:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/26 15:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/26 15:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/26 15:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/26 15:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsnmea.sys -- (zghsnmea)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011/01/13 04:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsdiag.sys -- (zghsdiag)
DRV:64bit: - [2010/11/21 16:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 16:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 16:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/23 16:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/14 14:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 14:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 14:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 13:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 09:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/11 09:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 09:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 09:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 09:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 14:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/115
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/115
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yah...psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/115
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/115
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yah...psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/115
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3220468
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-11-06 12:27:27&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yah...psg&type=HPDTDF
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL/115
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL/115
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL/115
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=HPDTDF
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://nz.search.yah...psg&type=HPDTDF
IE - HKU\S-1-5-21-1175683451-489007740-2374157013-1004\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl_v2 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Peakman\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Peakman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Peakman\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Symantec\VIP Access Client\ [2012/08/07 22:57:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/09 21:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/22 22:23:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/18 23:15:56 | 000,000,000 | ---D | M]

[2012/10/22 22:23:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peakman\AppData\Roaming\Mozilla\Extensions
[2012/11/19 10:42:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peakman\AppData\Roaming\Mozilla\Firefox\Profiles\5soc1tw7.default\extensions
[2012/11/18 23:37:27 | 000,000,929 | ---- | M] () -- C:\Users\Peakman\AppData\Roaming\Mozilla\Firefox\Profiles\5soc1tw7.default\searchplugins\conduit.xml
[2012/10/22 22:23:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/11 14:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/09 21:55:02 | 000,003,571 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/10/11 14:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 14:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/11 10:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Symantec VIP Access Add-On) - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\2D34D15.vbe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000..\Run: [Akamai NetSession Interface] C:\Users\Peakman\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000..\Run: [Facebook Update] "C:\Users\Peakman\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000..\Run: [SearchEngineProtection] C:\Program Files (x86)\GamesBar\SearchEngineProtection.exe (Oberon Media )
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000..\Run: [Spotify Web Helper] C:\Users\Peakman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1175683451-489007740-2374157013-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0155F0EF-764D-46DD-947F-93B87BC28587}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/30 15:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/22 12:48:37 | 000,000,045 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{9ea457ca-a094-11e1-9e52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ea457ca-a094-11e1-9e52-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/04/30 15:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/19 12:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/19 12:04:53 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/11/19 12:04:53 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/11/19 12:04:53 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/11/19 11:42:12 | 000,000,000 | ---D | C] -- C:\Users\Peakman\Zomboid
[2012/11/19 10:45:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peakman\Desktop\OTL.exe
[2012/11/18 23:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/18 23:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/18 23:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/18 23:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/17 12:15:48 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Roaming\ftblauncher
[2012/11/17 10:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/11/17 10:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/16 21:38:47 | 000,000,000 | ---D | C] -- C:\Users\Peakman\Project Zomboid By Lillnex V0.1.5d [Fixed infsleep]
[2012/11/16 21:21:44 | 000,000,000 | ---D | C] -- C:\Users\Peakman\Project Zomboid Cracked
[2012/11/15 22:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/15 22:27:10 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/11/15 22:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/15 22:26:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/11/15 22:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/15 22:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/11/15 20:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/15 20:31:06 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Roaming\hpqLog
[2012/11/15 00:30:55 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012/11/15 00:30:55 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012/11/15 00:27:40 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/11/15 00:27:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/11/15 00:27:39 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/11/15 00:27:39 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/11/15 00:27:39 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/11/15 00:27:39 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/11/15 00:27:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/11/15 00:27:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/11/15 00:27:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/11/15 00:27:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/11/15 00:27:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/11/15 00:27:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/11/15 00:27:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/11/15 00:27:38 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/11/15 00:27:38 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/11/15 00:25:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012/11/15 00:25:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012/11/15 00:25:20 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012/11/15 00:25:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012/11/14 21:00:44 | 000,000,000 | ---D | C] -- C:\Temp
[2012/11/14 20:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike Global Offensive
[2012/11/14 18:34:33 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Local\CRE
[2012/11/14 18:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/11/14 18:33:59 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Local\Conduit
[2012/11/14 14:04:30 | 000,000,000 | ---D | C] -- C:\Users\Peakman\Documents\Battlefield Play4Free
[2012/11/14 07:44:16 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012/11/14 07:44:16 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012/11/14 07:44:16 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012/11/14 07:44:09 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2012/11/14 07:44:09 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2012/11/14 07:44:09 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2012/11/14 07:44:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2012/11/14 07:44:09 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2012/11/14 07:44:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2012/11/14 07:44:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2012/11/14 07:44:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2012/11/14 07:44:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2012/11/14 07:44:09 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2012/11/14 07:44:09 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2012/11/14 07:44:09 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2012/11/14 07:44:07 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012/11/14 07:44:07 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012/11/14 07:44:07 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012/11/14 07:44:07 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012/11/14 07:44:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012/11/14 07:44:07 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012/11/14 07:43:57 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012/11/14 07:43:57 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012/11/09 15:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/08 13:18:01 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Roaming\inkscape
[2012/11/08 13:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Inkscape
[2012/11/08 10:46:18 | 000,083,968 | ---- | C] (Brother Industries, Ltd.) -- C:\Windows\SysNative\BrNetSti.dll
[2012/11/06 12:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/11/05 19:34:57 | 000,000,000 | ---D | C] -- C:\Users\Peakman\Documents\Electronic Arts
[2012/10/25 18:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/10/25 16:25:14 | 000,000,000 | ---D | C] -- C:\Users\Peakman\Pendulum
[2012/10/24 19:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Façade
[2012/10/24 19:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Facade
[2012/10/23 14:28:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/10/23 14:25:43 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SwiftKit
[2012/10/23 14:25:36 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RICHTX32.OCX
[2012/10/23 14:25:36 | 000,117,507 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msinet.ocx
[2012/10/23 14:25:36 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/10/23 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SwiftKit
[2012/10/23 14:25:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SwiftKit
[2012/10/22 22:28:22 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Local\Macromedia
[2012/10/22 22:23:54 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Roaming\Mozilla
[2012/10/22 22:23:54 | 000,000,000 | ---D | C] -- C:\Users\Peakman\AppData\Local\Mozilla
[2012/10/22 22:23:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/22 22:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/22 22:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/22 13:02:44 | 000,154,464 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/20 14:59:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1175683451-489007740-2374157013-1000UA.job
[2012/11/20 14:40:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1175683451-489007740-2374157013-1000UA.job
[2012/11/20 14:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/20 09:43:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 09:43:27 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 09:40:24 | 000,880,720 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/20 09:40:24 | 000,737,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/20 09:40:24 | 000,151,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/20 09:35:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/20 09:35:56 | 2132,393,983 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/19 17:40:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1175683451-489007740-2374157013-1000Core.job
[2012/11/19 15:06:35 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/11/19 15:06:35 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/11/19 10:45:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peakman\Desktop\OTL.exe
[2012/11/19 08:59:05 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1175683451-489007740-2374157013-1000Core.job
[2012/11/18 23:34:38 | 000,001,284 | ---- | M] () -- C:\Users\Peakman\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/18 23:34:38 | 000,001,260 | ---- | M] () -- C:\Users\Peakman\Desktop\Spybot - Search & Destroy.lnk
[2012/11/18 21:20:55 | 000,000,024 | ---- | M] () -- C:\Users\Peakman\random.dat
[2012/11/18 20:31:22 | 000,000,046 | ---- | M] () -- C:\Users\Peakman\jagex_cl_runescape_LIVE.dat
[2012/11/17 13:59:12 | 000,271,200 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/11/17 10:44:37 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/16 09:04:01 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForPeakman.job
[2012/11/15 22:27:21 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/15 20:32:46 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/15 09:10:15 | 000,342,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 18:33:37 | 000,000,969 | ---- | M] () -- C:\Users\Peakman\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/11/14 14:15:50 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/11/13 08:13:37 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/13 08:13:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/12 22:54:05 | 003,411,977 | ---- | M] () -- C:\Users\Peakman\IMG_4831.JPG
[2012/11/12 22:53:44 | 003,156,939 | ---- | M] () -- C:\Users\Peakman\IMG_4830.JPG
[2012/11/12 22:53:43 | 003,456,781 | ---- | M] () -- C:\Users\Peakman\IMG_4829.JPG
[2012/11/12 22:53:37 | 002,710,479 | ---- | M] () -- C:\Users\Peakman\_MG_4827.JPG
[2012/11/12 22:53:27 | 002,687,276 | ---- | M] () -- C:\Users\Peakman\_MG_4828.JPG
[2012/11/12 22:53:26 | 002,316,716 | ---- | M] () -- C:\Users\Peakman\_MG_4793.JPG
[2012/11/12 21:32:36 | 000,001,669 | ---- | M] () -- C:\Users\Peakman\Desktop\Project Zomboid v0.2.0q Launcher.lnk
[2012/11/10 16:17:34 | 000,002,499 | ---- | M] () -- C:\Users\Peakman\Desktop\Google Chrome.lnk
[2012/11/09 15:02:29 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/08 13:43:49 | 000,000,218 | ---- | M] () -- C:\Users\Peakman\.recently-used.xbel
[2012/11/08 13:15:17 | 000,001,033 | ---- | M] () -- C:\Users\Peakman\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2012/11/08 13:15:17 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2012/11/08 10:47:17 | 000,002,142 | ---- | M] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/11/08 10:26:23 | 000,003,796 | ---- | M] () -- C:\Users\Peakman\Desktop\centseam-35738167840.svg
[2012/11/07 23:45:06 | 000,002,217 | ---- | M] () -- C:\Users\Peakman\Desktop\Pattern School.htm
[2012/11/06 12:27:25 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/11/05 19:33:15 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/11/02 16:43:29 | 000,000,219 | ---- | M] () -- C:\Users\Peakman\Desktop\Counter-Strike Global Offensive.url
[2012/10/30 19:25:17 | 000,000,222 | ---- | M] () -- C:\Users\Peakman\Desktop\Combat Arms.url
[2012/10/23 14:25:43 | 000,001,009 | ---- | M] () -- C:\Users\Peakman\Desktop\SwiftKit.lnk
[2012/10/22 22:23:52 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/18 23:34:38 | 000,001,284 | ---- | C] () -- C:\Users\Peakman\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/11/18 23:34:38 | 000,001,260 | ---- | C] () -- C:\Users\Peakman\Desktop\Spybot - Search & Destroy.lnk
[2012/11/17 10:44:37 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/11/17 10:44:14 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/11/15 22:27:21 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/15 20:32:46 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/15 00:30:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/15 00:25:20 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/12 22:50:51 | 003,456,781 | ---- | C] () -- C:\Users\Peakman\IMG_4829.JPG
[2012/11/12 22:50:51 | 003,411,977 | ---- | C] () -- C:\Users\Peakman\IMG_4831.JPG
[2012/11/12 22:50:51 | 003,156,939 | ---- | C] () -- C:\Users\Peakman\IMG_4830.JPG
[2012/11/12 22:50:51 | 002,710,479 | ---- | C] () -- C:\Users\Peakman\_MG_4827.JPG
[2012/11/12 22:50:51 | 002,687,276 | ---- | C] () -- C:\Users\Peakman\_MG_4828.JPG
[2012/11/12 22:50:51 | 002,316,716 | ---- | C] () -- C:\Users\Peakman\_MG_4793.JPG
[2012/11/12 21:32:36 | 000,001,669 | ---- | C] () -- C:\Users\Peakman\Desktop\Project Zomboid v0.2.0q Launcher.lnk
[2012/11/08 13:43:49 | 000,000,218 | ---- | C] () -- C:\Users\Peakman\.recently-used.xbel
[2012/11/08 13:15:28 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
[2012/11/08 13:15:17 | 000,001,033 | ---- | C] () -- C:\Users\Peakman\Application Data\Microsoft\Internet Explorer\Quick Launch\Inkscape.lnk
[2012/11/08 13:15:17 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Inkscape.lnk
[2012/11/08 10:47:17 | 000,002,142 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk
[2012/11/08 10:26:23 | 000,003,796 | ---- | C] () -- C:\Users\Peakman\Desktop\centseam-35738167840.svg
[2012/11/07 23:45:06 | 000,002,217 | ---- | C] () -- C:\Users\Peakman\Desktop\Pattern School.htm
[2012/11/05 19:33:15 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3.lnk
[2012/11/02 16:43:29 | 000,000,219 | ---- | C] () -- C:\Users\Peakman\Desktop\Counter-Strike Global Offensive.url
[2012/10/30 19:25:01 | 000,000,222 | ---- | C] () -- C:\Users\Peakman\Desktop\Combat Arms.url
[2012/10/23 14:25:43 | 000,001,009 | ---- | C] () -- C:\Users\Peakman\Desktop\SwiftKit.lnk
[2012/10/22 22:23:52 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/22 22:23:52 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/11 17:49:19 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\tmb1-v32.dll
[2012/10/08 13:52:29 | 000,000,051 | ---- | C] () -- C:\Users\Peakman\jagex_cl_runescape_LIVE_BETA.dat
[2012/10/08 13:11:43 | 072,783,951 | ---- | C] () -- C:\Users\Peakman\Project Zomboid v0.2.0q working offline
[2012/10/05 19:53:20 | 000,000,047 | ---- | C] () -- C:\Users\Peakman\jagex_cl_runescape_LIVE1.dat
[2012/09/04 14:40:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/10 18:47:52 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/10 00:03:01 | 000,271,200 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/10 00:02:58 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/08/09 16:54:16 | 000,003,584 | ---- | C] () -- C:\Users\Peakman\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/08 10:04:59 | 000,000,024 | ---- | C] () -- C:\Users\Peakman\random.dat
[2012/08/08 10:04:58 | 000,000,046 | ---- | C] () -- C:\Users\Peakman\jagex_cl_runescape_LIVE.dat
[2011/12/09 12:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011/10/13 11:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/08/05 18:16:42 | 000,305,256 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/02/12 06:15:43 | 000,824,200 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2010/11/16 18:11:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\l
[2010/11/16 18:11:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\n
[2010/11/16 18:11:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\0\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\0\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\0\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\10\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\10\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\10\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\11\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\11\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\11\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\12\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\12\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\12\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\13\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\13\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\13\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\14\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\14\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\14\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\15\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\15\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\15\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\16\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\16\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\16\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\17\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\17\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\17\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\18\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\18\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\18\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\19\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\19\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\19\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1a\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1a\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1a\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1b\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1b\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1b\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1c\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1c\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1c\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1d\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1d\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1d\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1e\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1e\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1e\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1f\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1f\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1f\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1g\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1g\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1g\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1h\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1h\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1h\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1i\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1i\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1i\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1j\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1j\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1j\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1k\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1k\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1k\u
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1l\l
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1l\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1l\u
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1m\l
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1m\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1m\u
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1n\l
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1n\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1n\u
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1o\l
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1o\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1o\u
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1p\l
[2010/11/20 07:38:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1p\n
[2010/11/02 19:08:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1p\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1q\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1q\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1q\u
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1r\l
[2010/11/03 16:05:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1r\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\1r\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\2\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\2\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\2\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\3\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\3\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\3\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\4\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\4\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\4\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\5\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\5\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\5\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\6\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\6\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\6\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\7\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\7\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\7\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\8\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\8\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\8\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\9\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\9\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\9\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\a\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\a\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\a\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\b\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\b\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\b\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\c\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\c\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\c\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\d\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\d\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\d\u
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\0\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1f\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1g\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1h\l
[2010/11/03 16:14:26 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1i\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1j\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1k\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1l\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1m\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1n\l
[2010/11/03 16:14:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1o\l
[2010/11/03 16:14:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1p\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1q\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\1r\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\2\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\3\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\4\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\5\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\6\l
[2010/11/03 16:14:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\7\l
[2010/11/03 16:10:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\DIM-1\8\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\e\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\e\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\e\u
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\f\l
[2010/11/01 16:51:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\f\n
[2010/11/01 16:51:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\f\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\g\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\g\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\h\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\h\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\h\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\i\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\i\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\i\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\j\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\j\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\j\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\k\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\k\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\k\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\l\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\l\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\l\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\m\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\m\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\m\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\n\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\n\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\n\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\o\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\o\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\o\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\p\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\p\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\p\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\q\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\q\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\q\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\r\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\r\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\r\u
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\s\l
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\s\n
[2010/11/01 16:25:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\s\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\t\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\t\n
[2010/11/01 16:54:18 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\t\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\u\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\u\n
[2010/11/01 16:54:18 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\u\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\v\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\v\n
[2010/11/01 16:54:18 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\v\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\w\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\w\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\w\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\x\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\x\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\x\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\y\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\y\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\y\u
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\z\l
[2010/11/01 16:54:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\z\n
[2010/11/03 16:12:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1175683451-489007740-2374157013-1000\$RUJK4EU\z\u
[2009/07/14 17:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 18:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 17:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 14:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 16:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 14:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 14:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/21 16:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 14:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 16:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 16:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 19:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 14:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 14:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/05 11:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 18:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 17:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 16:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 16:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 16:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2012/05/18 15:02:47 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 14:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 14:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 14:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 14:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 16:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/14 14:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 14:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 14:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 14:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 14:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/04 06:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 14:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2012/05/18 15:04:33 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 19:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 19:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 14:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 16:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 16:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 16:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 19:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 14:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 16:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 16:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 16:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 16:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 16:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 16:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 14:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 18:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 16:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 16:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 16:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 16:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/14 14:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 16:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 16:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 16:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 16:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 16:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 14:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/03 11:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 16:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 14:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 16:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2012/05/18 15:03:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2012/05/18 15:03:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2012/05/18 15:03:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2012/05/18 15:03:11 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 16:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2012/05/18 15:03:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2012/05/18 15:03:11 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 16:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SERVICES >
[2009/06/11 10:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/07/28 09:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 14:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 14:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 20:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 20:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 17:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 17:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/10 10:17:52 | 000,000,414 | ---- | M] () MD5=CB1B880F9744ADAAF17D769CC4BF1FF3 -- C:\Users\Peakman\AppData\Local\Google\Chrome\User Data\Profile 2\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\HZ6Z75SZ\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2009/06/11 09:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/11 09:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 20:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/11 09:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 20:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/11 10:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 20:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/11 09:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 20:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 10:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 09:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/14 09:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.SBS >
[2011/03/01 20:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files (x86)\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2009/07/14 14:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 14:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 14:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 14:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 16:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 16:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 16:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 16:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 16:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 16:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >
Extra Logs
OTL Extras logfile created on: 19/11/2012 11:06:50 a.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peakman\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 3.77 Gb Available Physical Memory | 47.18% Memory free
15.96 Gb Paging File | 11.95 Gb Available in Paging File | 74.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1845.80 Gb Total Space | 1582.92 Gb Free Space | 85.76% Space Free | Partition Type: NTFS
Drive D: | 17.12 Gb Total Space | 2.14 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive E: | 5.56 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: PEAKMAN-HP | User Name: Peakman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.3QNBUPQRKP24LQXNNSEA7S5RKQ] -- C:\Users\Peakman\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F26BAF-81D3-4463-B7FB-34FBE07FCE2C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{12F1C31F-CF46-4938-B12F-6D7BACBC3CBD}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1363D53C-314B-4330-AEDB-0FAF13EFA959}" = lport=3390 | protocol=6 | dir=in | app=system |
"{13ED3B93-4841-425C-ABE6-E049B672A7A9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15AC6C95-EC07-4DA8-956E-A5147A064D68}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22D5337B-32C6-4FD5-9A46-09AE5CC84D19}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2697A732-9C60-4C8E-AD58-4E1ED7108BFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E321CFE-18D8-4E45-A529-741DF7C92F09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{357B44AE-F974-45D9-8EC1-B1842843F086}" = rport=137 | protocol=17 | dir=out | app=system |
"{3761B578-E268-4E6D-B22C-DF49A42599A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{39BCA655-3228-4579-B837-4F0C518EC69A}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A0B612A-4739-4164-8180-D9002C42601C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4BB825C9-B8FD-473E-8EEA-7122E51FF5C0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{54269A25-5E9A-43F1-AA28-68D0ED6C3118}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{544C1317-A865-456F-86CB-CDDFD47C673C}" = lport=139 | protocol=6 | dir=in | app=system |
"{556D8C5A-5EC8-452E-8F61-42563821D3F7}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5653575E-0A6E-43A1-AFE7-66882877A4E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{593FE495-0694-416D-88A6-A1C365D2B99A}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{5E7B7690-A6DF-49EA-9EE4-2E20358662EA}" = rport=445 | protocol=6 | dir=out | app=system |
"{60560E17-67CF-4745-AF06-9E33866754E9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6102BE45-9DC8-4669-81A3-E3E84BF6BE7B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6619E4FC-9D84-46E5-B49F-8B38CAF8C231}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{71CA05D5-7162-44D0-BFCA-8116E2B3191D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{733A3A40-2FC9-46C0-8984-3872F8620380}" = lport=138 | protocol=17 | dir=in | app=system |
"{7EC76B0C-B763-471D-B1A9-4A614B66EFCA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{81727D81-4C93-4C33-ADC5-A9033931CD9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D63E8E3-8281-473E-976E-BD17F4B015A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{90033C2F-5171-4677-872A-3AF130652AEA}" = lport=137 | protocol=17 | dir=in | app=system |
"{9418DC8E-DC8A-43E7-A8DF-10B9D4F1AEAE}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9C6CB27A-DFA8-42C1-9E14-AE7327848889}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5DF5593-DC03-43DF-B6C6-C76F85D5A0E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD36B6E4-80B7-4D47-B73C-6D9FD1CA6EE5}" = lport=3390 | protocol=6 | dir=in | app=system |
"{B134EE86-AE7D-48E8-AC4A-42B33C297B47}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5247FF7-5715-401E-979E-59C79DE896FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BC1C60AA-721C-436C-A414-72CDA0ED0640}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BECE65B5-CAF2-4CED-B704-FAE5A867BBC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C14C5005-D11C-423E-BA78-6541D23EB5E6}" = lport=10244 | protocol=6 | dir=in | app=system |
"{C27D116A-4C37-47C9-93BC-FEAE75FEF634}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C7A448AF-0388-4AFA-BE87-8C5068750C67}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CA4151A1-5271-46FE-9BC4-9355EF289FBA}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD59B475-91DD-4D40-8A3E-6F23B082894C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D05462C5-621C-4526-8028-9A9119CDEBEC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB2A13F3-6E52-4159-A3C1-74F1EE80899C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E17E70A6-C15F-40BF-84E4-D2A7D4E0DBF4}" = lport=10244 | protocol=6 | dir=in | app=system |
"{E2007E25-8971-48B4-B882-2EE86FE97CEF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E68A2DAB-0EE3-4304-978D-978E42D44473}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E9D54E09-0C7A-4115-928B-834E2052CBFC}" = rport=139 | protocol=6 | dir=out | app=system |
"{EF736223-252E-4787-876B-E23EC8365DC5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F71BEA44-AE45-42A8-810C-4DE718BB2689}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FB7FE59A-4302-45A8-8C7B-D2BFFD6BDFA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00629398-167A-4E66-BB58-833E659A4698}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{0172C28A-A469-403F-97EC-3B3440A52A19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{02F41E61-3CCC-4826-84B3-FA5DA2244DA3}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{035C8180-90F5-4228-AECE-0865997A3DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{096E3071-CCB3-407F-BE9B-BD80A670B86B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{0A4DEB64-130D-45F6-B217-038DC265447F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{11094A89-5BBB-4CB4-A335-0CABE4937F19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1283A5AB-EEB6-448D-94E3-837FB3102896}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1301C419-72B6-48AF-8FDD-B7452E010F79}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{13922AFC-ED6B-4C8F-85F6-3A0435D0BF50}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{1553F050-0886-4BAC-AA32-7DA926E62268}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{172DF552-D623-4729-BC8A-005B65FAFF04}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{180BF289-53DD-41A0-863F-A7C36AEA5697}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{1BECCF03-8509-432F-B4A4-F424ADEC3B69}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{1DFEC5A6-A504-4150-8F73-7C09A0C9F0AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E74E83E-3E0E-4FC2-8821-78FA8D26E9D8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{1FBAB702-D110-48BA-BC1F-9D81437B56D3}" = protocol=1 | dir=in | [email protected],-28543 |
"{20CEDCFB-276A-4202-B52E-67CDD0BE7198}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{23791A44-8D31-4CFC-BF8C-DADD923AFFB7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{2A563A96-9E1F-47A2-8D8F-D8CC74806A2D}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2B135C8E-EBF1-4E0B-8F77-1B4C963D3047}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{2B9FD117-3D31-4C3E-9308-19B3E30AC76D}" = protocol=6 | dir=out | app=system |
"{2CE5D045-527B-451F-96BF-818E733490AF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{333AB110-34B7-4F1E-80D8-7929661F84C2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{351FE594-5620-410C-816D-D054E469060F}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{39EA0B37-E81F-4871-9E2D-832913F1BF80}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe |
"{3C2BEF5C-6B6C-44E5-BC38-35B2841A68BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C8F691D-C465-44ED-AA3A-14355114C91A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3D9252DF-0F7F-4CB8-A88F-F234AA01A2BB}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{3DE0AE8C-0A2E-46B6-B6AA-9A39EB938C80}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{40E2C872-2415-4F1E-954B-B52C806DBCC1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{41433C9B-5782-4B43-91F3-53BF18B8B60C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4537B3F1-92C8-4B44-8AFB-FBAC4DD20447}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{4562629B-F8C4-428D-AFAA-AD2DF46AD82E}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4D23ED87-E238-44D1-8D5B-5B990F29EBE7}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5210AD47-43F7-4C12-B26B-39A9EA9EC811}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5223F082-CD13-46C1-BCA6-7F8171A87641}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{545F81DF-6526-44A1-A6B7-9EE23A2E5FC4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5505803C-61C2-43D3-9E09-0419D48EA4CC}" = protocol=6 | dir=out | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{5AC0F4F9-8F08-4867-9EF7-17AF0FE4C675}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B08C06D-75EF-45CC-B33B-E9640041F0FE}" = protocol=1 | dir=out | [email protected],-28544 |
"{5CD49368-A02F-4D3E-83C2-5516701C46A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{61E42ECE-7A0E-432A-91E7-636086F62E73}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\engine.exe |
"{627CD292-8D65-4B0F-9A01-63BF99DB4525}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{64F09F61-55D8-4455-AB28-5F2A7756E0FD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6695E5F5-7BBA-4A70-B2B5-AB930B465373}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{69C5106A-A547-4123-8C0A-FE2B174C6987}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{69F15174-9FA3-4AE9-8E6C-67F62DA59501}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{6A6360CC-1BCB-4D01-A0D0-245B7669F781}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6DFD6B38-A41D-4465-9908-4E7CF78B6D5A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6FAD2665-23FA-47E9-B5B4-42B936B8FFF5}" = protocol=58 | dir=in | [email protected],-28545 |
"{6FAED6DB-21A0-41E3-9D07-B9D8B5027572}" = protocol=58 | dir=out | [email protected],-28546 |
"{6FE68BC6-BF9C-4062-A573-D61792A64AF5}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2 free\arma2free.exe |
"{716BE02B-BF30-4AF3-8375-02CC2429A10D}" = protocol=17 | dir=out | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{719404A1-518D-4D47-B1CE-55A001BBFFA5}" = dir=in | app=c:\users\peakman\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{71EC73CD-3A70-4C9A-B4FC-1BF230A956F5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\combat arms\calauncher.exe |
"{73055FCF-7499-41EF-876E-B053B409CA7E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{75EA4F47-0A4E-4F05-A060-62BAF027746E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77EED424-AF39-48AD-A42E-B0DE64BB3FC3}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7B31F738-B92E-45C7-A4F6-5EC64290A9F9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{7FA89CD2-6322-4B24-A1D4-356110F8D5E2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warincbattlezone\rsupdate.exe |
"{7FBC2567-739C-4281-9409-4C8885004F89}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gotham city impostors f2p\impostors.exe |
"{88AE895C-681E-4868-96FF-B202FA97ACF3}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield 2\bf2.exe |
"{8A0F1CE5-2181-4F72-82E8-7D457DC01F34}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{8C113BAC-44EF-4DEF-9F17-D89A64061D8A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8E49BBB6-A106-4FCD-919C-CC73351F6FB5}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\remote graphics receiver\rgreceiver.exe |
"{8F4B2EE5-98D3-434D-8D90-7DFCEFCD8A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{9231262D-346F-43B7-9BB4-EA81A9A44129}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{97757BE8-2AE3-4A7E-A389-891E6E9D42BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9867CA8C-6F1F-40F4-BA7E-B2C07A8F67D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe |
"{98E204CE-83DA-4A45-895D-9152982E03BF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{9AAA85FC-4546-4648-A2CE-753ACAF4A634}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{9C013DF1-08F3-4B5D-B9C4-32843E7DFD19}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\hp linkup\hp linkup viewer.exe |
"{A4203552-4189-4891-B6C3-4BAE8086CED0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\blacklightretribution\blacklight retribution.exe |
"{A4F6F0FB-1779-4CBB-B312-C001E3C6E5B1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8C656F5-46B1-4EA5-BDE8-EC5A15A85F76}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{A9AA5A40-8466-48BE-B90B-0ABFC8328488}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{A9C8C400-7709-4F25-8884-E8BEED49076E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{A9E2CA28-7BC6-4D2E-BCCA-BEEDA54CB64C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA6B4811-616E-49A8-B9D9-AA548775EB14}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{AAF7F6D9-9A25-4F2E-991F-314FA8CED9B4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B2605358-5FA2-456E-9BC2-C43DEF9E644B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B83B6FF9-943E-4E28-8C29-DA0417CEC2C6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{BD7E8050-A06D-4D29-9806-FFFB421AF2EE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\maplestory\nxsteam.exe |
"{BFECA15D-EE2D-43A7-B0B7-64D00481E0F0}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{C4CFBF1A-22B9-4C90-8BCB-D7FFAE077E44}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C78DD80C-F679-463B-BDB7-179FFC5A3779}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C82EFEE3-6BAD-4561-8568-5B579E224587}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\launcher\apblauncher.exe |
"{CADE8F14-4CCA-4492-9663-DE5D9D89241D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{D1B75FED-725A-434A-B7ED-486AFA2A3E47}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{D697128A-4701-43D6-B620-A2431073CEEB}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{D77A81FB-F8FA-4D34-91A2-14E182DEA62B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC108D81-4CAB-4623-B3E4-53371F32A7D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E901DA24-88EF-4E28-BE6D-832AA5DB4EA8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E9B2C149-867A-4863-9570-56BDBE68A043}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F75671E4-B48E-4EFE-A865-2262D95CCFDA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F9BA532E-6418-41E1-AF05-01B0BD939DEB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{FA24C0CE-5378-4E52-9506-57DBED907965}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{105EFC9F-AE3D-4E18-843D-523329B29739}C:\users\peakman\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\peakman\appdata\roaming\spotify\spotify.exe |
"TCP Query User{144CB14D-57A7-426C-A084-586D822E13CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{23BE93B2-C379-44BA-A6F0-0E99C8A45A78}C:\users\peakman\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\peakman\appdata\local\akamai\netsession_win.exe |
"TCP Query User{38D51AB0-82FC-43A6-9849-0A91F42EF5C8}C:\users\peakman\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\peakman\downloads\utorrent.exe |
"TCP Query User{6160D13F-7B57-4891-A974-D98159C86277}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{8C80EE16-0155-42D9-AAE9-0BAD5E49D0CD}C:\program files (x86)\steam\steamapps\gunshipcat\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\gunshipcat\team fortress 2\hl2.exe |
"TCP Query User{9294E2D8-9D55-4601-9BFF-DE74BB914390}C:\games\cod4\call of duty modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\games\cod4\call of duty modern warfare\iw3mp.exe |
"TCP Query User{C043B48D-F00A-4AFF-9D3B-0B9027A2C401}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{DD26D645-A9F7-453B-8FB8-155A1FC04E08}C:\users\peakman\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\peakman\appdata\local\akamai\netsession_win.exe |
"UDP Query User{06260619-47F7-4A5B-BD74-246EFCAD2DD4}C:\users\peakman\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\peakman\appdata\local\akamai\netsession_win.exe |
"UDP Query User{4F806A0F-5DF3-4477-A9EA-6F49108DEEB6}C:\users\peakman\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\peakman\appdata\roaming\spotify\spotify.exe |
"UDP Query User{62A7F4B3-04B6-44F2-AD66-AD284FF6DB5E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{7423F59A-1923-45B1-8BAB-488B00F7F196}C:\users\peakman\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\peakman\appdata\local\akamai\netsession_win.exe |
"UDP Query User{783BF046-CD33-41D7-95E1-E5491F9784B3}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{7D06B1D1-B16F-473F-A2AE-B4D02B05A657}C:\users\peakman\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\peakman\downloads\utorrent.exe |
"UDP Query User{8CC95E10-5137-4D40-B7E8-2ABCBA98E1FE}C:\games\cod4\call of duty modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\games\cod4\call of duty modern warfare\iw3mp.exe |
"UDP Query User{EF4722BF-D37C-4F08-A45B-593A59DC5F35}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{F0213AA0-E0D3-4C93-B968-0020FC0842BD}C:\program files (x86)\steam\steamapps\gunshipcat\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\gunshipcat\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1111706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 (64-bit)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2222706F-666A-4037-7777-211648764D10}" = JavaFX 2.1.1 SDK (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java™ 7 Update 5 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Bluetooth by hp
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client
"{64A3A4F4-B792-11D6-A78A-00B0D0170050}" = Java SE Development Kit 7 Update 5 (64-bit)
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B305FB9-297D-4F86-BC8B-740E7A1EF200}" = AVG 2013
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BB0CAB96-2EDE-4DDF-B6F3-AEE02C0F1CA4}" = AVG 2013
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}" = HP Clock
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{16FC3056-90C0-4757-8A68-64D8DA846ADA}" = Remote Graphics Receiver
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20714B53-FC73-4F9C-9687-49EB237D6FD7}" = HP TouchSmart RecipeBox
"{24BCB3FE-AE8B-44A0-99CB-8CD0C9EDDD7B}" = Guncraft
"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}" = HP Calendar
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF959E3-FFE4-46C4-96DA-03F26BCFEFCC}" = Brother MFL-Pro Suite DCP-J140W
"{31081a51-9336-475f-83a2-c5f86927f35b}" =
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1" = Spot
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics
"{55EB2692-FAFE-4352-AACD-AB9379E57F08}" = XSplit
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1" = Bubble Wrap
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E750542-55BC-4300-8B7B-AC2A762FB435}" = HP LinkUp
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1" = HP Magic Canvas Tutorials
"{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}" = HP Notes
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE50893-3A87-4439-9A57-942ED43F7189}" = Facebook
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FA13759-5C2B-4177-9DDC-0038F8B5BEFD}" = Bing Bar
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A35E58D6-2A0F-4051-983B-79342081338E}" = HP RSS
"{A393CDFF-BEB8-48EA-990D-2EB35B311D23}_is1" = Tap Tap Bear
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2B7B1C8-7C8B-476C-BE2C-049731C55992}" = HP Support Information
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C01A86F5-56E7-101F-9BC9-E3F1025EB779}" = Intel® Identity Protection Technology 1.1.2.0
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1" = Metric Converter
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}" = HP Magic Canvas
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8D46836-CD55-453C-A107-A59EC51CB8DC}" = VIP Access
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{F89BADB0-D319-470E-8024-443EE3A3402B}" = TSHostedAppLauncher
"{FD9C31B6-F572-414D-81E3-89368C97A125}_is1" = CamStudio OSS Desktop Recorder
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Alliance of Valiant Arms" = Alliance of Valiant Arms
"ArmA 2" = ArmA 2 Free Uninstall
"ASIO4ALL" = ASIO4ALL
"AVG Secure Search" = AVG Security Toolbar
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"FL Studio 10" = FL Studio 10
"GamesBar" = GamesBar 2.0.1.109
"IL Download Manager" = IL Download Manager
"Inkscape" = Inkscape 0.48.2
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"LAGARITH" = Lagarith lossless video codec (Remove Only)
"Mozilla Firefox 16.0.1 (x86 en-US)" = Mozilla Firefox 16.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"Plants vs. Zombies" = Plants vs. Zombies
"PlayClaw 1.8 build 760" = PlayClaw 1.8 build 760
"PlayClaw_is1" = PlayClaw 3
"PunkBusterSvc" = PunkBuster Services
"Sandbox" = Sandbox
"Sniper Elite V2_is1" = Sniper Elite V2
"Steam App 107900" = War Inc. Battlezone
"Steam App 113400" = APB Reloaded
"Steam App 206210" = Gotham City Impostors: Free To Play
"Steam App 209870" = Blacklight: Retribution
"Steam App 216150" = MapleStory
"Steam App 440" = Team Fortress 2
"Steam App 730" = Counter-Strike: Global Offensive
"SuddenAttackNA" = SuddenAttack
"Sumotori Dreams" = Sumotori Dreams
"TeamViewer 7" = TeamViewer 7
"VIP Access SDK" = VIP Access SDK (1.0.1.4)
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WTA-06a47d60-7186-4f59-a400-23db444846b8" = FATE
"WTA-0754bf77-6009-4464-a112-73162d399395" = Poker Superstars III
"WTA-1e326669-431a-411c-824b-3572480c8ba8" = Polar Bowler
"WTA-1f4eff2d-cdba-4be7-977d-f9022c9e5fbe" = Bejeweled 3
"WTA-25d5ca26-a99c-44d2-a1e1-75bbc7fb0691" = The Treasures of Mystery Island: The Ghost Ship
"WTA-2ab2890c-e247-472c-a38e-4641168d7641" = Virtual Villagers 4 - The Tree of Life
"WTA-39272579-e400-404a-97b8-cd1e88530d99" = Penguins!
"WTA-4a2d9e45-9847-4dd4-a301-f116f6c283dc" = Letters from Nowhere 2
"WTA-4dcd3184-2066-4d13-bf4e-3637c8a0ef66" = Dora's World Adventure
"WTA-50b73cdd-b3b1-4dca-82d0-1afbca5292aa" = Luxor HD
"WTA-6af86130-b49c-4b67-8bac-17f3aa319de4" = Torchlight
"WTA-77361101-6086-4a3f-b7b3-0b3f33c6ec9d" = John Deere Drive Green
"WTA-8049f6c1-0e10-4490-ada0-5e0add59f365" = Cradle of Rome 2
"WTA-91d286d2-798c-499b-b215-2104096b0974" = RollerCoaster Tycoon 3: Platinum
"WTA-9d5cac5c-f46e-4144-a355-924952ea9fa3" = Chuzzle Deluxe
"WTA-9fc55463-1b53-44a4-a061-1b0fdba78b05" = Farm Frenzy
"WTA-a2dea646-fefd-4f51-83d9-6a2b332f2a79" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-a476c7a0-f04c-4d30-ac14-80a00ffa2a48" = Hoyle Card Games
"WTA-a50d30cb-2b2a-45f7-8148-479e527d8f1a" = Plants vs. Zombies - Game of the Year
"WTA-b4a031b7-ee92-4f75-8b2f-3492c08b0001" = Farmscapes
"WTA-bdd313c4-498f-4423-a96c-03b0302d0f83" = Jewel Match 3
"WTA-c5b7de11-b9b7-49c6-821b-8ce44daf6f49" = Final Drive Fury
"WTA-da943db7-7a35-486d-9345-a3bd22a7fe7c" = Blackhawk Striker 2
"WTA-ec84fa1a-c00f-4075-8ef4-18a7b8a1c80e" = Zuma's Revenge
"WTA-f3f7e594-f8d6-4e1d-ad06-34b4e2f4e013" = Polar Golfer
"WTA-fab9d9cc-0937-43f6-aa60-0e6339fd175d" = Mah Jong Medley
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Spotify" = Spotify
"SwiftKit" = SwiftKit

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/11/2012 11:08:46 p.m. | Computer Name = Peakman-HP | Source = Application Error | ID = 1000
Description = Faulting application name: btsendto_explorer.exe, version: 6.3.0.8200,
time stamp: 0x4d8d2afb Faulting module name: btsendto.dll, version: 6.3.0.8200,
time stamp: 0x4d8d2a0d Exception code: 0xc0000005 Fault offset: 0x0000000000011a81
Faulting
process id: 0x2610 Faulting application start time: 0x01cdc082e68bca26 Faulting application
path: c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_explorer.exe Faulting
module path: c:\Program Files\WIDCOMM\Bluetooth Software\btsendto.dll Report Id:
456f61d0-2c76-11e2-b4df-74de2b7a5e8f

Error - 12/11/2012 3:41:38 a.m. | Computer Name = Peakman-HP | Source = Google Update | ID = 20
Description =

Error - 12/11/2012 5:49:34 a.m. | Computer Name = Peakman-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 5.10.0.116, time stamp:
0x50001496 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x8b762f13 Faulting process id: 0x2c30 Faulting application
start time: 0x01cdc0b13b6a94e9 Faulting application path: C:\Program Files (x86)\Skype\Phone\Skype.exe
Faulting
module path: unknown Report Id: 4339b1ce-2cae-11e2-b4df-74de2b7a5e8f

Error - 12/11/2012 5:00:00 p.m. | Computer Name = Peakman-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 14/11/2012 1:29:08 a.m. | Computer Name = Peakman-HP | Source = Application Error | ID = 1000
Description = Faulting application name: hl2.exe, version: 0.0.0.0, time stamp:
0x50892fd6 Faulting module name: playclaw.dll, version: 0.0.0.0, time stamp: 0x4b584a8a
Exception
code: 0xc0000005 Fault offset: 0x0003ade0 Faulting process id: 0x2c80 Faulting application
start time: 0x01cdc22274071a8c Faulting application path: c:\program files (x86)\steam\steamapps\gunshipcat\team
fortress 2\hl2.exe Faulting module path: C:\Program Files (x86)\Sytexis Software\PlayClaw\playclaw.dll
Report
Id: 35fbb9bc-2e1c-11e2-9faf-74de2b7a5e8f

Error - 14/11/2012 5:39:40 p.m. | Computer Name = Peakman-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/11/2012 4:22:48 p.m. | Computer Name = Peakman-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

Error - 15/11/2012 9:42:20 p.m. | Computer Name = Peakman-HP | Source = Application Hang | ID = 1002
Description = The program TS3W.exe version 0.2.0.190 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 14e4 Start Time:
01cdc39b5fb44fdc Termination Time: 0 Application Path: C:\Program Files (x86)\Electronic
Arts\The Sims 3\Game\Bin\TS3W.exe Report Id:

Error - 16/11/2012 9:34:03 p.m. | Computer Name = Peakman-HP | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7601.17567,
time stamp: 0x4d672ee4 Faulting module name: ole32.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c92c Exception code: 0xc0000005 Fault offset: 0x0000000000029fa9
Faulting
process id: 0x1234 Faulting application start time: 0x01cdc4413caae2d4 Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: C:\Windows\system32\ole32.dll
Report
Id: de01c81b-3056-11e2-bfa2-74de2b7a5e8f

Error - 17/11/2012 7:43:47 p.m. | Computer Name = Peakman-HP | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\SplitMediaLabs\XSplit\XSplitBroadcasterSrc.exe".
Dependent
Assembly Native.XSplitBroadcaster.exe,type="win32",version="1.0.0.0" could not
be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 5/09/2012 3:31:04 a.m. | Computer Name = Peakman-HP | Source = Microsoft-Windows-Media Center Extender | ID = 301
Description =

Error - 9/11/2012 7:40:35 p.m. | Computer Name = Peakman-HP | Source = MCUpdate | ID = 0
Description = 12:40:35 p.m. - Error connecting to the internet. 12:40:35 p.m. -
Unable to contact server..

Error - 9/11/2012 7:41:06 p.m. | Computer Name = Peakman-HP | Source = MCUpdate | ID = 0
Description = 12:40:59 p.m. - Error connecting to the internet. 12:40:59 p.m. -
Unable to contact server..

[ System Events ]
Error - 14/11/2012 4:10:20 p.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 14/11/2012 4:10:29 p.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 14/11/2012 4:12:08 p.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 14/11/2012 4:45:05 p.m. | Computer Name = Peakman-HP | Source = DCOM | ID = 10010
Description =

Error - 14/11/2012 6:03:57 p.m. | Computer Name = Peakman-HP | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 15/11/2012 5:24:57 a.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 15/11/2012 5:25:08 a.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 15/11/2012 5:26:08 a.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 15/11/2012 4:04:02 p.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 15/11/2012 4:04:08 p.m. | Computer Name = Peakman-HP | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >

aswMBR Scan
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 15:26:30
-----------------------------
15:26:30.956 OS Version: Windows x64 6.1.7601 Service Pack 1
15:26:30.956 Number of processors: 8 586 0x2A07
15:26:30.957 ComputerName: PEAKMAN-HP UserName: Peakman
15:26:35.183 Initialize success
15:26:44.853 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:26:44.855 Disk 0 Vendor: ST2000DL HP16 Size: 1907729MB BusType: 3
15:26:44.877 Disk 0 MBR read successfully
15:26:44.879 Disk 0 MBR scan
15:26:44.882 Disk 0 Windows 7 default MBR code
15:26:44.894 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:26:44.900 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 1890100 MB offset 206848
15:26:44.934 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17527 MB offset 3871131648
15:26:44.973 Disk 0 scanning C:\Windows\system32\drivers
15:26:51.927 Service scanning
15:27:04.168 Modules scanning
15:27:04.176 Disk 0 trace - called modules:
15:27:04.199 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:27:04.204 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009fdb790]
15:27:04.211 3 CLASSPNP.SYS[fffff88001dba43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b54050]
15:27:04.217 Scan finished successfully
15:29:59.749 Disk 0 MBR has been saved successfully to "C:\Users\Peakman\Desktop\MBR.dat"
15:29:59.752 The log file has been saved successfully to "C:\Users\Peakman\Desktop\aswMBR.txt"
  • 0

#4
Essexboy
Posted 20 November 2012 - 08:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if it reappears after this reboot

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKLM..\Run: [Adobe] C:\ProgramData\Adobe\2D34D15.vbe ()

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 1

#5
GunShipCat
Posted 20 November 2012 - 05:50 PM

GunShipCat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks mate for the help it worked great now my mum can stop getting annoyed
  • 0

#6
Essexboy
Posted 21 November 2012 - 08:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#7
Essexboy
Posted 25 November 2012 - 07:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP