Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

'Terrorist' Virus program on Login [Solved]


  • This topic is locked This topic is locked

#1
ChaseAllen

ChaseAllen

    Member

  • Member
  • PipPip
  • 15 posts
My computer is currently suffering from a pretty nasty virus. I was being far too naive yesterday and ended up downloading a suspicious executable. Norton rang it up as clean and I ran it. 
This alleged program turns up to be some kind of hacker's cruel joke. It's essentially a terrorist program. A window pops up with a splash browser, to their website, telling me to download this file (obviously some other info-stealing virus) in order to receive a 'code' to disable this program.
Trying to close the window leaves me with some misspelled warning message that my system will be 'unusable' after another failure to comply. Instead the messages stop coming.
This window is forced to stay ontop (layer wise) and my taskbar is GONE! The start button still remains. Right clicking where the taskbar was acts like its not there and performs the action as if I clicked on my desktop. This program also blocks task manager and prevents me from shutting down my computer.
I force shut off and boot up again. The program boots up again, about 30 seconds after login. I manually shut off again and reboot in Safe mode.
All is normal. I remove the .exe, and perform a full system scan with Norton. It turns up with nothing but a few tracking cookies it fixes. I then search for registry errors with CCcleaner and come up with nothing ( figured there might be one since I deleted the .exe). I then open up MSconfig and see nothing suspicious. I then look around in Regedit for a few startup places that I remember from when my XP suffered a startup Trojan a few years back. I find nothing. A notable place that I didn't check yet is the startup folder.
I reboot and find that the terrorist sunovab*tch comes back again. So it's installed somewhere on my PC.
I poke around my Windows folder to see if anything has been modified recently. 6 files were modified approx the same time of the attack. They seem like log files (.log). But one in particular sticks out. "Bootstat.dat". I googled it for a bit and learned that malware often attacks this file. Coincidence?
Operating System: Windows 7 H.P 64-bit
Computer manufacturer: MSI
Additional info: If anyone has any utility recommendations for me, please give me tips on how to get it on my PC without Internet connection (I don't want this spreading over my network). Would it be safe to use a USB?
Any help will be very much appreciated!! I really need this computer later this week for a statewide student Film Competiton.
P.S: I'm very sorry if this sounds too story-like. My intent was to not leave out any small detail, but upon review, it sounds a little more elaborate than factual.
  • 0

Advertisements


#2
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Hello ChaseAllen and welcome to the G2G forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


It is not likely that this will transfer through the network.

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop.

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

If you would rather, download this to a flash drive and transfer it to the desktop of the infected computer and then run it from there.

Please post the contents of the RKreport.txt in your next reply.

Satchfan
  • 0

#3
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thank you for the quick response! :happy:

My log:

RogueKiller V8.5.2 _x64_ [Mar 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode
User : Chase [Admin rights]
Mode : Scan -- Date : 03/10/2013 14:36:41
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : System32 (C:\Users\Chase\AppData\Roaming\System32.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4202249203-2081045625-221674608-1000[...]\Run : System32 (C:\Users\Chase\AppData\Roaming\System32.exe) [-] -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (98.103.7.148:3128) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 +++++
--- User ---
[MBR] 3850432c90262337cc186abb20c2475d
[BSP] 90ee7e9e023af42ba1d3029d6be77734 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 279959 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598728704 | Size: 184591 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03102013_02d1436.txt >>
RKreport[1]_S_03102013_02d1436.txt
  • 0

#4
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan click on the “Registry” tab
  • make sure these entries there are checked, then click on Delete:

[RUN][SUSP PATH] HKCU\[...]\Run : System32 (C:\Users\Chase\AppData\Roaming\System32.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-4202249203-2081045625-221674608-1000[...]\Run : System32 (C:\Users\Chase\AppData\Roaming\System32.exe) [-] -> FOUND

  • once again in the RogueKiller console, click the “Proxy” tab
  • make sure the entries there are checked, then click on Fix Proxy button
You should have 2 RogueKiller RKreports to post:

1. Mode: Delete
2. Mode: ProxyFix

======================================================

Please download TDSSKiller.zip

  • extract it to your desktop
  • double click TDSSKiller.exe
  • press Start Scan
  • only if Malicious objects are found then ensure Cure is selected
  • then click Continue > Reboot now
  • copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\) called TDSSKiller_*** (*** denotes version & date)

======================================================

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------
  • double click on ComboFix.exe & follow the prompts.
  • when finished, it will produce a report: please post the C:\ComboFix.txt log in your reply.
Logs to include in your next post:

2 RogueKiller RKreports
TDSSK report
ComboFix.txt


Satchfan
  • 0

#5
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Is it now safe to run windows normally?

I've included the logs as attachments to reduce clutter; is that okay?

Attached Files


  • 0

#6
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
That’s looking much better.

Is it now safe to run windows normally?

Try starting normally after running RogueKiller again as you missed a fix.

Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

  • close all programs
  • double-click RogueKiller.exe - Windows 7: right-click the program and select Run as Administrator'
  • after it has completed it's prescan click on the “Registry” tab
  • make sure this entry is checked, then click on Delete:


[RUN][SUSP PATH] HKUS\S-1-5-21-4202249203-2081045625-221674608-1000[...]\Run : System32 (C:\Users\Chase\AppData\Roaming\System32.exe) [-] -> FOUND


======================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.
===================================================

Download and run Junkware Removal Tool

Posted Image Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

Logs to include in the next post:

AdwCleaner log
JRT.txt


Thanks

Satchfan
  • 0

#7
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
I'm not seeing the missed entry in RougeKiller. Should I assume that it got deleted at some other point in time and proceed with running AdwCleaner and Junkware Removal Tool?

I've included my RougeKiller log.

Thank you for your time :happy:

Attached Files


  • 0

#8
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Yes, please run the other programs.

Can you please also let me know if you can boot in normal mode.
  • 0

#9
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Yes, I was able to boot normally! Took an incredibly long time the first time though, however, I suppose that's because it hadn't been booted normally in a little while.

AdwCleaner also removed some adware I thought was gone quite some time ago.

Many, many thanks!

Attached Files


  • 0

#10
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
We’re making progress but need more checks to be sure there isn’t more lurking, (don't want any problems left that will mess up your Film Competition) :).

Download and run OTL

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.
Can you tell me if there are any outstanding problems.

Satchfan
  • 0

Advertisements


#11
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL.txt:

OTL logfile created on: 3/12/2013 7:38:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chase\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.65% Memory free
7.59 Gb Paging File | 5.57 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 132.01 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 96.90 Gb Free Space | 53.76% Space Free | Partition Type: NTFS

Computer Name: CHASE-LAPTOP | User Name: Chase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/12 19:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chase\Desktop\OTL.exe
PRC - [2012/12/10 18:29:46 | 002,254,768 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012/10/10 22:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccsvchst.exe
PRC - [2012/08/18 22:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Family\Engine\2.6.0.61\ccsvchst.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/16 10:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/07/16 10:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 23:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/01 14:32:06 | 002,408,448 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2010/01/18 13:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
PRC - [2010/01/18 13:27:40 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
PRC - [2009/10/22 13:55:24 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/10/22 13:55:22 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/15 18:02:58 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\msi\EasyFace Logon\KillAutoAP.exe
PRC - [2009/07/09 18:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/28 19:08:19 | 000,459,728 | ---- | M] () -- C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/02/28 19:08:16 | 004,050,896 | ---- | M] () -- C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/02/28 19:07:25 | 000,596,944 | ---- | M] () -- C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll
MOD - [2013/02/28 19:07:24 | 000,124,368 | ---- | M] () -- C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll
MOD - [2013/02/28 19:07:21 | 001,552,848 | ---- | M] () -- C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2013/02/14 04:33:34 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 20:37:38 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013/01/10 20:34:56 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 20:34:29 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 20:34:16 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 20:34:11 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 20:34:08 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 20:34:07 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 20:34:03 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/05/30 10:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\wincfi39.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/18 13:27:42 | 000,139,944 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
MOD - [2010/01/18 13:27:40 | 000,770,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
MOD - [2009/12/16 13:07:29 | 001,159,168 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadrs.dll
MOD - [2009/12/16 13:04:21 | 000,389,120 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
MOD - [2009/07/15 18:02:58 | 000,348,160 | ---- | M] () -- C:\Program Files (x86)\msi\EasyFace Logon\KillAutoAP.exe
MOD - [2009/05/27 08:16:50 | 000,192,512 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
MOD - [2009/04/07 15:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
MOD - [2009/03/30 08:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epoemdll.dll
MOD - [2009/03/30 08:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
MOD - [2009/03/30 08:37:44 | 002,203,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizres.dll
MOD - [2009/03/30 08:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epwizard.dll
MOD - [2009/03/30 08:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
MOD - [2009/03/30 08:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\epfunct.dll
MOD - [2009/03/30 08:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\eputil.dll
MOD - [2009/03/30 08:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\imagutil.dll
MOD - [2009/03/10 01:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
MOD - [2009/03/02 10:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
MOD - [2009/02/20 04:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsmr.dll
MOD - [2009/02/20 04:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\SysWOW64\LXEAsm.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV:64bit: - [2010/01/07 17:08:33 | 001,052,328 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxeacoms.exe -- (lxea_device)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:47 | 000,081,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tlntsvr.exe -- (TlntSvr)
SRV:64bit: - [2009/07/13 21:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/13 01:18:24 | 001,924,400 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysNative\vcsFPService.exe -- (vcsFPService)
SRV - [2013/02/15 14:08:20 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/12/10 18:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/10/19 16:14:08 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/10 22:29:14 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ccSvcHst.exe -- (N360)
SRV - [2012/08/18 22:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Family\Engine\2.6.0.61\ccSvcHst.exe -- (NSM)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/16 10:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/14 15:55:53 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/14 20:45:32 | 000,045,736 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe -- (lxeaCATSCustConnectService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 23:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/01/27 17:22:18 | 000,044,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\MSI Game Corner\Game Console\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2010/01/07 17:08:22 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxeacoms.exe -- (lxea_device)
SRV - [2009/10/22 13:55:24 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2009/09/30 08:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 08:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/13 21:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/07/13 01:04:26 | 001,656,112 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vcsFPService.exe -- (vcsFPService)
SRV - [2009/07/09 18:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/24 23:26:03 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/08 21:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 21:40:36 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 21:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symds64.sys -- (SymDS)
DRV:64bit: - [2012/10/03 21:19:14 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/06 22:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSMx64\0206000.03D\ccsetx64.sys -- (ccSet_NSM)
DRV:64bit: - [2012/07/27 23:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/07/22 21:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/07/21 02:53:40 | 000,243,872 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NSMx64\0206000.03D\symrdrs.sys -- (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A})
DRV:64bit: - [2012/05/25 01:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402000.013\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/03/03 22:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/02 18:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/01/18 08:37:56 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/12/04 10:50:22 | 000,087,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR)
DRV:64bit: - [2009/10/12 21:15:20 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2009/10/12 21:15:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 17:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2013/03/12 18:26:20 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130312.005\ex64.sys -- (NAVEX15)
DRV - [2013/03/12 18:26:20 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130312.005\eng64.sys -- (NAVENG)
DRV - [2013/02/23 11:29:24 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130309.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/02/08 01:53:20 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/10/07 16:41:56 | 000,092,536 | ---- | M] (WinMount International Inc) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\WMDrive.sys -- (WMDrive)
DRV - [2012/08/08 22:33:52 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/08 22:33:52 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004/05/17 09:04:16 | 000,041,984 | ---- | M] (DeviceGuys, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{D990D8CA-0F55-4F91-B5A8-818FE8AE7671}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0B472ADB-645E-44E6-879F-32E54FDE50CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\SearchScopes\{E2298BFB-F784-4B2A-AAE3-5E820ECF5318}: "URL" = http://websearch.ask...D4-ED4E693C322B
IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Chase\AppData\Local\Roblox\Versions\version-25fee90509674ec1\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chase\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chase\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chase\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt\ [2011/07/25 07:02:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013/03/12 19:27:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\ [2013/03/12 19:24:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013/02/26 16:05:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext [2011/07/25 07:02:43 | 000,000,000 | ---D | M]

[2012/09/07 16:05:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\extensions
[2012/09/07 16:05:35 | 000,000,000 | ---D | M] (uTorrentControl_v2) -- C:\Users\Chase\AppData\Roaming\Mozilla\Firefox\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2012/11/10 18:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Chase\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: ActiveGS NPAPI Plugin (Enabled) = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.894_0\npActiveGS.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.6.0.52_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Chase\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Chase\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Java™ Platform SE 7 U9 (Disabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Chase\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Chase\AppData\Local\Google\Update\1.3.21.129\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Chase\AppData\Local\Roblox\Versions\version-cbdc8c4c0dd24338\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Disabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Session Manager = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi\0.4_0\
CHR - Extension: YouTube = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ActiveGS = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba\3.5.894_0\
CHR - Extension: Google Search = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Nova Skin = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\elehggeipnonifpmldkddlfckfmbmamo\2.0_0\
CHR - Extension: AdBlock = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.61_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\
CHR - Extension: Norton Family = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\napjheenlliimoedooldaalpjfidlidp\2.6.0.61_0\
CHR - Extension: Pendulum = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfemcnemgacfodlojenebichhppcbfhe\1.1_0\
CHR - Extension: Soundsnap Downloader = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\oebkjoopbjecgkllhjamoeofkpipknac\1.0_0\
CHR - Extension: Gmail = C:\Users\Chase\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/03/11 15:20:11 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Program Files (x86)\Norton Family\Engine\2.6.0.61\coieplg.dll (Symantec Corporation)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [EasyFace Agent] C:\Program Files (x86)\msi\EasyFace Logon\KillAutoAP.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKU\S-1-5-21-4202249203-2081045625-221674608-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.10.2)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABD972FE-393F-423B-9BF8-FB964FF086CB}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/03/12 19:30:23 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chase\Desktop\OTL.exe
[2013/03/12 18:41:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/12 18:41:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/12 18:41:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/12 18:41:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/12 18:41:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/12 18:41:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/12 18:41:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/12 18:41:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/12 18:41:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/12 18:41:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/12 18:41:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/12 18:41:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/12 18:41:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/12 18:41:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/12 18:41:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/12 18:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/12 18:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/12 18:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/12 18:06:38 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/03/12 18:06:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/12 18:00:40 | 000,550,324 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Chase\Desktop\JRT.exe
[2013/03/11 15:24:46 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/11 15:20:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/11 15:04:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/11 15:04:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/11 15:04:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/11 15:03:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/11 15:03:20 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/03/11 14:41:20 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chase\Desktop\TDSSKiller.exe
[2013/03/11 14:41:06 | 005,037,889 | R--- | C] (Swearware) -- C:\Users\Chase\Desktop\ComboFix.exe
[2013/03/10 14:35:32 | 000,000,000 | ---D | C] -- C:\Users\Chase\Desktop\RK_Quarantine
[2013/03/09 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{8F283569-E862-404D-B966-FA2E3B8EC19F}
[2013/03/08 16:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{D8F2C74D-1C44-4EEB-901F-01E0B53791EA}
[2013/03/08 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{91FFB52B-CCEB-4B42-B435-F7CAF1768FA5}
[2013/03/08 16:17:40 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msmpeg2vdec.dll
[2013/03/08 16:17:39 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msmpeg2vdec.dll
[2013/03/08 16:17:39 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIAnimation.dll
[2013/03/08 16:17:39 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIAnimation.dll
[2013/03/08 16:17:35 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMPhoto.dll
[2013/03/08 16:17:35 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMPhoto.dll
[2013/03/08 16:17:31 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1.dll
[2013/03/08 16:17:31 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/08 16:17:31 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/03/08 16:17:31 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/08 16:17:31 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/03/08 16:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/08 16:17:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/03/08 16:17:31 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/08 16:17:31 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/03/08 16:17:30 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10warp.dll
[2013/03/08 16:17:30 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsGdiConverter.dll
[2013/03/08 16:17:30 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsGdiConverter.dll
[2013/03/08 16:17:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/08 16:17:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/03/08 16:17:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/08 16:17:30 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/03/08 16:17:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/08 16:17:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/03/08 16:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/08 16:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/03/08 16:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/08 16:17:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/03/08 16:17:29 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d11.dll
[2013/03/08 16:17:29 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3d11.dll
[2013/03/08 16:17:29 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10level9.dll
[2013/03/08 16:17:29 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxgi.dll
[2013/03/08 16:17:29 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10_1core.dll
[2013/03/08 16:17:29 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10core.dll
[2013/03/08 16:17:28 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d2d1.dll
[2013/03/08 16:17:28 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XpsPrint.dll
[2013/03/08 16:17:28 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2013/03/08 16:17:28 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecs.dll
[2013/03/08 16:17:28 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3d10.dll
[2013/03/08 16:17:28 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XpsPrint.dll
[2013/03/08 16:17:28 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowsCodecsExt.dll
[2013/03/08 15:47:48 | 000,000,000 | ---D | C] -- C:\Firefox
[2013/03/07 23:34:00 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/03/07 23:33:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/03/07 23:33:31 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/03/07 23:33:31 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 23:18:03 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{65723C96-A3CA-4AA0-BEBB-B8C66F011584}
[2013/03/07 19:22:50 | 000,000,000 | ---D | C] -- C:\LostLevels2
[2013/03/05 21:09:45 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{0F7AD300-8DC7-4BAB-975F-FC86DCC4BB50}
[2013/03/05 20:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Maker 7
[2013/03/05 20:51:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game_Maker7
[2013/03/04 23:16:47 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{CC14D1BF-37D6-4B01-A4DD-6C46F9A879D6}
[2013/03/04 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\Chase\Documents\REGISTRY_BAKUP
[2013/03/02 13:45:26 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{8D532E02-9C43-4346-AD94-51117FED8879}
[2013/03/02 13:41:30 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/02/28 16:19:47 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{79808F83-312F-4E66-962E-76B120638FE6}
[2013/02/26 22:04:16 | 000,036,864 | ---- | C] (TOSHIBA/MEI) -- C:\windows\SysWow64\SDDEVMGR.dll
[2013/02/26 22:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic
[2013/02/26 22:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panasonic
[2013/02/26 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{6E15FEA4-3C14-49FC-A21F-09186526CD63}
[2013/02/25 20:38:28 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{1CB66C1E-0164-4A1D-AAEC-6301F12DC067}
[2013/02/25 18:38:54 | 000,000,000 | ---D | C] -- C:\Users\Chase\Documents\Gamecube
[2013/02/15 11:07:15 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{C89BFF24-6F66-4EF5-918B-E054F1089B1A}
[2013/02/13 23:02:47 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2013/02/13 23:02:46 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2013/02/13 23:02:45 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2013/02/13 23:02:35 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/02/13 23:02:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/02/13 23:02:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/02/13 23:02:34 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/02/13 23:02:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/02/13 23:02:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/02/13 23:02:26 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/13 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{B51FBD16-B9FF-4465-BBF5-ED520F266F6E}
[2011/09/08 15:21:46 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Chase\AppData\Roaming\Minecraft Updater.exe
[19 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/12 19:31:32 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/12 19:31:32 | 000,017,600 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/12 19:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chase\Desktop\OTL.exe
[2013/03/12 19:29:37 | 000,779,306 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/12 19:29:37 | 000,660,546 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/12 19:29:37 | 000,121,442 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/12 19:29:02 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4202249203-2081045625-221674608-1000UA.job
[2013/03/12 19:24:01 | 000,067,584 | ---- | M] () -- C:\windows\bootstat.dat
[2013/03/12 19:23:28 | 3056,111,616 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/12 19:23:22 | 002,377,511 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\Cat.DB
[2013/03/12 18:00:10 | 000,550,324 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Chase\Desktop\JRT.exe
[2013/03/12 17:59:54 | 000,597,667 | ---- | M] () -- C:\Users\Chase\Desktop\adwcleaner.exe
[2013/03/11 15:20:11 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/11 14:31:06 | 005,037,889 | R--- | M] (Swearware) -- C:\Users\Chase\Desktop\ComboFix.exe
[2013/03/10 14:28:22 | 000,791,552 | ---- | M] () -- C:\Users\Chase\Desktop\RogueKillerX64.exe
[2013/03/10 03:31:22 | 000,000,016 | ---- | M] () -- C:\Users\Chase\AppData\Roaming\sd.bat
[2013/03/09 21:29:00 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-4202249203-2081045625-221674608-1000Core.job
[2013/03/09 00:58:00 | 000,020,324 | ---- | M] () -- C:\Users\Chase\AppData\Roaming\Mineshafter-proxy.jar
[2013/03/09 00:57:39 | 000,076,792 | ---- | M] () -- C:\Users\Chase\AppData\Roaming\minecraft_modified.jar
[2013/03/07 23:33:25 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\npdeployJava1.dll
[2013/03/07 23:33:25 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\deployJava1.dll
[2013/03/07 23:33:25 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe
[2013/03/07 23:33:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe
[2013/03/07 23:33:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\java.exe
[2013/03/07 23:33:25 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll
[2013/03/07 23:16:23 | 002,474,520 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/03/07 16:16:01 | 000,002,645 | ---- | M] () -- C:\Users\Public\Documents\Global.sw2
[2013/03/04 22:38:45 | 000,002,378 | ---- | M] () -- C:\Users\Chase\Desktop\Google Chrome.lnk
[2013/03/03 00:23:13 | 000,001,181 | ---- | M] () -- C:\Users\Chase\Desktop\Pinball.lnk
[2013/02/26 22:04:16 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[2013/02/26 17:49:29 | 000,014,818 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1402000.013\VT20130115.021
[2013/02/24 23:26:03 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/02/24 23:26:03 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/02/24 23:26:03 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/02/19 07:47:42 | 000,000,172 | ---- | M] () -- C:\windows\SysNative\drivers\NSMx64\0206000.03D\isolate.ini
[2013/02/11 18:51:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Chase\Desktop\TDSSKiller.exe
[19 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/12 18:00:26 | 000,597,667 | ---- | C] () -- C:\Users\Chase\Desktop\adwcleaner.exe
[2013/03/11 15:04:36 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/11 15:04:36 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/11 15:04:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/11 15:04:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/11 15:04:36 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/10 14:34:50 | 000,791,552 | ---- | C] () -- C:\Users\Chase\Desktop\RogueKillerX64.exe
[2013/03/10 03:27:23 | 000,000,016 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\sd.bat
[2013/03/03 00:23:13 | 000,001,181 | ---- | C] () -- C:\Users\Chase\Desktop\Pinball.lnk
[2013/02/26 22:04:15 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk
[2013/01/10 21:45:48 | 000,008,640 | ---- | C] () -- C:\Users\Chase\RouterCfm.cfg
[2012/11/17 14:17:29 | 000,707,354 | ---- | C] () -- C:\windows\unins000.exe
[2012/11/17 14:17:29 | 000,001,535 | ---- | C] () -- C:\windows\unins000.dat
[2012/10/26 16:05:16 | 050,410,051 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\MC+T.rar
[2012/08/15 12:36:42 | 000,000,055 | ---- | C] () -- C:\Users\Chase\.gitconfig
[2012/08/15 12:08:15 | 000,773,522 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/07 14:01:36 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/04 13:34:24 | 000,076,792 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\minecraft_modified.jar
[2012/08/03 13:53:14 | 000,020,324 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\Mineshafter-proxy.jar
[2012/05/10 16:31:45 | 000,007,625 | ---- | C] () -- C:\Users\Chase\AppData\Local\Resmon.ResmonCfg
[2012/05/07 16:25:27 | 000,000,394 | ---- | C] () -- C:\Users\Chase\.vladmin
[2012/02/23 19:10:09 | 000,000,024 | ---- | C] () -- C:\Users\Chase\random.dat
[2012/02/23 16:55:57 | 000,000,023 | ---- | C] () -- C:\Users\Chase\jagexappletviewer.preferences
[2012/02/22 18:22:51 | 000,000,044 | ---- | C] () -- C:\Users\Chase\jagex_cl_runescape_LIVE.dat
[2012/01/16 18:35:21 | 000,000,094 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\mcpatcher.xml
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/01/01 22:34:43 | 000,063,488 | ---- | C] () -- C:\Users\Chase\xobglu16.dll
[2011/11/30 21:00:14 | 000,001,462 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\findercompass.cfg
[2011/10/17 15:35:33 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/09/13 15:10:34 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
[2011/09/12 16:19:36 | 000,000,129 | ---- | C] () -- C:\Users\Chase\jagex_runescape_preferences2.dat
[2011/09/12 16:18:30 | 000,000,035 | ---- | C] () -- C:\Users\Chase\jagex_runescape_preferences.dat
[2011/09/08 15:21:46 | 000,081,938 | ---- | C] () -- C:\Users\Chase\AppData\Roaming\Minecraft.jar
[2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2011/08/25 20:39:16 | 001,970,176 | ---- | C] () -- C:\windows\SysWow64\d3dx9.dll
[2011/07/24 21:15:05 | 000,024,576 | ---- | C] () -- C:\windows\SvcCon.exe
[2011/07/24 20:46:42 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEAinst.dll
[2011/07/24 20:46:41 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxeacomx.dll
[2011/07/24 20:46:40 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxeapmui.dll
[2011/07/24 20:46:40 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxeainpa.dll
[2011/07/24 20:46:40 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxeaiesc.dll
[2011/07/24 20:46:40 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxeainsr.dll
[2011/07/24 20:46:40 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxeajswr.dll
[2011/07/24 20:46:40 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxeacur.dll
[2011/07/24 20:46:39 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxeausb1.dll
[2011/07/24 20:46:39 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxeains.dll
[2011/07/24 20:46:39 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxeainsb.dll
[2011/07/24 20:46:39 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxeacu.dll
[2011/07/24 20:46:39 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxeacub.dll
[2011/07/24 20:46:38 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxeaserv.dll
[2011/07/24 20:46:38 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxealmpm.dll
[2011/07/24 20:46:37 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxeahbn3.dll
[2011/07/24 20:46:37 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxeacoms.exe
[2011/07/24 20:46:37 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxeaih.exe
[2011/07/24 20:46:36 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxeacomc.dll
[2011/07/24 20:46:36 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxeacfg.exe
[2011/07/24 20:46:36 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxeacomm.dll
[2011/07/24 20:40:06 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEAsm.dll
[2011/07/24 20:40:06 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEAsmr.dll

========== ZeroAccess Check ==========

[2011/07/25 00:23:01 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/06/04 15:28:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/06/04 15:33:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/06/04 15:28:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/06/04 15:29:46 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/06/04 15:33:50 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/06/04 15:29:46 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/06/04 15:33:50 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/06/04 15:29:46 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/06/04 15:33:50 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/06/04 15:28:54 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/06/04 15:29:46 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/06/04 15:28:54 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/06/04 15:33:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/06/04 15:33:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< %systemroot%\*. /rp /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS545050B9A300
Partitions: 4
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Unknown
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 12885950464
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 273.00GB
Starting Offset: 12990808064
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 180.00GB
Starting Offset: 306549096448
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\History] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\System32\config\systemprofile\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Music] -> C:\windows\system32\config\systemprofile\Music -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Pictures] -> C:\windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\System32\config\systemprofile\Documents\My Videos] -> C:\windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\System32\config\systemprofile\Local Settings] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\System32\config\systemprofile\My Documents] -> C:\windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\System32\config\systemprofile\NetHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\PrintHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\System32\config\systemprofile\Recent] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\System32\config\systemprofile\SendTo] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\System32\config\systemprofile\Start Menu] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\System32\config\systemprofile\Templates] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\History] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
[C:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\windows\SysWOW64\config\systemprofile\Application Data] -> C:\windows\system32\config\systemprofile\AppData\Roaming -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Music] -> C:\windows\system32\config\systemprofile\Music -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Pictures] -> C:\windows\system32\config\systemprofile\Pictures -> Junction
[C:\windows\SysWOW64\config\systemprofile\Documents\My Videos] -> C:\windows\system32\config\systemprofile\Videos -> Junction
[C:\windows\SysWOW64\config\systemprofile\Local Settings] -> C:\windows\system32\config\systemprofile\AppData\Local -> Junction
[C:\windows\SysWOW64\config\systemprofile\My Documents] -> C:\windows\system32\config\systemprofile\Documents -> Junction
[C:\windows\SysWOW64\config\systemprofile\NetHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\PrintHood] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\windows\SysWOW64\config\systemprofile\Recent] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\windows\SysWOW64\config\systemprofile\SendTo] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\windows\SysWOW64\config\systemprofile\Start Menu] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\windows\SysWOW64\config\systemprofile\Templates] -> C:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Extras.txt:

OTL Extras logfile created on: 3/12/2013 7:38:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chase\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.79 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.65% Memory free
7.59 Gb Paging File | 5.57 Gb Available in Paging File | 73.45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273.40 Gb Total Space | 132.01 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
Drive D: | 180.26 Gb Total Space | 96.90 Gb Free Space | 53.76% Space Free | Partition Type: NTFS

Computer Name: CHASE-LAPTOP | User Name: Chase | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0831B223-CE45-43EE-9B11-40E111F38605}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1266F0D2-82A7-4AE1-8F04-ADAB95668CE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1340BE41-0103-4A48-A1BE-415A969F7998}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13F6B407-EB28-4BC1-A990-E95845B1E1FB}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{18D25DF3-1D3B-4C9C-BBBD-EDC9790F6F40}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B2FE9DA-124D-461E-89E8-E1D86688BBC3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{204752A7-2CB2-4525-A506-FC406DF3E322}" = lport=445 | protocol=6 | dir=in | app=system |
"{22DC5FCD-1C05-4546-B750-03733E9ECDB9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22F68613-60C5-4042-B0E0-62020E102526}" = lport=10243 | protocol=6 | dir=in | app=system |
"{3071D86F-9C25-4E0B-87FD-2E3379D1AC35}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3316E081-99CB-4DB6-8421-87EB49DCE6BA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{402DE415-5BEB-4FE2-BE92-AD05471CF342}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{43C3600D-2D12-4E87-BFD6-C6273164DDEE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45B2395A-A3A4-42DB-BC4D-6EDB757F1A46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51C1658F-B93A-4E9D-BDBC-6901408EF5E3}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{52899F9E-93BF-450E-9E72-DD76337D51CC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{53214E98-DDE7-4AB8-B569-CD44CF619008}" = lport=3390 | protocol=6 | dir=in | app=system |
"{56DB825E-AB79-4E90-AAEE-5A35C4B8063D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{60D6D8D8-3250-4AE8-B466-055ABE9EE974}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62EA0D74-778B-45E0-B178-C90A529598E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6453CE68-1054-48F9-B505-0875010CD9BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{68D724A0-2419-4E05-9AAE-40DF143A19EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7217212D-8DED-40E9-B454-25BA7766A63A}" = rport=139 | protocol=6 | dir=out | app=system |
"{780F435B-2F84-4C43-911C-48FDB45BA7EE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A397EBD-6ECA-4F61-B820-09B35241D79C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AE04DF7-2F29-461B-8B00-D93935D2FE61}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{81778228-4703-4E5A-96CD-4DCBF8A3E6A8}" = lport=139 | protocol=6 | dir=in | app=system |
"{8220CC66-93FB-4AE6-ADCA-D2F9BEC2DB6D}" = lport=10244 | protocol=6 | dir=in | app=system |
"{8FF6D26F-19A6-4DFD-AD1C-2A31C93CC737}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9098BE33-091E-4877-BB44-C1A4124BFED5}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{9125BD40-110B-4C94-823E-235EBBB3CD83}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{937E5B70-C186-449E-B0CE-795A9DB25F2B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9655154D-8A7A-4CB3-AA96-4BCED263D1F5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9A5E8E5B-7DF4-4C38-BA55-F4D8D2DE8BDF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9F37293A-2DEA-4BEB-96E9-73E78C5A2177}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A901AA38-7D71-4018-AE3E-611126121885}" = rport=445 | protocol=6 | dir=out | app=system |
"{AF29BA05-DB83-433D-B368-7DDABC327D25}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B2EB4F32-7F1A-4961-9B7E-D91FC892A172}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C58EBC60-2EE5-47B4-AA8A-8EF038A6CAB3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CBC0FEC0-CD89-4301-BBD2-73499E9B825D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D9335E5C-E4BE-43A5-8592-D996FFAA505D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{DA91CFBD-A89D-4089-BCCB-1A556374D8B3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DC4BED75-629B-4B99-A2EC-5CE788EE18C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E7DDC30D-5CCC-4932-90D8-6771D80909E6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E847128D-825F-4241-A6D4-5B32E736E5BF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E896D591-9528-405A-B5AF-FD1D0403F20A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA2CC0F0-00AA-446D-98E1-07228B1EFB40}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EE33A830-E3E1-4F64-9966-E9293A2B960B}" = rport=138 | protocol=17 | dir=out | app=system |
"{F4611D0A-E2B5-4578-85AA-48668BF6E657}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{F9D7385D-CC71-4039-9702-4115E87666C6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FCCDE468-26A1-4ACD-B7D2-EA5AD7ED0B93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FDF2C82C-2C12-4651-9283-AA65BE58433A}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04400D12-F00F-4ADB-8B8F-A47CB578C9D2}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{05FB867D-2263-4631-95B3-E5ABA9EB9618}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0621EA25-EF40-4204-9979-DB3D4F948669}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2 dedicated server\h2server.exe |
"{08B75FAE-8D0F-4FDF-BA9B-1457EF58B103}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{120BFD8C-98CB-4C9A-88A0-DAD52235A0B4}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{14B2E28B-155E-4FD1-A085-72862C66260E}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{15F1B698-C30C-42D4-AD66-94E3B0886C26}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{165850C9-C7CB-41F5-9B19-F3F8972B5290}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1859E410-42E3-4CF4-B8BD-BEA76E03A746}" = protocol=58 | dir=in | [email protected],-28545 |
"{1AAC83D5-5A4A-4D19-8BF2-CA1A6B119C11}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{21B112F9-3A2D-4C1C-A864-53C29DCDBAF5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{252DDAC7-5DE8-456D-AD2E-5D5C8193C61F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{28C132AD-3A68-499E-99F0-C3D5E5A43788}" = protocol=6 | dir=out | app=system |
"{3072BDC8-C482-4C14-945F-24CE781889F7}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\alien swarm\srcds.exe |
"{31803743-A37F-4313-A01F-4C59584426ED}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\arma 2 free\arma2free.exe |
"{35BD8F35-12A0-4DB8-B3B9-28977E3F1F7E}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{41E2499A-2C4D-4759-95BA-AE15A5C60A7E}" = protocol=58 | dir=out | [email protected],-503 |
"{4494A872-BC7F-4345-9A3B-A72E3460DBD9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{462B5719-E697-4388-AA16-E2D5D16806B5}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\alien swarm\srcds.exe |
"{4759A447-BE7F-4FD5-BC01-707D3AD82777}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{4D909C91-835D-4913-957D-433FC65B4207}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{58B03E28-CB82-470C-B06B-1A97F6B44B80}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5A55A66E-F97D-47E4-BECE-B99F90036592}" = protocol=17 | dir=in | app=c:\steam\steam.exe |
"{5C88B79B-62FD-4EED-A2C4-543C8612C5BA}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{5D48CCCE-A348-4226-B742-D02FA044BE26}" = protocol=6 | dir=in | app=c:\steam\steam.exe |
"{6118184C-13CE-4446-93E7-7BF347D739B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63F14BA4-8E23-42AA-9FD2-4B3270CA224F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{651AFBEB-40C0-4FC4-AF03-56CEC9F0780E}" = protocol=58 | dir=out | [email protected],-28546 |
"{6661EE33-4E15-487C-A0E6-62520B56CD11}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{69EEFEC0-A9AB-4386-8197-E8C1C44ADDF1}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{6CC88AA5-BB7C-4B5F-8F3B-040E0D6F6E00}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6E7EA78E-4B6C-4778-B0F7-D75A1FF1AF30}" = protocol=58 | dir=in | app=system |
"{6FE42346-01AA-4A36-9EFE-E71BC3F88257}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7018E5F6-634C-4687-ACBC-8AD7A1A02430}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{75594839-1FB4-4ADB-A3F2-C25CE78D32C7}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{7693BA78-77ED-4471-8E6D-6F4E8CE85BD3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79D6EDF4-8DB4-4198-9567-459AE5AECD67}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7A95EE78-B915-4F66-84BC-E639525C5FF0}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{7B4DDF86-7623-424E-BF32-D5CF06755CC5}" = protocol=1 | dir=in | [email protected],-28543 |
"{7C880D37-20C2-43E7-885C-81C0AFF765DD}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7E1CEAB5-AAA3-4C59-9B36-AD8B8408913B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{86EAC528-F5E2-40BE-86D4-DF110BC74862}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{8B33FAC8-4961-4AE6-A3D1-34BCC8824BEF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
"{8D83CE31-1132-4E1F-9D06-F1A4A7874CCA}" = protocol=1 | dir=out | [email protected],-28544 |
"{913F3C15-DAA0-4C89-9094-D9759723ADA8}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\terraria\terraria.exe |
"{946EEE19-E41E-4A82-819C-C5C4629F0F54}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9DCEE4EC-3E1A-48CA-A266-430A5BFE1914}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9EA2BFF2-63C4-47C7-90B8-CDD8CC74129B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
"{A04E7AD1-153A-4B64-B318-FB9CB13DDC8C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A05D26E7-9E8F-40A9-BBE4-A612FCF35C3D}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\awesomenauts\awesomenautslauncher.exe |
"{A0D18291-CFFC-42C9-BC6E-8B6606BC6CEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2760C9B-3FEC-4370-A9E0-EAAAD09FCFFA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2EC2E9E-3E3F-4AE6-B338-DBEE7B353BA6}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A4EB9A77-C7F4-4DAE-A0C4-DB4F8F1FFF34}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A8B85D6D-D88A-4744-820F-4B8D3B652249}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\arma 2 free\arma2free.exe |
"{B227B452-AEE9-4936-95C0-07B8DEBBF857}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\alien swarm\swarm.exe |
"{B2595732-F87B-4B38-BF62-413FF8FBD51A}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{B7A6A553-430C-4AA0-8862-D7FD393FE599}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{BB36F504-151C-4610-8C0B-E64EFDEFCEE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BC761B93-9271-49C7-A032-8273BD6E86B4}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{BC7887E4-F23C-469E-83FC-70F59643E222}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C100F1F4-DA15-486C-9ACA-1E61596378E3}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{C692D779-B45D-4A73-BB87-87B4EAF50377}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{C7DC5D20-A4D6-42CF-B13D-0351BA5FB560}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9FB0B3B-B206-4DD7-97A6-37E2A16FE8C6}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{CADCA0D9-CE1C-410C-85EF-F51698E6BF58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CCB384A4-250D-4A37-9DAB-8FE4696B9B39}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{CE2D8FC4-8812-4580-A8EE-AA3F88EBF49A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CF6855BE-9BD0-4611-A53B-757A96F75D74}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D4FC4116-56EF-457C-8E3F-BB06F77C739B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D54590AF-F594-4FED-8A01-971F56A13B97}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{D6C69357-F886-44CA-B5DD-F00099516574}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D891DB8F-D146-473A-B79F-D94792EDECD0}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{D8BDC37C-D07C-49B4-BEDA-A5126132D228}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D8D1379F-22AB-44A7-BA18-79C7169AE299}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{E0BF4B54-C268-4A7A-9B50-BE5360AE111A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E20059D9-91E7-4B95-B95C-6B8965DD281D}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E3E72797-68FC-49E6-A542-8E873D1CDB6E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{E4A0F2EA-6855-4BA2-9718-3B5EB12936F1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2 dedicated server\h2server.exe |
"{E55FF33A-A485-495A-821A-04053ED227A5}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{E6285BF3-A38E-4571-BB76-C070FF7A0089}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E73D0817-3F42-4662-967C-0854EBCC1C3B}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{E96EE405-C033-4CD9-8B38-BC0DB1E57B9F}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\alien swarm\swarm.exe |
"{E99B5367-379A-4A66-9E20-2A64D50E8805}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{E99E9A0D-8CBB-478B-87EA-35E29711F4FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{EBB5AC96-7AB5-4615-9FDD-D0233C37273E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{F0E73272-246D-463A-8D07-9A2886C0ADD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F1AC0703-414D-4DB9-A086-382A49121BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F82B8A05-7648-4829-80DF-84F5B288EE81}" = dir=in | app=c:\windows\system32\lxeacoms.exe |
"{FB34950A-C0BF-41AF-8A7E-8573F2B46B36}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{FB4EAAC1-8E54-40F2-B09D-81A089E9D46B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FE728970-7589-41D7-915E-BBD53072872E}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\terraria\terraria.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416032FF}" = Java™ 6 Update 32 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK
"{64A3A4F4-B792-11D6-A78A-00B0D0170100}" = Java SE Development Kit 7 Update 10 (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E850302-2379-444A-9399-4809CE12397D}" = DigitalPersona Personal 4.11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Lexmark S300-S400 Series" = Lexmark S300-S400 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = msi Software Install
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A960933-4D39-4495-A3F5-E5149943D761}" = EasyFace Logon
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1" = gpedt.msc 1.0
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{24E34264-D483-477C-A9A0-4E53F69834CF}" = Façade
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.2
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113784233}" = Home Sweet Home
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{2C95E7EE-FEA7-4B3A-A6E5-DF90A88B816A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0C0A-1000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{8283FD64-6A3B-4104-9E12-7CA25EF29A1A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{CF3C20A6-47B7-48DA-95C1-6FBB5A439AF8}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}" = ArcSoft Print Creations
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A86A4C1D-05B5-46B0-A808-1A15DCD17A17}_is1" = MSI Game Corner Console
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5A3BDAF-542A-43DF-B530-23DD0148ED1B}" = Halo 2 Dedicated Server
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = msi EasyViewer
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FeedReader_is1" = FeedReader
"FormatFactory" = FormatFactory 2.70
"Half-Life 1 Collection_is1" = Half-Life 1 Collection by CSmania.RU
"Half-Life 2: Episode One_is1" = Half-Life 2: Episode One by CSmania.RU
"Half-Life 2_is1" = Half-Life 2 by CSmania.RU
"Halo" = Microsoft Halo
"Halo 2" = Halo 2 for Windows Vista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{54CD52E0-6660-416C-94CC-FC77875FF226}" = Halo 2 Map Editor
"InstallShield_{D5A3BDAF-542A-43DF-B530-23DD0148ED1B}" = Halo 2 Dedicated Server
"InstallShield_{EECD7B96-1416-4D3A-B12D-0D2512120C36}" = msi EasyViewer
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"iPodAid iPod to Computer Transfer_is1" = iPodAid iPod to Computer Transfer 6
"LogMeIn Hamachi" = LogMeIn Hamachi
"MapleStory" = MapleStory
"N360" = Norton Security Suite
"Notepad++" = Notepad++
"NSM" = Norton Family
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"Steam App 105600" = Terraria
"Steam App 107400" = ARMA 2: Free
"Steam App 204300" = Awesomenauts
"Steam App 211" = Source SDK
"Steam App 99900" = Spiral Knights
"TeamViewer 7" = TeamViewer 7
"The Operational Art of War III3.0.0.12" = The Operational Art of War III
"The Walking Dead Episode 3 © TellTale Games_is1" = The Walking Dead Episode 3 © TellTale Games version 1
"uTorrent" = µTorrent
"Valve Hammer Editor" = Valve Hammer Editor
"VLC media player" = VLC media player 1.1.11
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.44-5
"WinLiveSuite" = Windows Live Essentials
"WinMount_is1" = WinMount V3.4.1020
"WinRAR archiver" = WinRAR archiver
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4202249203-2081045625-221674608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Chase
"68c6678448324991" = GitHub
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2013 7:25:44 PM | Computer Name = Chase-Laptop | Source = Application Error | ID = 1000
Description = Faulting application name: ACDaemon.exe, version: 1.1.0.49, time stamp:
0x4cc808ec Faulting module name: ACDaemon.exe, version: 1.1.0.49, time stamp: 0x4cc808ec
Exception
code: 0xc0000005 Fault offset: 0x0001af76 Faulting process id: 0x119c Faulting application
start time: 0x01ce1f78e84b641b Faulting application path: C:\Program Files (x86)\Common
Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Faulting module path: C:\Program
Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Report Id:
28dd34eb-8b6c-11e2-bc71-6c626d2ade5f

[ DigitalPersona Pro Events ]
Error - 7/24/2011 7:51:29 PM | Computer Name = Chase-Laptop | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 7/24/2011 7:51:30 PM | Computer Name = Chase-Laptop | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 8/28/2011 4:16:46 PM | Computer Name = Chase-Laptop | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ System Events ]
Error - 3/12/2013 6:20:32 PM | Computer Name = Chase-Laptop | Source = DCOM | ID = 10010
Description =

Error - 3/12/2013 7:24:08 PM | Computer Name = Chase-Laptop | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService
service to connect.

Error - 3/12/2013 7:24:08 PM | Computer Name = Chase-Laptop | Source = Service Control Manager | ID = 7000
Description = The lxeaCATSCustConnectService service failed to start due to the
following error: %%1053


< End of report >
  • 0

#12
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
Thanks for the logs.

It is nearly 1am here and I have to get some beauty sleep so will not reply tonight,

Meanwhile, can you tell me if you have any remaining problems.

Thanks

satchfan
  • 0

#13
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Haha, I see. Have a good rest.

And as far as I can tell, my computer is not experiencing any new issues.

(Its only current issues are a Runtime 216 error I get when running a certain piece of software [I believe it to be caused by a Norton anti-virus update, meaning I should probably reinstall] and my fingerprint scanner takes a long time to detect and gives off errors sometimes. I believe I see something regarding the fingerprint scanner at the end of the logs)

In fact, my computer feels a bit faster than it was originally. :happy:

Edited by ChaseAllen, 12 March 2013 - 08:30 PM.

  • 0

#14
Satchfan

Satchfan

    Trusted Helper

  • Malware Removal
  • 585 posts
We have a couple more things to look at and then we'll look at the outstanding issues if they are still there.

Run OTL

  • double click on the icon to run it.
  • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Services
    
    :OTL
    IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\SearchScopes\{9B97950D-482C-1D79-568F-FC7B9D40C785}: "URL" = http://www.bing.com/...eferrer:source}
    IE - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\SearchScopes\{E2298BFB-F784-4B2A-AAE3-5E820ECF5318}: "URL" = http://websearch.ask...D4-ED4E693C322B
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-4202249203-2081045625-221674608-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    [2013/03/09 20:22:34 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{8F283569-E862-404D-B966-FA2E3B8EC19F}
    [2013/03/08 16:34:53 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{D8F2C74D-1C44-4EEB-901F-01E0B53791EA}
    [2013/03/08 16:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{91FFB52B-CCEB-4B42-B435-F7CAF1768FA5}
    [2013/03/07 23:18:03 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{65723C96-A3CA-4AA0-BEBB-B8C66F011584}
    [2013/03/05 21:09:45 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{0F7AD300-8DC7-4BAB-975F-FC86DCC4BB50}
    [2013/03/04 23:16:47 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{CC14D1BF-37D6-4B01-A4DD-6C46F9A879D6}
    [2013/03/02 13:45:26 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{8D532E02-9C43-4346-AD94-51117FED8879}
    [2013/02/28 16:19:47 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{79808F83-312F-4E66-962E-76B120638FE6}
    [2013/02/26 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{6E15FEA4-3C14-49FC-A21F-09186526CD63}
    [2013/02/25 20:38:28 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{1CB66C1E-0164-4A1D-AAEC-6301F12DC067}
    [2013/02/15 11:07:15 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{C89BFF24-6F66-4EF5-918B-E054F1089B1A}
    [2013/02/13 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\Chase\AppData\Local\{B51FBD16-B9FF-4465-BBF5-ED520F266F6E}
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • click the Run Fix button at the top
  • let the program run unhindered, reboot when it is done
  • please post the OTL fix log.
===================================================

Download Malwarebytes-Anti-Malware

Click here.

  • double-click mbam-setup.exe and follow the prompts to install the program.
  • at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
  • if an update is found, it will download and install the latest version.
  • once the program has loaded, select Perform quick scan, then click Scan.
  • when the scan is complete, click OK, then Show Results to view the results.
  • be sure that everything is checked, and click Remove Selected.
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.
NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

===================================================

Run Security Check

Download Security Check by screen317 from here or here.

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Logs to include in the next post:

OTL fix log
Mbam.txt
checkup.txt


Satchfan
  • 0

#15
ChaseAllen

ChaseAllen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Where is the default save directory for the OTL fix log? I closed the .txt file by mistake when I logged in after reboot. It's not with my OTL.exe

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP