OTL logfile created on: 25/06/2013 22:23:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigyin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.97 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.59% Memory free
5.93 Gb Paging File | 4.03 Gb Available in Paging File | 68.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.86 Gb Total Space | 94.47 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Computer Name: BIGYIN-PC | User Name: bigyin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/06/25 22:16:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\bigyin\Downloads\OTL.exe
PRC - [2013/05/17 20:07:53 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 09:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/03/16 14:45:07 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2013/01/15 19:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 19:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/25 18:35:10 | 004,474,832 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/10/31 10:27:24 | 000,395,200 | ---- | M] (Advent) -- C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe
PRC - [2012/10/31 10:23:52 | 000,722,336 | ---- | M] (DSGi) -- C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe
PRC - [2012/10/31 10:23:50 | 002,790,816 | ---- | M] (DSGi) -- C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADStatusMonitor.exe
PRC - [2012/01/09 21:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/08/25 11:10:16 | 000,358,296 | ---- | M] (Avanquest) -- C:\Program Files (x86)\Avanquest\Hallmark Card Studio Deluxe\Planner\PLNRnote.exe
PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2010/03/16 17:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/02/26 19:47:12 | 002,633,728 | ---- | M] (O2) -- C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe
========== Modules (No Company Name) ========== MOD - [2013/06/17 06:58:38 | 011,914,240 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ce6b7579fbb77330560e9122d1cf6526\System.Web.ni.dll
MOD - [2013/06/17 06:58:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b6eb138c3c9be780acb767c1bef572c1\System.Runtime.Remoting.ni.dll
MOD - [2013/05/17 20:07:52 | 003,128,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/05/15 22:24:08 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 22:23:38 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 22:23:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/03/16 14:45:06 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/01/15 19:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 19:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 19:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 19:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
MOD - [2013/01/10 16:28:42 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\f7cb3ae5de64f8cbde3ccc57c780743a\IAStorUtil.ni.dll
MOD - [2013/01/10 16:24:23 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 16:24:02 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 16:23:57 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 16:23:51 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/03/16 17:18:26 | 000,452,608 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SunflowerOSD.exe
MOD - [2010/03/16 17:14:46 | 000,413,184 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\Media_DSG.dll
MOD - [2009/11/17 17:21:06 | 000,092,160 | ---- | M] () -- C:\Program Files (x86)\OEM\DSG OSD 1.01\SoilIO.dll
MOD - [2009/02/26 19:30:42 | 001,441,792 | ---- | M] () -- C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\TscConnectServices.dll
MOD - [2009/02/26 19:23:22 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\TscProfilesManager.dll
MOD - [2009/02/26 19:20:56 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\TscUtils.dll
========== Services (SafeList) ========== SRV:
64bit: - [2013/05/09 09:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:
64bit: - [2011/08/05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV:
64bit: - [2011/08/05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV:
64bit: - [2011/08/05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV:
64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:
64bit: - [2010/09/06 13:52:00 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\stacsv64.exe -- (STacSV)
SRV:
64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/17 20:07:52 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/15 19:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2012/12/12 06:27:46 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/10/31 10:27:24 | 000,395,200 | ---- | M] (Advent) [Auto | Running] -- C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe -- (Advent AiO Network Discovery Service)
SRV - [2012/10/31 10:23:52 | 000,722,336 | ---- | M] (DSGi) [Auto | Running] -- C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe -- (ADVENT AIO Status Monitor Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/09 21:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2010/09/06 13:52:00 | 000,244,224 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_6d4d1665097f1e86\STacSV64.exe -- (STacSV)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ========== DRV:
64bit: - [2013/05/09 09:59:07 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:
64bit: - [2013/05/09 09:59:07 | 000,378,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:
64bit: - [2013/05/09 09:59:07 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:
64bit: - [2013/05/09 09:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:
64bit: - [2013/05/09 09:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:
64bit: - [2013/05/09 09:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:
64bit: - [2013/05/09 09:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:
64bit: - [2013/05/09 09:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:
64bit: - [2013/03/07 00:33:20 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:
64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:
64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:
64bit: - [2012/08/23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:
64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:
64bit: - [2012/04/10 20:16:20 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:
64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:
64bit: - [2011/05/13 04:21:04 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:
64bit: - [2011/05/13 04:21:04 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadserd.sys -- (ssadserd)
DRV:
64bit: - [2011/05/13 04:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:
64bit: - [2011/05/13 04:21:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:
64bit: - [2011/05/13 04:21:02 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:
64bit: - [2011/04/15 16:28:52 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:
64bit: - [2011/04/15 16:28:52 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:
64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:
64bit: - [2011/03/10 20:33:16 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:
64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:
64bit: - [2010/11/26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:
64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:
64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:
64bit: - [2010/09/06 14:08:00 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:
64bit: - [2010/09/06 13:57:00 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:
64bit: - [2010/09/06 13:54:00 | 000,153,712 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:
64bit: - [2010/09/06 13:53:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:
64bit: - [2010/08/09 17:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:
64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:
64bit: - [2009/12/11 17:28:52 | 000,017,912 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SoilIO.sys -- (SoilIO)
DRV:
64bit: - [2009/12/03 10:04:16 | 000,013,304 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SoilMC.sys -- (SoilMC)
DRV:
64bit: - [2009/12/03 10:03:50 | 000,013,816 | ---- | M] (Systems Internals) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Soilkbc.sys -- (soilkbc)
DRV:
64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:
64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:
64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:
64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:
64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:
64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:
64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:
64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:
64bit: - [2008/08/22 11:06:50 | 000,115,072 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/07/05 14:53:22 | 000,021,904 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 14:53:18 | 000,033,224 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 19:07:14 | 000,021,384 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.qvo6.com/...4&ts=1371746315IE:
64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.qvo6.com/...4&ts=1371746315IE:
64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:
64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE:
64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =
http://search.qvo6.c...5284&ts=4390961IE:
64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE:
64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" =
http://search.bearsh...q={searchTerms}IE:
64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =
http://dts.search-re...q={searchTerms}IE:
64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.qvo6.com/...4&ts=1371746315IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.qvo6.com/...4&ts=1371746315IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" =
http://search.qvo6.c...5284&ts=4390961IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...g}&sourceid=ie7IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" =
http://search.bearsh...q={searchTerms}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" =
http://search.imesh....q={searchTerms}IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" =
http://search.condui...&ctid=CT2504091 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.qvo6.com/...4&ts=1371746315IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://uk.msn.com/|h...k.com/login.phpIE - HKCU\..\URLSearchHook: {7473b6bd-4691-4744-a82b-7854eb3d70b6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{03D9869C-6A8D-41C2-AC60-636C2D2740B9}: "URL" =
http://uk.search.yah...p={searchTerms}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...Box&FORM=IE8SRCIE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" =
http://www.my-online...D=119357&tt=gc_IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.google.co...GL_enGB413GB413IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}: "URL" =
http://search.bearsh...q={searchTerms}IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" =
http://dts.search-re...q={searchTerms}IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" =
http://search.imesh....q={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "qvo6"
FF - prefs.js..browser.search.order.1: "qvo6"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "
http://uk.msn.com/|h....com/login.php"FF - prefs.js..extensions.enabledAddons: %7B9EB34849-81D3-4841-939D-666D522B889A%7D:1.5.12.732
FF - prefs.js..extensions.enabledAddons: fbp%40fbpurity.com:8.2.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: 7125a285-7e68-47aa-9d72-e81874f4d47e%40d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com:0.91.9
FF - prefs.js..extensions.enabledAddons: 06a9ed5f-c983-4c13-95c9-fb74fd4b447f%40a389b2df-0ecb-4fa5-8d44-388b2e0e6619.com:0.91.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..browser.startup.homepage: "
http://www.my-online...=119357&tt=gc_" FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@IObit.com/np_Asc_Plugin: C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll (IObit)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/31 17:07:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 20:07:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/17 20:07:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Users\bigyin\AppData\Roaming\NetAssistant\ [2011/10/13 13:56:05 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/17 20:07:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/17 20:07:41 | 000,000,000 | ---D | M]
[2012/11/21 23:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Extensions
[2013/03/02 23:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\9tssx24m.default\extensions
[2012/10/29 11:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\9tssx24m.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[2013/03/02 23:03:33 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\9tssx24m.default\extensions\
[email protected][2013/06/25 20:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions
[2012/11/12 16:24:13 | 000,000,000 | ---D | M] (WebSlingPlayer) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\{9EB34849-81D3-4841-939D-666D522B889A}
[2013/06/25 20:15:13 | 000,000,000 | ---D | M] ("Services-x87") -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\06a9ed5f-c983-4c13-95c9-fb74fd4b447f@a389b2df-0ecb-4fa5-8d44-388b2e0e6619.com
[2013/06/20 17:08:40 | 000,000,000 | ---D | M] ("Plus-HD-2.3") -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com
[2013/03/02 23:03:33 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\
[email protected][2013/06/25 20:15:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\06a9ed5f-c983-4c13-95c9-fb74fd4b447f@a389b2df-0ecb-4fa5-8d44-388b2e0e6619.com\chrome\content\extensionCode
[2013/06/20 17:08:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\7125a285-7e68-47aa-9d72-e81874f4d47e@d3fcdb92-135d-4a8a-8cf6-11e3b57c5fda.com\chrome\content\extensionCode
[2013/02/20 21:20:08 | 000,063,281 | ---- | M] () (No name found) -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\extensions\
[email protected][2013/06/20 17:08:13 | 000,002,408 | ---- | M] () -- C:\Users\bigyin\AppData\Roaming\Mozilla\Firefox\Profiles\w4bv0lku.default-1351507565714\searchplugins\babylon.xml
[2013/06/02 00:08:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/17 20:07:36 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/06/02 00:08:22 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\
[email protected][2013/05/17 20:07:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/05/17 20:07:55 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/31 17:07:08 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/09/02 09:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\iMeshWebSearch.xml
[2013/06/20 17:38:37 | 000,000,745 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\qvo6.xml
[2011/09/21 22:02:18 | 000,002,505 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012/10/29 10:49:47 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage:
http://uk.msn/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\bigyin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: uTorrentControl_v2 = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.16.2.509_0\
CHR - Extension: Savings Wave = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm\1.23.66_0\crossrider
CHR - Extension: Savings Wave = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lglkfgcmohcdajpldlnhjjiojjgkbmhm\1.23.66_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Services-x87 = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkbjcmjaccakaodmnhnkepfckjhghpl\1.23.9_0\crossrider
CHR - Extension: Services-x87 = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odkbjcmjaccakaodmnhnkepfckjhghpl\1.23.9_0\
CHR - Extension: Plus-HD-2.3 = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\crossrider
CHR - Extension: Plus-HD-2.3 = C:\Users\bigyin\AppData\Local\Google\Chrome\User Data\Default\Extensions\omfoidjpeklpjhlhabhcomekbkclkbec\1.23.9_0\
O1 HOSTS File: ([2013/06/02 09:01:37 | 000,000,914 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:
64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:
64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:
64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Plus-HD-2.3) - {11111111-1111-1111-1111-110311341126} - C:\Program Files (x86)\Plus-HD-2.3\Plus-HD-2.3-bho.dll (Plus HD)
O2 - BHO: (Services-x87) - {11111111-1111-1111-1111-110311481105} - C:\Program Files (x86)\Services-x87\Services-x87-bho.dll (Corporate Inc)
O2 - BHO: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:
64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:
64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:
64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:
64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:
64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:
64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:
64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:
64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ADStatusMonitor] C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADStatusMonitor.exe (DSGi)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] "E:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [O2Start] C:\Program Files (x86)\O2CM-CE\O2 Connection Manager\tscui.exe (O2)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:
64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13
64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC4833D3-4967-4B8E-AEF0-EA2637E89FBD}: DhcpNameServer = 192.168.2.1
O18:
64bit: - Protocol\Handler\ipp - No CLSID value found
O18:
64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\livecall - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:
64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:
64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:
64bit: - Protocol\Handler\msnim - No CLSID value found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:
64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:
64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:
64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:
64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0768f8a6-865a-11e1-9f81-80ee730ef3a5}\Shell - "" = AutoRun
O33 - MountPoints2\{0768f8a6-865a-11e1-9f81-80ee730ef3a5}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{0768f947-865a-11e1-9f81-80ee730ef3a5}\Shell - "" = AutoRun
O33 - MountPoints2\{0768f947-865a-11e1-9f81-80ee730ef3a5}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{0768f952-865a-11e1-9f81-80ee730ef3a5}\Shell - "" = AutoRun
O33 - MountPoints2\{0768f952-865a-11e1-9f81-80ee730ef3a5}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O33 - MountPoints2\{a4875081-d994-11e1-9a26-80ee730ef3a5}\Shell - "" = AutoRun
O33 - MountPoints2\{a4875081-d994-11e1-9a26-80ee730ef3a5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f114c183-26d7-11e0-8bde-80ee730ef3a5}\Shell - "" = AutoRun
O33 - MountPoints2\{f114c183-26d7-11e0-8bde-80ee730ef3a5}\Shell\AutoRun\command - "" = E:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:
64bit: - HKLM\..comfile [open] -- "%1" %*
O35:
64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:
64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:
64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ========== [2013/06/25 20:20:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/06/25 20:14:21 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{8F5A67DF-EFE3-4E74-8760-BBA2FEF41376}
[2013/06/23 19:45:37 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Roaming\vlc
[2013/06/23 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{BA14C1A7-8727-4204-AD89-46EF1A757F67}
[2013/06/21 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{CE05A3C5-9671-44A9-92F2-DA408F9E2882}
[2013/06/21 07:01:56 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{42101EF1-2158-41B2-8268-AC618C7C93B5}
[2013/06/20 20:53:51 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{ABBAE8D8-2CC0-4A34-877F-23C9520BE71E}
[2013/06/20 17:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Services-x87
[2013/06/20 17:39:32 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\Updater12765
[2013/06/20 17:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\eSafe
[2013/06/20 17:38:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Savings Wave
[2013/06/20 17:38:00 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Roaming\eIntaller
[2013/06/20 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nosibay
[2013/06/20 17:08:44 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Roaming\Nosibay
[2013/06/20 17:08:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plus-HD-2.3
[2013/06/19 09:31:25 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalExpBar6.ocx
[2013/06/19 09:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Easy Burner
[2013/06/19 06:43:18 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{3497DF0C-F862-43E7-B62F-CF3E03FD37D3}
[2013/06/18 09:46:15 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{B515A832-7709-439B-80DC-30F5391DD442}
[2013/06/17 09:45:13 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{7A2261CF-433F-4981-BC50-C9782ADEAE42}
[2013/06/15 06:44:36 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{6D0323C2-75D5-4F80-97FA-7D1D01FDF780}
[2013/06/14 18:39:28 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{89C7E341-9115-4FAF-8318-A1A765F5F808}
[2013/06/14 06:38:51 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{6B4589FB-AB03-4ADB-8883-D1E22D88ECCE}
[2013/06/12 19:48:19 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{F41B98D9-FF75-443E-8BDB-BB16E9E1026F}
[2013/06/12 07:47:42 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{EEEA35A0-A53B-47A8-B7FA-0AC79E2D6897}
[2013/06/11 19:46:44 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{1E9C7541-E49D-4A4C-B041-111F31B6D06F}
[2013/06/10 08:58:26 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{60F1C232-BB7A-4717-A1F8-73CECD8DA7D5}
[2013/06/08 20:57:01 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{D66A4B2D-CE04-4E9D-9788-8B6341857012}
[2013/06/08 08:56:14 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{1C6EDE1F-5DA4-4E3E-8DD3-462C1F2F2357}
[2013/06/07 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{155F3F30-DA57-4832-BE4B-7778B1E091EB}
[2013/06/06 18:27:14 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{78B36FA4-7527-4F74-A1B3-0865387917CF}
[2013/06/05 08:20:48 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{E647EA55-DE9D-4929-8750-A252D039E147}
[2013/06/04 20:20:21 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{070583D4-E44B-46AE-90CD-7DE7387FCAA8}
[2013/06/04 06:52:00 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{DB1260A2-BDF1-42F6-887B-051825EF25E5}
[2013/06/03 06:42:52 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{F0A79778-F5FE-40F5-A9D3-DC2AB1C34131}
[2013/06/02 10:08:25 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{AD4CA5CE-FFFC-4C86-AD18-56428F7CB755}
[2013/06/02 08:55:53 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Roaming\File Scout
[2013/06/02 08:29:00 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\libimobiledevice
[2013/06/02 00:08:30 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Roaming\Zip Opener Packages
[2013/06/02 00:07:54 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Roaming\DSite
[2013/06/01 22:08:06 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{60B27559-562F-4429-8FCC-627218BC9CB2}
[2013/06/01 09:27:30 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{5D53EF61-5CD0-42B6-917B-80C4864E0A96}
[2013/05/31 18:46:23 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{87EC2E2E-6AB2-4F18-A4D6-840A91CA50C4}
[2013/05/31 06:45:57 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{A9225B69-A5A9-4CFE-9679-7BDCDF088064}
[2013/05/30 07:12:11 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{9C0AB80E-A2D5-4B1E-BAA4-808D78596182}
[2013/05/29 07:11:20 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{CBFF74AD-C042-478E-9911-BF6887B0911D}
[2013/05/28 19:10:53 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{6DE7A478-9A25-42BB-83DA-58E6449510C9}
[2013/05/28 06:46:23 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{575CB507-E9AA-468A-9AD9-AA4644E723A2}
[2013/05/27 11:34:05 | 000,000,000 | ---D | C] -- C:\Users\bigyin\AppData\Local\{64E7C861-215D-460F-95FD-53773608A3B6}
[2011/03/10 20:33:16 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\bigyin\AppData\Roaming\pcouffin.sys
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\bigyin\*.tmp files -> C:\Users\bigyin\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/06/25 23:12:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/25 23:09:02 | 000,001,196 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-updater.job
[2013/06/25 23:09:00 | 000,001,200 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-codedownloader.job
[2013/06/25 23:09:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-enabler.job
[2013/06/25 23:08:03 | 000,001,906 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job
[2013/06/25 23:08:02 | 000,001,832 | ---- | M] () -- C:\Windows\tasks\Plus-HD-2.3-firefoxinstaller.job
[2013/06/25 22:22:52 | 000,001,111 | ---- | M] () -- C:\Users\bigyin\Desktop\OTL - Shortcut.lnk
[2013/06/25 20:41:24 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 20:41:24 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 20:32:38 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/25 20:32:28 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013/06/25 20:31:58 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job
[2013/06/25 20:31:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/25 20:30:46 | 2388,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/23 19:39:49 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/23 19:39:49 | 000,664,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/23 19:39:49 | 000,125,696 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/20 17:38:38 | 000,002,534 | ---- | M] () -- C:\Users\bigyin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/20 17:38:38 | 000,001,692 | ---- | M] () -- C:\Users\bigyin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/19 09:31:25 | 000,001,177 | ---- | M] () -- C:\Users\bigyin\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk
[2013/06/19 09:31:25 | 000,001,153 | ---- | M] () -- C:\Users\bigyin\Desktop\Free Easy Burner.lnk
[2013/06/16 22:43:03 | 000,765,178 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/02 09:01:37 | 000,000,914 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/02 09:01:37 | 000,000,913 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[2013/06/02 08:48:11 | 000,002,225 | ---- | M] () -- C:\Users\bigyin\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/06/02 08:08:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\DSite.job
[2013/05/31 17:08:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[10 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\bigyin\*.tmp files -> C:\Users\bigyin\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/06/25 22:22:52 | 000,001,111 | ---- | C] () -- C:\Users\bigyin\Desktop\OTL - Shortcut.lnk
[2013/06/20 17:09:13 | 000,001,196 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-updater.job
[2013/06/20 17:09:10 | 000,001,100 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-enabler.job
[2013/06/20 17:09:01 | 000,001,200 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-codedownloader.job
[2013/06/20 17:08:37 | 000,001,832 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-firefoxinstaller.job
[2013/06/20 17:08:26 | 000,001,906 | ---- | C] () -- C:\Windows\tasks\Plus-HD-2.3-chromeinstaller.job
[2013/06/19 09:31:40 | 000,001,207 | ---- | C] () -- C:\Users\bigyin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Easy CD DVD Burner.lnk
[2013/06/19 09:31:25 | 000,001,177 | ---- | C] () -- C:\Users\bigyin\Application Data\Microsoft\Internet Explorer\Quick Launch\Free Easy Burner.lnk
[2013/06/19 09:31:25 | 000,001,153 | ---- | C] () -- C:\Users\bigyin\Desktop\Free Easy Burner.lnk
[2013/06/19 09:31:23 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2013/06/02 00:08:02 | 000,000,290 | ---- | C] () -- C:\Windows\tasks\DSite.job
[2013/02/25 13:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dvdtest10024.dat
[2012/08/30 09:26:49 | 000,000,959 | ---- | C] () -- C:\Users\bigyin\RPDLX2011.lic
[2012/06/13 16:06:51 | 001,103,360 | ---- | C] () -- C:\Windows\SysWow64\cidfont.dll
[2012/06/13 16:06:50 | 001,503,232 | ---- | C] () -- C:\Windows\SysWow64\ptj.exe
[2012/06/13 16:06:49 | 004,369,408 | ---- | C] () -- C:\Windows\SysWow64\pdftk.exe
[2012/06/13 16:06:44 | 000,235,008 | ---- | C] () -- C:\Windows\SysWow64\office.exe
[2012/01/19 17:40:22 | 000,000,351 | ---- | C] () -- C:\Users\bigyin\Network - Shortcut.lnk
[2011/10/13 21:30:23 | 000,000,235 | ---- | C] () -- C:\Users\bigyin\AppData\Roaming\fixpermissions.bat
[2011/09/24 04:27:09 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/24 04:27:09 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/03/14 20:45:50 | 000,005,632 | ---- | C] () -- C:\Users\bigyin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/10 20:33:16 | 000,099,384 | ---- | C] () -- C:\Users\bigyin\AppData\Roaming\inst.exe
[2011/03/10 20:33:16 | 000,007,859 | ---- | C] () -- C:\Users\bigyin\AppData\Roaming\pcouffin.cat
[2011/03/10 20:33:16 | 000,001,167 | ---- | C] () -- C:\Users\bigyin\AppData\Roaming\pcouffin.inf
[2011/03/09 19:41:52 | 000,000,186 | ---- | C] () -- C:\Users\bigyin\AppData\Roaming\burnaware.ini
[2011/01/23 11:48:55 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/01/04 11:27:38 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ========== [2011/04/06 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Artogon
[2012/07/13 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Auslogics
[2012/05/05 11:09:43 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Avanquest
[2011/10/30 22:15:45 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Azureus
[2011/10/13 20:02:19 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Babylon
[2011/09/22 14:18:47 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/29 05:30:54 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Big Fish Games
[2011/10/13 18:21:42 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\BitZipper
[2011/03/30 18:51:40 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Blue Tea Games
[2011/12/04 11:33:45 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Boomzap
[2012/07/28 20:40:06 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Downloaded Installations
[2013/06/02 00:07:54 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\DSite
[2013/02/25 13:48:46 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\DVD-Cloner
[2013/06/20 17:38:00 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\eIntaller
[2011/10/01 20:41:59 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\ERS Game Studios
[2013/06/02 08:55:54 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\File Scout
[2012/01/02 11:26:49 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Free-backup.info
[2012/01/17 16:37:11 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\FreeAudioPack
[2013/06/19 09:35:22 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\FreeBurner
[2013/05/23 15:53:47 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\FreeFileViewer
[2011/10/06 09:56:37 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\FUJIFILM
[2013/02/25 13:30:20 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\InfraRecorder
[2012/11/21 22:56:20 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\IObit
[2012/08/01 20:19:39 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Keynote Systems
[2011/09/21 11:59:32 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Merscom
[2012/06/13 16:04:51 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\MultiPDFConverter
[2011/09/21 22:02:07 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\MusicNet
[2012/08/08 20:56:05 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\MusicOasis
[2013/01/11 20:41:47 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\MysteryStudio
[2011/03/11 22:37:39 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Namco
[2011/10/13 13:56:05 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\NetAssistant
[2012/07/28 20:39:41 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Nitro PDF
[2012/07/28 20:29:37 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\OpenCandy
[2011/09/18 18:14:59 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Opera
[2013/01/25 19:14:28 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\PacificPoker
[2012/12/27 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Party
[2012/07/28 20:37:46 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\PrimoPDF
[2013/06/01 23:56:53 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\redsn0w
[2011/05/07 15:30:36 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\SecretIslandEng
[2011/08/24 00:36:48 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Serif
[2011/03/05 21:00:37 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\SerpentOfIsis
[2011/01/23 21:17:08 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Skunk Studios
[2012/11/12 16:26:50 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Sling Media
[2011/01/24 18:02:37 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\SoftGrid Client
[2012/04/14 18:57:44 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Tatara Systems
[2012/12/29 18:18:12 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Temp
[2012/11/11 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\TFP
[2011/01/04 12:04:09 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\TP
[2011/03/10 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Vso
[2011/01/21 14:18:56 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\WebcamMax
[2011/01/19 23:18:36 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Windows Live Writer
[2013/06/02 00:08:30 | 000,000,000 | ---D | M] -- C:\Users\bigyin\AppData\Roaming\Zip Opener Packages
========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 220 bytes -> C:\ProgramData\TEMP:206470A5
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:848CC150
@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:90D89144
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:8684F6F0
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:95198126
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:9491C9C7
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E9EB8C3A
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:D6D084A5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:689AB7E9
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:52C24010
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:2AE74FF9
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D48500F8
< End of report >
OTL Extras logfile created on: 25/06/2013 22:23:08 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\bigyin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.97 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.59% Memory free
5.93 Gb Paging File | 4.03 Gb Available in Paging File | 68.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 289.86 Gb Total Space | 94.47 Gb Free Space | 32.59% Space Free | Partition Type: NTFS
Computer Name: BIGYIN-PC | User Name: bigyin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03177A3E-A842-4BCC-925A-435C5A5BF0BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{040D5B2A-BD2E-41F7-BCEF-32565AAC8D06}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0439C131-3267-4189-AA22-18CC60C64B1B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0BD0584B-6AC1-4D9A-B62C-CADDD5BF9CC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0FED931D-5642-4E60-9AFA-CBECFC19EDB7}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{169378F6-5059-4A49-B9AC-074A4940B75B}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A7A8B39-56C3-467A-829C-3F01E2EBD8E6}" = rport=138 | protocol=17 | dir=out | app=system |
"{1AF85EB8-EBB3-490B-8D29-8E90DCD93F86}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CA5CB90-5DF7-45BF-A447-837AAC009E18}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21AC213F-4891-4708-8B05-B14B80029687}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{2261FE81-D27F-4DF5-9D6B-128474A7E23A}" = rport=2869 | protocol=6 | dir=out | app=system |
"{2323BF8A-2858-47AB-B23B-FC64F3A77B8B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{25865ABE-7DA7-4981-A12D-E72CFF0D5D09}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2823A7F4-82C3-4D80-BA40-B72C020A1823}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2DDA6788-0F7F-44D6-B6F1-F77E90849FCC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2F97672B-6C14-47B5-9270-2DA1EFD10A67}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{30214C55-4078-46E3-801C-3A81B161E056}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{314689C6-D879-44EE-8446-AFE4CDC5DBE9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35137FE3-15F2-4A17-8EBA-2889D16C48E0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38546BD6-AD0A-47C9-8718-716F1076D0F1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3FF90DCB-531E-481E-82C9-CC998F245718}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A8CC0DF-8626-4519-8FAC-F91E2F794D59}" = lport=137 | protocol=17 | dir=in | app=system |
"{51ADA670-513F-449A-935F-C68402848DA1}" = lport=138 | protocol=17 | dir=in | app=system |
"{566733E1-EA63-4AF4-A695-F6FB5BB2F607}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{581E5926-398B-4249-B6A9-154E0B7F9D3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{62429D26-7F34-479F-941D-6ED978A8088C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{713C5545-4E5C-4A3E-BD73-69AE135D98F1}" = lport=9333 | protocol=6 | dir=in | name=ekdiscovery |
"{723DC64C-99E1-49F1-B2C8-1B959B27A9C6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{757DB0A5-C588-4B41-B8A8-D2905EAC8129}" = lport=139 | protocol=6 | dir=in | app=system |
"{7923DC6A-9AD1-49AB-B7C0-209DD7F547D5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A2B4CC7-B7F1-4DA1-BC07-EEC394BC22E8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B08D45E-1032-4678-984B-A82EF3F62681}" = lport=9333 | protocol=6 | dir=in | name=ekdiscovery |
"{7C08934D-BE82-4071-B106-605292F17DC2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7C89F9F3-2D42-4C47-B554-1FAFD05E1CE4}" = rport=445 | protocol=6 | dir=out | app=system |
"{8693CF74-D768-4C26-BCE0-995D5C89A0F9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9AAF5B6E-EAC9-4187-87AB-31B57C5E9500}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A076DFCA-7A78-4D61-BCD0-6B25D6B3B4D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A1D5DC96-8FD9-4345-BA73-278BC596611D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A5255068-67B6-496E-8090-3BD43E76C823}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A5A03EEF-7F9B-45EF-A271-61E90657B35D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{A66C20CC-C889-4616-9C23-F8F5E86A835F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AAABA0F4-898E-49C0-B0FE-D1BFDE4EAF3A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BC779B11-261D-4A61-A257-546E0B924B6C}" = lport=1900 | protocol=17 | dir=in | app=%programfiles%\zune\zune.exe |
"{C0E0C3DC-5F0F-4A88-B058-37D0249FFC05}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C4A90E01-BB00-4805-A32E-782FA938CDB3}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C6209764-3B31-44B4-B26F-A5400AE4FCF2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CB4BB731-BDDD-47AA-83D6-E06824EA865C}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{CC0162F0-3070-4D9F-ABEC-8B146B705F31}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCE711C7-9C0B-4BD9-91A6-4FF20D72F1E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D0E3F5D7-8348-4C32-B35A-99B2D148D02A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E820E147-D38B-43BB-865B-C5A21BD9837C}" = lport=445 | protocol=6 | dir=in | app=system |
"{E8F1ABBD-F2B6-467E-BB1D-999F4B2D11D9}" = rport=137 | protocol=17 | dir=out | app=system |
"{EC9AB23F-7CC2-471F-B9B6-B1036F6680EA}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{EEF70911-31F9-401C-B35F-84FC26CBE85E}" = rport=139 | protocol=6 | dir=out | app=system |
"{FA8E3996-F118-472F-991D-FB48CB0C0CD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A220028-8B86-42B3-B8E5-C7BBA743A375}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0EC2E18D-1371-47C6-8CC7-1EFDF4C97F66}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbucoms.exe |
"{107842D8-8ED4-4834-AB9E-A03D9F5852B0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1265F2F9-5B3E-49DA-91C0-3DED3CE1F0CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1508B6B6-A68D-45B5-9015-0ED3E30DD857}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{16F53F2C-9C42-4BAC-9796-BCA68F82657E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{183ABB8F-846F-4F93-A4AF-97AC73CB1DCB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D3824D5-10A5-4C8A-8BAE-46621BA2ECD7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{23FB43C5-F8B6-4B4C-A19F-4E6752F41907}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{26A87A21-088C-4419-BCB2-FFAC33720E6A}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{298CB29F-7AB9-4037-B947-62A459C2468D}" = protocol=6 | dir=in | app=c:\programdata\advent\installer\setup.exe |
"{29C79583-BDC7-45B1-B93F-B3FDA2347FBD}" = dir=in | app=c:\users\bigyin\appdata\local\torch\plugins\torrent\torchtorrent.exe |
"{308228C6-73C8-4DA8-927F-042D734EC853}" = protocol=17 | dir=in | app=c:\program files (x86)\advent\aio\center\adnetworkprinterdiscovery.exe |
"{38F4ACEE-C4C4-43C0-A4AB-1F77BCDD7AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39EA083A-112F-44C9-96E4-A16754FC48C5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{3A28B486-2F4B-4BFE-AADE-0643308FA14F}" = dir=in | app=c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe |
"{3A5F62A4-73DD-49CD-BA04-7BD0F1F77F59}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{3C4718DB-557C-45D1-BE2F-41747A549A1F}" = protocol=6 | dir=in | app=c:\program files (x86)\advent\aio\firmware\adventaioupdater.exe |
"{4221B2E7-E704-4BC3-B9D7-D99E1003465E}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{439CA99D-EB41-4A99-98EC-0C638DBEB1FF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{458DCB70-E716-4A44-B7F6-20EC945D0E72}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{491E7F93-6D7D-49CE-BE71-C025843F1947}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49C5A3B7-7A4A-4AA0-967E-3936A2D32F8A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{4AAFF40E-964C-4075-9B86-50ACF9650A43}" = protocol=1 | dir=in |
[email protected],-28543 |
"{4CF93D84-2D05-41A7-B6C5-FCFFAB6394EF}" = protocol=17 | dir=in | app=c:\programdata\advent\installer\setup.exe |
"{4EE8A06B-AF9B-4A6A-BABA-14BA3E3A12F4}" = protocol=6 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{50520F73-D182-4685-8D0F-F699D86B91FB}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{553B4BEA-E7F0-4D12-8874-6911C1CA1238}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbucoms.exe |
"{5952B8C8-8003-4C72-A0FA-8C39D9D01AC1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5A74C18C-9BB6-426E-84E4-DDAB541FEB48}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{5C853AA6-CCFF-4D74-AEBA-3FF2BDBD199B}" = protocol=6 | dir=out | app=system |
"{5CFB3C41-9AF6-480C-BEA6-CA5661BE2F53}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{5D44A99A-661C-4469-9827-B9217AC89F66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{677EB589-B003-4D67-980D-055E99B7FAB1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbupswx.exe |
"{68065C5E-5F32-4B29-BCAC-03724E901FCF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{6C576E3E-491E-4305-89FF-2B94AF17717F}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{6E949298-5786-46A2-9AC8-35292C77BF91}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"{71795A3D-0CFF-44D3-A475-1DE2E658DA42}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{74D1C9F6-0996-4476-966F-950481D78464}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{74EF1543-9A92-42D8-B7F3-BCCFF568A17C}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{7981A859-F0B6-4C94-9286-78385BE9D829}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{7B413429-2280-45B8-84EB-DF328DAB65C0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7B947D70-B6F2-494E-A00D-7AF60F64159B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{86013D0B-F2C9-4010-877B-4C973C06387A}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxdjcoms.exe |
"{88CB7E16-E0B1-463A-9495-E6A97FC5DE54}" = protocol=6 | dir=in | app=c:\windows\system32\lxdjcoms.exe |
"{91E341A3-591B-4976-9BBA-D4745EA6A6BF}" = protocol=6 | dir=in | app=c:\program files (x86)\advent\aio\center\adnetworkprinterdiscovery.exe |
"{9B82D00D-C498-40C1-A185-C4F19E75F8DA}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{9C806D1F-3737-45FE-8E09-499312153442}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A08801C3-D490-470C-92CD-4287DBC87AF5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A0DBB9C1-1D4A-4D91-B1E9-A62BDBA30467}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjpswx.exe |
"{A6FB579F-5B3B-4E54-9237-22DBF0B91356}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{A8C2222A-8535-4F94-9726-5C515DD2397D}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe |
"{AE8285AE-4F7D-4449-AEC2-18882232A93A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{AEF5C1A7-12D7-4939-AFF1-78A0F088781B}" = protocol=58 | dir=in |
[email protected],-148 |
"{B18BB89C-46AB-4909-93AF-826532DD3B34}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{B30C5B4C-A682-491B-81C2-73EE58FC02A7}" = protocol=17 | dir=in | app=c:\program files (x86)\advent\aio\center\advent.statistics.exe |
"{B3F6B85D-87CE-4A89-844A-C293B0DFD277}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B5245659-A630-431A-8D76-45D6D9722FBB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B6964528-47F6-40BE-8902-8D6A69E171C8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{B7FDB52B-A208-41F1-84A1-0E7147DEE8CA}" = protocol=6 | dir=out | app=system |
"{BCD56FF3-E551-4DD9-A27C-DD443C4C8A7B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{C0C08700-A57B-4FF4-9F59-64858B388BE4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2B6C4AD-B229-4517-B99D-3BFF47D4D3AC}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2F2BFC7-4064-4542-ABF9-B8D0013793C3}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{C7352037-7273-4E64-8810-76772D0FC271}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC29E3FA-41B0-448B-999C-F75ABE9BD244}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjtime.exe |
"{CDF19CCB-A610-4BE6-84CB-1E74CF64E43C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{CFDE1D05-6A11-4FD5-A1E4-760698149962}" = protocol=17 | dir=in | app=c:\program files (x86)\advent\aio\firmware\adventaioupdater.exe |
"{D1279C60-7C70-4098-B01D-16435210F3E9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D31A3D98-4F34-47DA-A94D-5D2E3D56482F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D4072F86-B257-4C09-9C6A-2BF20C4B538A}" = protocol=1 | dir=out |
[email protected],-28544 |
"{D45C89B2-6045-4D54-B9B6-8760AC26B5FA}" = protocol=58 | dir=out |
[email protected],-28546 |
"{D794C7E2-BDA8-425F-8347-095CDED0967E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{DC18DE71-9A64-4700-A1A7-F370EFD8D25D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{DEDF19B0-E8C5-4CDF-AD86-CCAFA3CC6693}" = protocol=17 | dir=in | app=c:\windows\system32\lxbucoms.exe |
"{E03737B2-5AC4-44D6-8B0C-E1C636BCDEF2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E117D855-96B9-4FDC-946A-E981DAB1047A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E27DAF0D-6B79-45C2-B68D-EC66F08E21B7}" = protocol=58 | dir=in |
[email protected],-28545 |
"{E38DFC32-CDCE-4EB9-BC6B-163B6C3FF206}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E69AC032-76FD-442A-AA6D-34F1E24E7E15}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{F28C62DD-D77F-4FCD-889B-EA39BD194540}" = protocol=17 | dir=in | app=c:\windows\system32\lxdjcfg.exe |
"{F301F151-2305-4E35-94A3-27CF52079595}" = protocol=6 | dir=out | app=system |
"{F9DC6FB5-42E0-4545-93C3-711523369996}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxdjjswx.exe |
"{FB28C77B-5381-4499-BC8A-8D828317EAB0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBF5C97F-46B2-476B-AE17-5DBC196DF4A8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FCCA8CF6-4995-4491-A326-FC2BEEB5D3AE}" = protocol=6 | dir=in | app=c:\program files (x86)\advent\aio\center\advent.statistics.exe |
"{FE8F9645-4875-48DB-9689-B71D974A209E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxbupswx.exe |
"{FEAEB45C-DFA9-4181-B632-CB9DEC3CD122}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{14E03F1E-F775-445B-82EB-07A5A4EC7914}C:\program files (x86)\lexmark 1400 series\lxdjamon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"TCP Query User{2CCA2DC0-B0FB-41F0-B4B5-A47DD38586AD}C:\program files (x86)\lexmark 1400 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 1400 series\app4r.exe |
"TCP Query User{3345570E-E09F-4264-B4F0-32802C0EAAAB}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{436CC209-2108-45F0-8163-CA55E0768BE7}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{668E2FBC-AA51-49E9-B8FC-975E5B3168DD}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{A6C83C0F-42C1-4411-B0E8-54AF37515C7F}C:\users\bigyin\downloads\tinyumbrella-5.10.06.exe" = protocol=6 | dir=in | app=c:\users\bigyin\downloads\tinyumbrella-5.10.06.exe |
"TCP Query User{D833320D-9EE0-49E4-9659-124E30EAAA71}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{EBEC5045-3B20-47D8-A9B0-0D94375D5B16}C:\users\bigyin\downloads\tinyumbrella-5.10.09.exe" = protocol=6 | dir=in | app=c:\users\bigyin\downloads\tinyumbrella-5.10.09.exe |
"TCP Query User{EF2D6652-2499-4250-9E52-AFA0779D98C9}C:\users\bigyin\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\bigyin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{02CB6570-65BB-435E-9634-C0130AB44988}C:\program files (x86)\lexmark 1400 series\lxdjamon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\lxdjamon.exe |
"UDP Query User{3E4E1368-23DA-42C7-B3A1-6B3E7E1CE878}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{5F5893E3-B5AC-4D68-A387-872651B3C1F2}C:\users\bigyin\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\bigyin\appdata\roaming\spotify\spotify.exe |
"UDP Query User{6A0C68F6-DAC1-4A73-BB15-6608FCE74A05}C:\users\bigyin\downloads\tinyumbrella-5.10.06.exe" = protocol=17 | dir=in | app=c:\users\bigyin\downloads\tinyumbrella-5.10.06.exe |
"UDP Query User{6F684C5E-06A3-4AF5-8D27-4A51E77F0B2F}C:\users\bigyin\downloads\tinyumbrella-5.10.09.exe" = protocol=17 | dir=in | app=c:\users\bigyin\downloads\tinyumbrella-5.10.09.exe |
"UDP Query User{A000CB6B-3450-40A1-9C26-FE2D1647F52A}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{B31779F5-64FD-45F6-9D84-069D2B14EAA9}C:\program files (x86)\lexmark 1400 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 1400 series\app4r.exe |
"UDP Query User{E2B10257-B5F0-4B78-A0E9-57C4116A10C7}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{F956A66C-AE1A-4876-A096-8E72DFD69B36}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CA75E08-616B-4F3C-A8E6-5E4BDC04E398}" = ADVENT AIO Printer
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BA56CD60-1D9F-4BE6-AC2F-B7C4A5437C35}" = Driver 1.3
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 8.0.7.0_WHQL
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Zune" = Zune
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{136BB0FD-7E70-40F5-B17E-5FB91F229463}" = AdC4USelfUpdater
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BAE8AB6-4533-4CB1-94D6-A5F401ED468C}" = aioscnnr
"{1C91F8F0-36CC-4C58-BDB3-66F0EEEF92A1}" = DSG OSD 1.01
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}" = Advent AIO Software
"{28DE5C41-6225-4201-A4E4-DB31BAB1419A}" = ocr
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4973FC3B-FF66-4610-B9ED-2DDEFBF4D2D7}" = PreReq
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE63BCE-7D9C-40E0-B770-07C6181EF55C}_is1" = RescuePRO Deluxe 5.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio Deluxe
"{61381690-7DDA-44F6-B3F0-6529FB8B6E5D}" = Advent Essentials
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{76E5EEA4-E912-4BC6-8D50-08E8C19202B7}" = O2 Connection Manager
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 6.00
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A5355F15-F98B-4704-9BAE-E53B9FE48F48}" = SDFormatter
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D8F33108-139F-409A-A160-B9510DE736B3}_is1" = Auslogics File Recovery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"Advanced SystemCare 6_is1" = Advanced SystemCare 6
"AudibleDownloadManager" = Audible Download Manager
"avast" = avast! Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"BFG-Awakening - The Dreamless Castle" = Awakening: The Dreamless Castle
"BFG-Azada" = Azada ®
"BFGC" = Big Fish Games: Game Manager
"BFG-Flux Family Secrets - The Ripple Effect" = Flux Family Secrets: The Ripple Effect
"BFG-Holly - A Christmas Tale Deluxe" = Holly: A Christmas Tale Deluxe
"BFG-Luxor Bundle Pack" = Luxor Bundle Pack
"BFG-Mystery in London" = Mystery in London ™
"BFG-Redemption Cemetery - Curse of the Raven Collector's Edition" = Redemption Cemetery: Curse of the Raven Collector's Edition
"BFG-Robin's Quest - A Legend Born" = Robin's Quest: A Legend Born
"BFG-The Treasures of Mystery Island" = The Treasures of Mystery Island
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD-Cloner 2013_is1" = DVD-Cloner V10.20 Build 1204
"Free Easy Burner_is1" = Free Easy Burner V 5.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"FreeFileViewer_is1" = Free File Viewer 2012
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KeynoteConnector" = Keynote Connector
"LDC Driving Test Complete5.0" = LDC Driving Test Complete
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.5
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 12.14.1738" = Opera 12.14
"Plus-HD-2.3" = Plus-HD-2.3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Protected Folder_is1" = Protected Folder
"Savings Wave" = Savings Wave
"Services-x87" = Services-x87
"Shutter Island/EN-English_is1" = Shutter Island
"Smart Defrag 2_is1" = Smart Defrag 2
"Trusted Software Assistant_is1" = File Type Assistant
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"Wondershare Photo Recovery_is1" = Wondershare Photo Recovery (build 3.0.3)
"Xvid Video Codec 1.3.1" = Xvid Video Codec
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1400525706.go.sky.com" = Sky Go Desktop
"Audio Converter" = Audio Converter
"NetAssistant 3.6.5" = NetAssistant for Firefox
"Spotify" = Spotify
"Torch" = Torch
"Zip Opener Packages" = Zip Opener Packages
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 24/06/2013 23:01:24 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:24 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:25 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:25 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:25 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:26 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:26 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:26 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:27 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:27 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
Error - 24/06/2013 23:01:27 | Computer Name = bigyin-PC | Source = Bonjour Service | ID = 100
Description =
[ Media Center Events ]
Error - 27/02/2011 05:00:56 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 09:00:56 - Error connecting to the internet. 09:00:56 - Unable
to contact server..
Error - 27/02/2011 05:01:08 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 09:01:02 - Error connecting to the internet. 09:01:02 - Unable
to contact server..
Error - 30/03/2011 21:00:08 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 02:00:08 - Error connecting to the internet. 02:00:08 - Unable
to contact server..
Error - 30/03/2011 21:00:18 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 02:00:13 - Error connecting to the internet. 02:00:13 - Unable
to contact server..
Error - 30/03/2011 22:00:22 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 03:00:22 - Error connecting to the internet. 03:00:22 - Unable
to contact server..
Error - 30/03/2011 22:00:28 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 03:00:27 - Error connecting to the internet. 03:00:27 - Unable
to contact server..
Error - 30/03/2011 23:02:16 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 04:02:16 - Error connecting to the internet. 04:02:16 - Unable
to contact server..
Error - 30/03/2011 23:02:22 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 04:02:21 - Error connecting to the internet. 04:02:21 - Unable
to contact server..
Error - 31/03/2011 00:02:27 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 05:02:27 - Error connecting to the internet. 05:02:27 - Unable
to contact server..
Error - 31/03/2011 00:02:33 | Computer Name = bigyin-PC | Source = MCUpdate | ID = 0
Description = 05:02:32 - Error connecting to the internet. 05:02:32 - Unable
to contact server..
[ System Events ]
Error - 25/06/2013 15:13:11 | Computer Name = bigyin-PC | Source = ipnathlp | ID = 30013
Description =
Error - 25/06/2013 15:14:14 | Computer Name = bigyin-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 25/06/2013 15:15:11 | Computer Name = bigyin-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058
Error - 25/06/2013 15:16:20 | Computer Name = bigyin-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 25/06/2013 15:16:23 | Computer Name = bigyin-PC | Source = ipnathlp | ID = 30013
Description =
Error - 25/06/2013 15:31:59 | Computer Name = bigyin-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 25/06/2013 15:32:28 | Computer Name = bigyin-PC | Source = ipnathlp | ID = 34001
Description =
Error - 25/06/2013 15:32:28 | Computer Name = bigyin-PC | Source = ipnathlp | ID = 30013
Description =
Error - 25/06/2013 15:33:25 | Computer Name = bigyin-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1058
Error - 25/06/2013 15:34:44 | Computer Name = bigyin-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %%1058
< End of report >