Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win7 bloodhound [Solved]

bloodhound

  • This topic is locked This topic is locked

#1
taloi8

taloi8

    New Member

  • Member
  • Pip
  • 6 posts

I'm using Windows 7. Main problem is Bloodhound.Exploit 33. Malwarebytes find something in first run but nothing today.
I use mostly startpage and google as searchengines.
 I uninstalled istartsurf some time ago.  Norton has quarantined Bloodhound but it needs manually uninstall. Bloodhound is in this location.
 c:\users\(myname)\appdata\local\mozilla\firefox\profiles\#####.default\cache2\entries\

Here is the OTL scan log and extras too.

OTL logfile created on: 9/23/2014 5:52:19 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
5.95 Gb Total Physical Memory | 4.03 Gb Available Physical Memory | 67.70% Memory free
11.90 Gb Paging File | 8.72 Gb Available in Paging File | 73.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.13 Gb Total Space | 380.63 Gb Free Space | 56.05% Space Free | Partition Type: NTFS
Drive D: | 19.21 Gb Total Space | 2.36 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: TIMO-HP | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\nis.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\iSafe\iSafeTray.exe (Elex do Brasil Participações Ltda)
PRC - C:\Program Files (x86)\iSafe\ipcdl.exe ()
PRC - C:\Program Files (x86)\iSafe\iSafeSvc2.exe (Elex do Brasil Participações Ltda)
PRC - C:\Program Files (x86)\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe (AnVir Software)
PRC - C:\USERS\TIMO\DOCUMENTS\MAMUTU\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\802a9bff6be56d5ea8384d20bee78562\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27bf12496a31ac45c7f95f646bccff84\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2508b25b4d961a45659a8a8f128818a1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f8922283404046fb5227407194d59d7e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
MOD - C:\Program Files (x86)\iSafe\curlpp.dll ()
MOD - C:\Program Files (x86)\iSafe\libpng.dll ()
MOD - C:\Program Files (x86)\iSafe\zlib1.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fi_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fi_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe (Symantec Corporation)
SRV - (iSafeService) -- C:\Program Files (x86)\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Mobile Broadband. RunOuc) -- C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Mamutu) -- C:\USERS\TIMO\DOCUMENTS\MAMUTU\a2service.exe (Emsi Software GmbH)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DataCardService\HWDeviceService64.exe ()
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (iSafeKrnlBoot) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys (Elex do Brasil Participações Ltda)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symnets.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1505000.013\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WsAudio_Device(5) -- C:\Windows\SysNative\drivers\VirtualAudio5.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(4) -- C:\Windows\SysNative\drivers\VirtualAudio4.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(3) -- C:\Windows\SysNative\drivers\VirtualAudio3.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(2) -- C:\Windows\SysNative\drivers\VirtualAudio2.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(1) -- C:\Windows\SysNative\drivers\VirtualAudio1.sys (Wondershare)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140919.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140921.020\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140921.020\eng64.sys (Symantec Corporation)
DRV - (iSafeKrnl) -- C:\Program Files (x86)\iSafe\iSafeKrnl.sys (Elex do Brasil Participações Ltda)
DRV - (iSafeKrnlKit) -- C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (Elex do Brasil Participações Ltda)
DRV - (iSafeKrnlR3) -- C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys (Elex do Brasil Participações Ltda)
DRV - (iSafeNetFilter) -- C:\Program Files (x86)\iSafe\iSafeNetFilter.sys (Elex do Brasil Participações Ltda)
DRV - (a2acc) -- C:\USERS\TIMO\DOCUMENTS\MAMUTU\a2accx64.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Users\Timo\Documents\Mamutu\a2dix64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Users\Timo\Documents\Mamutu\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B46868735-c3fa-47ce-8ce7-cce51a66aceb%7D:1.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.42
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Timo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Timo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Timo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/09/23 11:29:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/06/04 11:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/04 11:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/04 11:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/19 09:50:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/19 09:50:38 | 000,000,000 | ---D | M]
 
[2011/10/27 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
[2014/09/23 16:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\extensions
[2014/08/07 22:10:42 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\[email protected]
[2014/08/07 21:43:42 | 000,001,736 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
[2014/09/23 16:57:24 | 000,541,015 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/08/07 21:22:19 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/08/30 10:50:06 | 000,300,373 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2014/09/23 11:28:41 | 000,000,609 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\searchplugins\Google.xml
[2014/09/22 20:34:53 | 000,005,501 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\searchplugins\startpage-https.xml
[2014/09/19 09:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/09/19 09:50:36 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/09/19 09:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/19 09:50:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein\1.0_0\npwebsitelogon.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Timo\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Timo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Timo\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-haku = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Deezer = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
Hosts file not found
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.5.0.19\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.210.19.19 193.210.18.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C8E6854-C46F-412D-8C77-8CF9CC69E053}: DhcpNameServer = 193.210.19.19 193.210.18.18
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48EFBF32-6516-499B-935B-C4F9DED72294}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5588E4BF-9F90-4AE8-BCB4-15F85269A7ED}: NameServer =  
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6DC2381-7822-46B6-BBE4-EDAE8A95FEC5}: NameServer =  
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKCU ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{016a4d27-8032-11e2-a5c2-2c27d7bb7d36}\Shell - "" = AutoRun
O33 - MountPoints2\{016a4d27-8032-11e2-a5c2-2c27d7bb7d36}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3ea38149-0072-11e1-a040-cc52af9b6d38}\Shell - "" = AutoRun
O33 - MountPoints2\{3ea38149-0072-11e1-a040-cc52af9b6d38}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4e50b30a-00ce-11e1-b12b-cc52af9b6d38}\Shell - "" = AutoRun
O33 - MountPoints2\{4e50b30a-00ce-11e1-b12b-cc52af9b6d38}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{53a9ff52-00c6-11e1-94e8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{53a9ff52-00c6-11e1-94e8-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{9f750276-0525-11e1-8bc4-cc52af9b6d38}\Shell - "" = AutoRun
O33 - MountPoints2\{9f750276-0525-11e1-8bc4-cc52af9b6d38}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4b3b84-00d5-11e1-bf7e-cc52af9b6d38}\Shell - "" = AutoRun
O33 - MountPoints2\{db4b3b84-00d5-11e1-bf7e-cc52af9b6d38}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/23 17:50:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2014/09/23 16:42:56 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Timo\Desktop\tdsskiller.exe
[2014/09/19 09:50:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/18 14:20:15 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2014/09/18 14:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quintessence - TBV
[2014/09/12 21:37:39 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/12 21:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/12 21:37:21 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/12 21:37:21 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/12 21:37:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/12 21:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/12 21:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/11 23:31:04 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 23:31:04 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 23:31:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 23:31:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 23:31:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 23:31:00 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 23:31:00 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 23:31:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 23:30:59 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 23:30:59 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 23:30:59 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 23:30:59 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 23:30:58 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 23:30:58 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 23:30:58 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 23:30:56 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 23:30:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 23:30:55 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 23:30:55 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 23:30:55 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 23:30:55 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 23:30:55 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 23:30:55 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 23:30:55 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 23:30:53 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 23:30:53 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 23:30:53 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 23:30:53 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 23:30:53 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 23:30:53 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 23:30:53 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 23:30:53 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 23:30:48 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 23:30:47 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 23:30:47 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 23:20:12 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 23:20:12 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/11 17:05:21 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/11 17:05:21 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/11 17:05:17 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/11 17:04:54 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/11 17:04:49 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/11 17:04:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/08/27 22:23:28 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[21 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/23 17:50:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2014/09/23 17:14:10 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-91733369-1281498052-2340552009-1000UA.job
[2014/09/23 16:43:01 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Timo\Desktop\tdsskiller.exe
[2014/09/23 15:53:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/23 11:37:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 11:37:02 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 11:28:26 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/22 23:42:17 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/21 17:51:13 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Broadband.lnk
[2014/09/19 18:26:58 | 001,356,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/19 18:26:58 | 000,654,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/19 18:26:58 | 000,482,262 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2014/09/19 18:26:58 | 000,122,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/19 18:26:58 | 000,102,064 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2014/09/16 21:27:51 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTIMO-HP$.job
[2014/09/11 23:27:47 | 001,331,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/05 05:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/05 05:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/03 15:41:56 | 000,000,223 | ---- | M] () -- C:\Users\Timo\Desktop\The Treasures of Montezuma 4.url
[2014/08/28 23:03:08 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTimo.job
[2014/08/27 23:25:34 | 000,326,608 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[21 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/03 15:41:56 | 000,000,223 | ---- | C] () -- C:\Users\Timo\Desktop\The Treasures of Montezuma 4.url
[2014/01/03 01:04:00 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/04/15 13:27:54 | 000,000,600 | ---- | C] () -- C:\Users\Timo\PUTTY.RND
[2011/11/10 13:15:12 | 000,802,252 | ---- | C] () -- C:\Users\Timo\.DLMSave_back.xml
[2011/11/10 13:15:12 | 000,802,252 | ---- | C] () -- C:\Users\Timo\.DLMSave.xml
[2011/11/10 13:12:56 | 000,001,238 | ---- | C] () -- C:\Users\Timo\.Setting.ini
[2011/11/01 13:53:17 | 000,007,596 | ---- | C] () -- C:\Users\Timo\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 05:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 04:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/04/04 09:35:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\AdultAdvantage
[2014/08/14 21:37:50 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\AlawarEntertainment
[2012/05/15 00:07:40 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Apowersoft
[2014/06/24 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\AudioDope
[2011/11/07 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\BANDISOFT
[2014/01/04 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Battle.net
[2014/02/20 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Duplicate & Same Files Searcher
[2014/08/07 21:34:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\eCyber
[2011/12/24 16:53:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EPSON
[2011/11/06 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\IDT
[2014/09/23 12:13:12 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\iSafe
[2014/03/11 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\KoshyJohn.com
[2013/06/15 19:23:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leawo
[2013/02/08 01:26:14 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LibreOffice
[2012/07/18 17:33:43 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MahJong Suite
[2013/12/13 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Mp3 Music Editor
[2012/03/02 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mresreg
[2011/12/05 23:58:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\NeoDownloader
[2012/02/25 23:23:54 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Octoshape
[2014/01/21 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Oracle
[2012/11/02 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Origin
[2011/10/26 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PictureMover
[2013/11/14 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PotPlayerMini
[2012/09/28 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ProcessLasso
[2014/06/09 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\RadioMaximus
[2013/07/02 00:11:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\RaimaRadioPro
[2012/03/17 12:57:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\runic games
[2014/09/11 23:18:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\SoftGrid Client
[2013/01/03 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sound Editor Deluxe
[2014/09/23 12:50:20 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Spider Player
[2012/11/03 18:58:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sports Interactive
[2014/09/19 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Spotify
[2011/10/26 23:09:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Synaptics
[2013/06/15 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\tiger-k
[2011/11/01 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TP
[2011/11/22 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\URSoft
[2011/10/27 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\WildTangent
[2012/04/25 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Windows Live Writer
[2012/04/09 17:28:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Wondershare
[2013/05/12 18:22:18 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:F8B88761
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1CE11B51

< End of report >
 

Extras:

OTL Extras logfile created on: 9/25/2014 4:32:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
5.95 Gb Total Physical Memory | 4.60 Gb Available Physical Memory | 77.29% Memory free
11.90 Gb Paging File | 9.99 Gb Available in Paging File | 83.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.13 Gb Total Space | 377.62 Gb Free Space | 55.60% Space Free | Partition Type: NTFS
Drive D: | 19.21 Gb Total Space | 2.36 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
Drive F: | 34.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: TIMO-HP | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B5BE2C-CC0F-43E8-B87A-ADE95A4E2C81}" = rport=138 | protocol=17 | dir=out | app=system |
"{31891CFA-3AA7-4C67-9540-4B3B9B578919}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4154D354-873E-477D-B10F-2438FF605453}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B1B5C33-7B43-49B6-8F0B-34E5FFDE005F}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{566A611F-85A5-4AFE-BEF4-9DF7D16EFCBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{930F9C65-FDE5-4474-9B4C-93EEC1D4DBFD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A07290CE-D2CC-4A04-BCB0-1C4C2629A884}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A90BC9FA-2D5D-45ED-A413-A3C26DECBE19}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8999AA1-B925-4EC9-9E2C-8CA96D49E497}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF20E0BB-4024-4598-8BAB-D265320E9F5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{E17F6773-F8CC-4195-97FC-8B28CDBA08E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2F7DB85-9E3E-4EF5-94E6-6085EA28D0F0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E6AFB6CD-4660-4723-A95A-89F09AEB315F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8ACD4DF-EE32-4C3D-997A-F071E5E5EC9D}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{EBEB466B-2201-4404-958C-EE135C246313}" = lport=139 | protocol=6 | dir=in | app=system |
"{F31E6E25-3AA4-4684-92C3-05441392AC16}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF49D0A6-F696-43F4-91C1-A32CAE3B2F10}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0018583F-81E3-4165-B1C7-955AB0C59DA3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{009D0A49-7C81-42A5-8946-1D271137683E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{07686F98-AEB9-4774-AF9D-A1E22EA4FF7A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{0C6A2B52-2288-42BA-8177-8FC822F629A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{0E01E87E-C2DA-4B2D-9C12-D640E7123778}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{0EA31404-182E-4B01-B9E2-FEC76D662E39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{12158EED-85C7-4A74-AA68-AFA490C40564}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\montezuma 4\thetreasuresofmontezuma4.exe |
"{13CC5A5F-F514-4D3A-BB01-5E9F898AC899}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{15C3DF6F-31B7-440C-93BA-1C10BFC3792A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{18132779-6124-4450-97D3-7FC692C0402B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{186EDE8E-9BA6-4406-888C-59D4436BAB74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{18A76F8C-4B42-4FD7-BF68-7B68130C8B24}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{18BFB2DB-CF9E-43F3-97C3-E196CFCCB614}" = protocol=1 | dir=out | [email protected],-28544 |
"{1AEB623B-9318-4C63-B610-F82D610C293E}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{1C4D9502-5852-41E5-BF6D-A5BFBC51848B}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{1D5C7B83-E2AC-4D38-81A8-A4906A36C2AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{1EABE26B-BA22-4B70-A3E5-03DA061D4BF3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{1F56107C-57FB-4E09-A68B-C0B6FBAA7BB3}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2010\fm.exe |
"{22204260-E54A-4974-A256-E2180186C99C}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{2241E3A7-4345-443A-B6F5-BC338213ED53}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{260D8DF2-349F-4EF7-B119-7CEB2BE958B1}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{262E7FB0-F967-4225-A428-0D9F5EE537F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{264A7001-4B25-4D86-ACDF-7841B9D51070}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{283E1553-895A-423B-B694-E46AE1E68FBF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{28B98599-2D1C-45D9-84E4-B528414BE54E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{293AC71E-3C7C-423C-84E5-00105998EDBB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{29782A1E-8E29-4C6A-ACA1-0C5A891D9F8F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{2A8DD514-64B7-48F7-8D01-ACB289E4DA75}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{2A9369E8-2A4A-4774-B41E-8EACA163566B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{2B668247-3E04-4C62-8668-F77D404ECD00}" = protocol=58 | dir=out | [email protected],-28546 |
"{32A83405-71CD-45C3-B701-418C11887A77}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{34E18136-70EC-4436-B50F-2000E22DC38B}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{359C5D19-1119-4475-BBF0-47AC384F4DFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{35AD50F3-BCB4-4DF1-BEC3-6ED025433A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{37213746-838B-4EF0-AC0F-896F045CE709}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{37BB19FF-3C5D-43F4-BFBE-8E8DF597AF57}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{38E7C1B6-556E-44BC-B58D-2A990907C0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{39B1A930-E71F-4D3A-8024-71DB3014D63D}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\apowersoftdump.dll |
"{3C405AB2-2EDA-43F6-91DE-B52E85D3B6CB}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{3E86052C-399B-4FC8-AB19-A2DF806770FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3F4333F6-31F7-445E-AF20-9974DD533241}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{402030B8-619E-4677-852D-E4FDDAE144CB}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{416B25EA-22B9-417F-9CB6-A026CF7E9895}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{449C16FF-FC45-4DA9-B1C5-569CC6ECAB53}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{460153C0-4F9D-4470-8084-C65BEB4FA78E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{47C73B49-678C-40D8-BB73-86223FDF51EA}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{485BEE4E-23F3-4092-A831-708B1F97248D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{4922DE82-602E-4189-BB10-EB76B5C3E472}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4A7B9900-92D9-4410-BEB0-22F4A4452D75}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{4C2D5ADD-366C-491E-BF4E-88EDCBDCDF73}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4D068A22-1828-4850-921C-EDA44417F670}" = protocol=1 | dir=in | [email protected],-28543 |
"{4D14D613-DD84-44FB-9CA6-6E1EB1C3CA4E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{4E67AB5E-A922-4952-98F9-72B3A00ECA7B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4F5E6A7D-6C52-4049-BC0A-37F5319280F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5178C8A6-D9FB-4DBF-9259-76750014507D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{5397D31E-F7F6-4A60-BE5F-B53F8901B7CC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{53BA0852-284E-44E6-BA75-6480F00724C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{54F05C9E-B1E5-423E-9520-D5B2B0C6D07B}" = dir=in | app=c:\users\timo\appdata\local\microsoft\skydrive\skydrive.exe |
"{5AC1942F-DA54-425E-9C5D-448B5530FD86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{5B7F44B5-3594-406E-BC60-623DD55F5F39}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{5C32CB12-F202-43DA-8C9F-36A282FA2D0C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{61E2FA6E-686E-4F99-A7E1-2FC266016208}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{63AFE769-459F-4DF5-80CB-CB7388122211}" = protocol=58 | dir=in | [email protected],-28545 |
"{64C49999-DFEF-42F2-9DAB-0C80A9E238D6}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\bin\steamwebhelper.exe |
"{65BADF31-8B3B-4838-BEAA-18C22DE9BD2F}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{67886EC2-4F07-4FA3-90C5-6868BEF35144}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{688BE3F6-A687-4ECD-A658-6A1710713C65}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{6972A3C8-AADD-4A1E-ABDC-B979FDD923E8}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{71D11C75-24F0-4280-813E-603D2D2D5B64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{71D8B5AB-F879-445F-B5D1-EF7864CC5164}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{722C8F39-7F3A-4682-B59B-081757F363A7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{7304B7CD-F1AA-4920-8FEC-BE1B50D84A0E}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\max payne\maxpayne.exe |
"{737D1EDC-DB9D-4BE7-BB94-A939997EC660}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{7484AC64-8F03-45B6-AFFD-44F4E6AF285C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{7537B31C-0647-42E4-BF9F-BB940FF0844B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{7687AB1C-B971-42AE-A78C-DCF8391D4795}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{7760EC25-BBCC-4293-B93D-B2BFF3705CDC}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight\torchlight.exe |
"{7C1F8337-F148-4EBC-8F08-2C3B059A111D}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\episodedownloader.exe |
"{7C5D9E01-04C4-4EB0-8515-11968BD7443D}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{7C63037A-9A1D-4B37-AEE5-EDCE85B0C9B4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{7CA93790-CFBC-44B3-990E-FAA26DF97703}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{7E6E2FFB-C0A7-4A6F-B28D-37C6137E0869}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{8003DC62-E6C9-4830-AF46-93B6DB330201}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{820B519E-B532-4DAA-B104-69E7A9D23728}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{82C1939B-782E-4285-8A1F-581677808FDF}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{8458476C-C78E-4397-A5E4-BAA4426C2CB8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe |
"{84E3517A-A1A5-4C37-856C-C1CD056C767C}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{85F2A52A-37D9-44AA-B7DE-005CD1B8A110}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{87A8D136-38C7-49CB-AEB0-A71C03C0C40B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{88ECEB8F-0450-471D-8638-707E8425FDF6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{8A60C7E5-EE35-479F-AAFA-9FA3904B9950}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8FC8E403-C56D-40FA-8919-5A186C0894B4}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight\torchlight.exe |
"{8FF3B15C-11B1-4AE8-BDE4-A4A85E151121}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{90F9D0D3-ACBE-4923-9B2E-A92B9AFB3A24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{97497EB6-DAF2-4F57-B8B5-4E43005273B9}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{9A30D442-1691-43D2-A2BA-0CC661F29246}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{9A379518-DB78-4414-9714-AC4F2416B9F1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9A5EF8A1-5A95-4D51-98EE-16A0DA55A3E2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{9BB1AD5F-ED49-4391-A2EF-3CC21065DA41}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{9D324583-C2D1-44B9-A35E-8118313CF959}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\bin\steamwebhelper.exe |
"{9E92D7A3-F6E8-4564-AD23-AC771AFADDFA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{9E9C1120-2AAD-4947-931E-626CC2386703}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{9F3C7A97-4352-4FEB-AD3D-4FE479C19696}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{9FAEC9C8-51D8-442B-A5B2-92D62CB405CA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{A04EB468-77A0-435A-BF28-F76916CA6BD9}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{A3A912AC-2894-4B00-9E9C-9B33491545FB}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{A47AC44B-C2DD-407C-B961-A6B95ED72CEF}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\space rangers 2 reboot\rangers.exe |
"{A5C0D093-8442-47A3-817A-3D3A45D60DE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AA154E12-3558-4B1B-B949-2C106F82E645}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{AA8BDBF9-E078-4FE1-8FE6-4A74E4F7825B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{AAE16480-81E9-4406-8BE1-C21501B6802A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{AAEDCEB8-EECE-4F04-A5D5-BBFE5DFB72C0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{AD0D3A83-625E-4B4C-9B98-0F04EA7CA457}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\episode-downloader.exe |
"{AE4DF5DE-CA38-4ACB-AF38-B943B4CB16E2}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\montezuma 4\thetreasuresofmontezuma4.exe |
"{AEE122F5-780C-4770-878F-0CD1C5523EF8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{B10C8D63-5101-484D-91F4-DEAD59BAF075}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{B14A12F9-7E0D-4FFA-8F18-EBDDF6007298}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B1E13993-0248-4AB3-8F74-025B2434DE93}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe |
"{B2A2D06B-9B6E-4C73-B402-EEB42799EA8A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{B3CA92B4-5D4E-433E-A1CC-1B22DB077F51}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{B5D296C4-6F2B-4F0F-BB0C-7FCF969A2780}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B86648EF-5167-4347-84A9-DBBE5D963BF3}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\apowersoftsrv.dll |
"{BAA07FF6-02B5-4F80-BD45-B0EC48B5BEA0}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\max payne\maxpayne.exe |
"{BB33AB41-34C1-4E24-8A73-4932A5920574}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{BE23C79E-7D3A-4373-A239-70316359A240}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{BFFE4FBA-4665-4EE0-B628-65402353992C}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{C20261DD-3B86-4B1E-BCCF-AC234280EAD6}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2010\fm.exe |
"{C3833A69-53AF-440F-96EB-6B27CA99F75B}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{C3D2D812-A098-447C-8251-20EA31A14426}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{C538B553-2D84-4C44-9693-F543E3DD9833}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{C60FCF68-9309-4485-AD83-2EE4B286AEF5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{C87C1B23-B444-495A-AE69-43AFAC56007B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{C97FD3CF-3E21-411C-914D-466D4EEE7409}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{C9D0C3FE-4C31-43C7-9605-446FC61FBD27}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{CA457C09-F4A8-4F9D-9819-9A9D0394E840}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{CA4A34AE-5F09-44AD-8503-F95D486CD4F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{CD1EE135-BD4A-4449-BD7A-C218EF8E0A43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{D391CF94-0937-49DB-B9FB-42D9CB6316D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{D5D9F24A-3D96-4013-A10E-F3F2B0D35175}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{D8B32D99-CDEB-4023-9E4C-60B1178E2296}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{DD154878-103B-45F4-AC06-FD4D1D714A7E}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{DEF8B340-E24E-4483-9238-2DE2739EE52C}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{E10761C5-2396-4108-8FD3-115ED573F87C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{E765FCF9-5114-4282-8E06-BEC61513CD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E7883D3D-1FA1-4210-ADC5-EF58FB235AAE}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{EB4A5F1F-1CA2-4D55-BA48-E6AEF70A45B8}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{ECD345AE-E87E-44ED-8EF6-7A6785D3B527}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{ED73481F-5DCC-432F-B77B-52CF78C2D254}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{EF7EF8A0-CAA4-47E8-A2C3-E11F73633096}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{F1910E2C-AB5C-4943-9027-89422AF80799}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{F5565D9E-846F-41D2-867B-C0DF2F5DFD0F}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{F613FA64-BCDA-40B7-9FB2-ED0B6EB24691}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{F67B776A-FE52-41B4-B371-FCD3300ADCDC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{FB5B28F5-B4BE-4154-A046-D0D762E244B3}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{FB5F9E07-FE8F-4282-B9E2-9B13CABCC89E}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{FC628E20-4F8C-4657-8CC7-ED3C9D4E3FA3}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\space rangers 2 reboot\rangers.exe |
"{FCC9B764-E199-4260-BDED-6DF99EF17ADF}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FD12DD96-F914-438C-991A-35217775570F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{FE25396B-765E-45F9-8800-03AFE1984D80}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1C3266D4-0DA1-415B-951B-7B5B050B16F1}" = Validity WBF DDK
"{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb" = GOG.com Heroes of Might and Magic 3
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418011FF}" = Java 8 Update 11 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2DF79A08-9BFB-3120-B62D-F7E489A984EE}" = Microsoft .NET Framework 4.5.1 (FIN)
"{2E794F67-DAC1-C4A3-9128-0C841DF8A1BE}" = ATI Catalyst Install Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B1CE2EC-0C3A-4AE1-A8EF-B517016A2342}" = HP 3D DriveGuard
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-040B-1000-0000000FF1CE}" = Microsoft Officen pika-asennus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035" = Microsoft .NET Framework 4.5.1 (suomi)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F12CAF9A-1803-610D-C686-220E35980C99}" = ccc-utility64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"DiskMax" = DiskMax 4.71
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048C8498-C20B-4AF7-9978-7A79E567D74C}" = Photo Common
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A143C9B-DCE4-5089-E3DE-12BBCA178C12}" = CCC Help Russian
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B783100-6F04-4E2F-B83D-0A9B4EEDE47A}" = Windows Live Writer Resources
"{0F7BFF8F-274A-05FE-2D37-A0C644424871}" = CCC Help Greek
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{15775C9B-CD12-BDAF-F5FA-E06A7CB4F25D}" = CCC Help Korean
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18562567-BC92-9861-00B8-90B8F5545EA8}" = LangoMax Adult Advantage
"{1A79A578-4277-48AF-98A6-F9E48CF1B6D8}" = Windows Live Writer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D6F9A9A-DCF3-45A7-9B14-46DDA778313F}" = Windows Liven sähköposti
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FE417E2-6B8F-44CA-A7DF-A4BD072E8ED8}_is1" =  Leawo DVD Ripper version  5.1.0.0
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CAF2C07-3219-8143-0E1C-EB1E20223171}" = CCC Help Japanese
"{2CF48C8D-38F6-09E3-C24D-69999191726F}" = CCC Help Portuguese
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3436866E-2C3A-AC6F-C6CF-1ABFF5FB69A3}" = CCC Help Thai
"{381AAE35-6FB5-437E-8DD9-9C5C733943ED}" = Windows Live Family Safety
"{3BC81D4E-0E14-472D-2DA4-CB51D9A21BAE}" = Catalyst Control Center InstallProxy
"{3CBC0CD2-18F0-523D-DA6A-B224C3C4B2CF}" = CCC Help French
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup and Recovery™ 11 Compact Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5175254C-4F5C-61DF-9647-306994652857}" = CCC Help Chinese Traditional
"{52FB1497-BBDD-F46F-2ADE-407148D63C65}" = CCC Help Dutch
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{57CDA1B9-ED35-4382-AA87-C55A87676E65}_is1" = Fortop FLV Player 1.1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B9C9486-4287-4621-8F9D-EC3EE622A82F}" = LibreOffice 4.0.5.2
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{610A0147-10AB-D148-B6E1-503E40A444B9}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62CC9AF4-EDD9-43C8-9856-FFD60362CFA9}" = Windows Live Messenger
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66F0F1EB-A7B1-4592-BE90-404CD9E49053}" = HP Documentation
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F9EA30A-2DD4-81B6-8A08-719EB8683C40}" = CCC Help Finnish
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F8B662-32C3-D1B6-8048-35ED4B94DC87}" = CCC Help Danish
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140011-0066-040B-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - suomi
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1" = Command & Conquer Gold Edition Stand Alone v1.06c revision 3
"{94D44424-3A83-C25E-CB75-0703750714C2}" = Catalyst Control Center Localization All
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954680D5-B7C6-E5BA-9B62-09A5AB1F8022}" = CCC Help Hungarian
"{95CEC285-7B63-3D66-0B3F-EF0D9116375C}" = CCC Help Spanish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC8FD91-0E7A-4FC4-82C7-160F0BB3A91A}" = HP Software Framework
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A1CD76EB-30CA-45EE-9946-5FC20BA62012}" = Age of Wulin
"{AB2E32E3-B0C3-592C-8093-308249A70C82}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B1AEF127-E01A-40D8-3CDC-F4C76BF2A42B}" = CCC Help Polish
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B584C0FA-5037-C2DB-8399-A3153101B066}" = Catalyst Control Center Graphics Previews Common
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8812AF2-8483-4538-88AB-F1A4A145B209}" = Audials
"{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack
"{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}" = Movie Maker
"{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}" = WestwoodOnline
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C125CF1B-32B7-A63B-4DBE-72555A1D4730}" = CCC Help Italian
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2E21D9B-8AD7-588F-9BE9-70054C864D20}" = CCC Help Norwegian
"{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}" = Valokuvavalikoima
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11]
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D6399FF6-7BDF-F604-E493-76B47CF59C15}" = CCC Help Swedish
"{D79531DC-85D7-997F-4083-CE65505F1B7E}" = Catalyst Control Center Profiles Mobile
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7117563-58FF-5A50-664D-619DA8B5E3BF}" = CCC Help Chinese Standard
"{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1" = NeoDownloader 2.9.5
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED3D587B-9B2E-9F1F-723E-CE137F82CA85}" = ccc-core-static
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F1DD6CD2-6734-4089-9EF5-441F51E083B6}" = HP SimplePass 2011
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB3F7ACE-1633-5A41-250A-FA00E95EE402}" = CCC Help Czech
"{FC18709C-C93F-6BF7-904A-43B0125725ED}" = CCC Help English
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdultAdvantage" = LangoMax Adult Advantage
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.5.5.0)
"allslots" = All Slots Casino
"AnVir Task Manager Pro" = AnVir Task Manager Pro
"Areena 5 v1.21" = Areena 5 v1.21
"Around the World in 80 Days_is1" = Around the World in 80 Days
"Audiodope_is1" = Audiodope 0.26
"Baldur's Gate II_is1" = Baldur's Gate II
"Baldur's Gate_is1" = Baldur's Gate
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battle.net" = Battle.net
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CleanMem" = CleanMem
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstall)
"Diablo II" = Diablo II
"Divine Divinity_is1" = Divine Divinity
"eMusic Download Manager 5.0.3" = eMusic Download Manager
"eMusic Download Manager 6" = eMusic Download Manager 6
"EPSON Scanner" = EPSON Scan
"EPSON SX235 Series Netg" = Verkko-opas EPSON SX235 Series
"EPSON SX235 Series Useg" = Käyttöopas EPSON SX235 Series
"Everlong" = Everlong
"FeyRecorder" = FeyRecorder
"ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
"FileHippo.com" = FileHippo.com Update Checker
"GOGPACKAVERNUM_is1" = Avernum Series
"GOGPACKHARVESTER_is1" = Harvester
"GOGPACKHOMM3COMPLETE_is1" = Heroes of Might and Magic 3 Complete
"GOGPACKPANZERGENERAL2_is1" = Panzer General 2
"Hearthstone" = Hearthstone
"Hide Your IP Address_is1" = Hide Your IP Address
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"iSafe" = Yet Another Cleaner!
"Jagged Alliance 2_is1" = Jagged Alliance 2
"LastFM_is1" = Last.fm Scrobbler 2.1.30
"MahJong Suite_is1" = MahJong Suite 2012 v9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versio 2.0.2.1012
"MEDIA Revolution_is1" = MEDIA Revolution
"midicair Toolbar" = midicair Toolbar
"Mobile Broadband" = Mobile Broadband
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Officen pika-asennus 2010
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"Origin" = Origin
"Outcast_is1" = Outcast
"PotPlayer" = Daum PotPlayer 1.5.39036
"PrivaZer" = PrivaZer
"ProcessLasso" = Process Lasso
"RadioMaximus_is1" = RadioMaximus 1.85
"RarmaRadio_is1" = RarmaRadio 2.69
"RealPlayer 6.0" = RealPlayer
"Royal Envoy_is1" = Royal Envoy
"Sid Meier's Railroad Tycoon" = Sid Meier's Railroad Tycoon
"Sound Editor Deluxe_is1" = Sound Editor Deluxe v6.0.1
"SpeedFan" = SpeedFan (remove only)
"Spider Player_is1" = Spider Player 2.5.3
"Steam App 105600" = Terraria
"Steam App 12140" = Max Payne
"Steam App 200710" = Torchlight II
"Steam App 216530" = Football Manager 2013 Demo
"Steam App 220" = Half-Life 2
"Steam App 231670" = Football Manager 2014
"Steam App 301150" = The Treasures of Montezuma 4
"Steam App 34000" = Football Manager 2010
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 46330" = Space Rangers 2: Reboot
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7620" = Railroad Tycoon 2: Platinum
"SysResources Manager11.1" = SysResources Manager
"Theme Hospital_is1" = Theme Hospital
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"YU2010_is1" = Your Uninstaller! 7
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZumoDrive" = HP CloudDrive
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"TwistedBrush Pro Studio" = TwistedBrush Pro Studio
"webmdshow" = WebM Project Directshow Filters
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/15/2013 5:34:11 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/15/2013 4:42:53 PM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/16/2013 3:43:33 PM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/16/2013 5:48:19 PM | Computer Name = Timo-HP | Source = Application Error | ID = 1000
Description = Viallisen sovelluksen nimi: Client.exe, versio: 0.0.0.0, aikaleima:
 0x511b0fcf  Viallisen moduulin nimi: Client.exe, versio: 0.0.0.0, aikaleima: 0x511b0fcf
Poikkeuskoodi:
 0xc0000094  Virhepoikkeama: 0x0001bac6  Viallisen prosessin tunnus: 0x8a0  Viallisen
sovelluksen käynnistysaika: 0x01ce0c7c2608ac51  Viallisen sovelluksen polku: C:\Program
 Files (x86)\Grinding Gear Games\Path of Exile\Client.exe  Viallisen moduulin polku:
 C:\Program Files (x86)\Grinding Gear Games\Path of Exile\Client.exe  Raportin tunnus:
 92ee1890-7882-11e2-9275-001e101f7f74
 
Error - 2/18/2013 11:27:16 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/18/2013 12:16:39 PM | Computer Name = Timo-HP | Source = SideBySide | ID = 16842832
Description = Aktivointikontekstin luonti kohteelle C:\Users\Timo\Downloads\SoftonicDownloader_for_spider-player.exe
 epäonnistui. Virhe luettelo- tai käytäntötiedoston  rivillä .  Sovelluksen edellyttämä
 osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa.  Ristiriitaiset
 osat:  Osa 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Osa
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 2/19/2013 11:25:09 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/19/2013 3:56:55 PM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/20/2013 5:03:25 AM | Computer Name = Timo-HP | Source = CVHSVC | ID = 100
Description = Vain tietoja.  (Patch task for {90140011-0066-040B-0000-0000000FF1CE}):
 DownloadLatest Failed:
 
Error - 2/20/2013 11:08:16 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ Hewlett-Packard Events ]
Error - 7/20/2012 1:01:57 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/20/2012 4:00:54 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/20/2012 8:08:22 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/20/2012 3:22:59 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/20/2012 9:41:32 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/20/2012 11:50:25 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/20/2013 10:58:56 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/20/2013 12:36:34 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/20/2013 4:46:52 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 3/20/2013 6:39:13 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
[ HP Software Framework Events ]
Error - 2/4/2013 3:40:15 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.04 21:40:15.431|0000164C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/4/2013 3:42:06 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.04 21:42:06.441|0000168C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/4/2013 3:42:07 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.04 21:42:07.835|0000080C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/25/2013 3:36:06 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.25 21:36:06.171|000018B8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/25/2013 3:37:37 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.25 21:37:37.089|00001160|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/25/2013 3:37:38 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.25 21:37:38.433|00001D38|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/11/2013 3:38:27 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.11 21:38:27.298|00001764|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/11/2013 3:40:16 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.11 21:40:16.794|00001698|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/11/2013 3:40:18 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.11 21:40:18.257|00001950|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/25/2013 5:42:50 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.25 23:42:50.106|00000478|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 11/17/2011 3:26:26 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/17/2011 3:26:26 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/18/2011 11:18:39 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/18/2011 11:18:39 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/19/2011 9:59:27 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/19/2011 9:59:28 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/20/2011 10:20:40 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/20/2011 10:20:40 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/21/2011 2:06:55 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/21/2011 2:06:56 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 9/25/2014 4:51:28 AM | Computer Name = Timo-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error - 9/25/2014 7:59:29 AM | Computer Name = Timo-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error - 9/25/2014 8:49:41 AM | Computer Name = Timo-HP | Source = NetBT | ID = 4311
Description = Alustus epäonnistui, koska ohjainlaitetta ei voitu luoda.  Määritä liittymä,
 jossa epäonnistunut alustus ilmeni,   käyttämällä merkkijonoa "2C27D7BB7D36". Se
on viallisen liittymän MAC-osoite tai   GUID-tunnus (Globally Unique Interface Identifier),
 jos NetBT ei voinut   määrittää GUID-tunnusta MAC-osoitteeseen. Jos MAC-osoite tai
 GUID-tunnus   ei ollut käytettävissä, merkkijono on klusterilaitteen nimi.  
 
Error - 9/25/2014 8:49:41 AM | Computer Name = Timo-HP | Source = NetBT | ID = 4311
Description = Alustus epäonnistui, koska ohjainlaitetta ei voitu luoda.  Määritä liittymä,
 jossa epäonnistunut alustus ilmeni,   käyttämällä merkkijonoa "2C27D7BB7D36". Se
on viallisen liittymän MAC-osoite tai   GUID-tunnus (Globally Unique Interface Identifier),
 jos NetBT ei voinut   määrittää GUID-tunnusta MAC-osoitteeseen. Jos MAC-osoite tai
 GUID-tunnus   ei ollut käytettävissä, merkkijono on klusterilaitteen nimi.  
 
Error - 9/25/2014 8:53:35 AM | Computer Name = Timo-HP | Source = NetBT | ID = 4311
Description = Alustus epäonnistui, koska ohjainlaitetta ei voitu luoda.  Määritä liittymä,
 jossa epäonnistunut alustus ilmeni,   käyttämällä merkkijonoa "0C5B8F279A64". Se
on viallisen liittymän MAC-osoite tai   GUID-tunnus (Globally Unique Interface Identifier),
 jos NetBT ei voinut   määrittää GUID-tunnusta MAC-osoitteeseen. Jos MAC-osoite tai
 GUID-tunnus   ei ollut käytettävissä, merkkijono on klusterilaitteen nimi.  
 
Error - 9/25/2014 8:53:35 AM | Computer Name = Timo-HP | Source = NetBT | ID = 4311
Description = Alustus epäonnistui, koska ohjainlaitetta ei voitu luoda.  Määritä liittymä,
 jossa epäonnistunut alustus ilmeni,   käyttämällä merkkijonoa "0C5B8F279A64". Se
on viallisen liittymän MAC-osoite tai   GUID-tunnus (Globally Unique Interface Identifier),
 jos NetBT ei voinut   määrittää GUID-tunnusta MAC-osoitteeseen. Jos MAC-osoite tai
 GUID-tunnus   ei ollut käytettävissä, merkkijono on klusterilaitteen nimi.  
 
Error - 9/25/2014 8:53:35 AM | Computer Name = Timo-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error - 9/25/2014 8:55:22 AM | Computer Name = Timo-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error - 9/25/2014 8:55:23 AM | Computer Name = Timo-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
Error - 9/25/2014 9:32:34 AM | Computer Name = Timo-HP | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Ilmeni virhe yritettäessä lukea paikallista isäntätiedostoa.
 
 
< End of report >
 


Edited by taloi8, 27 September 2014 - 02:51 PM.

  • 0

Advertisements


#2
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Sorry that it has taken so long to reply.

 

Sometimes we get quite busy and this is one of those times. 

 

Do you still require help?


  • 0

#3
taloi8

taloi8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

I still need help. I installed NoScript few days ago. Latest Bloodhound33 related problem was 23rd of september.


  • 0

#4
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok :thumbsup:

 

I'll get to work on your log and have a status for you later today or tomorrow :)


  • 0

#5
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Ok, let's get started.

 

Please uninstall the following programs by going to START > Control Panel > Add / Remove Programs and uninstall the following (if listed):

Isafe or it might be called Yet Another Cleaner!


Highlight the program you want to uninstall (by finding it in the list and left clicking on it once), then click Uninstall at the bar above the list window.

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.

 

Next - You seem to be running two Anti-Virus programs, Norton and Defender. Please pick one. If you choose Defender, then uninstall Norton. If you pick Norton, then disable (you can't uninstall Defender) Defender.

 

Last, are three steps. An OTL fix, a Rogue Killer Scan and an ASWmbr scan. Please perform them in the order that I presented them and post your logs after all are complete.

51a5d669693dd-icon_OTL.png Fix with OTL

Please re-run OTL with this removal script included.



icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

  • Right-click on 51a5d669693dd-icon_OTL.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Under the Custom Scans/Fixes bar in the box paste in the following:
    :Commands[SETRESTOREPOINT]
    
    :OTL
    
    PRC - C:\Program Files (x86)\iSafe\ipcdl.exe ()
    
    PRC - C:\Program Files (x86)\iSafe\iSafeSvc2.exe (Elex do Brasil Participações Ltda)
    
    PRC - C:\Program Files (x86)\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda)
    
    PRC - C:\Program Files (x86)\iSafe\iSafeTray.exe (Elex do Brasil Participações Ltda)
    
    PRC - C:\Program Files (x86)\iSafe\ipcdl.exe ()
    
    PRC - C:\Program Files (x86)\iSafe\iSafeSvc2.exe (Elex do Brasil Participações Ltda)
    
    PRC - C:\Program Files (x86)\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda)
    
    MOD - C:\Program Files (x86)\iSafe\curlpp.dll ()
    
    MOD - C:\Program Files (x86)\iSafe\libpng.dll ()
    
    MOD - C:\Program Files (x86)\iSafe\zlib1.dll ()
    
    SRV - (iSafeService) -- C:\Program Files (x86)\iSafe\iSafeSvc.exe (Elex do Brasil Participações Ltda)
    
    DRV:64bit: - (iSafeKrnlBoot) -- C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys (Elex do Brasil Participações Ltda)
    
    DRV - (iSafeKrnl) -- C:\Program Files (x86)\iSafe\iSafeKrnl.sys (Elex do Brasil Participações Ltda)
    
    DRV - (iSafeKrnlKit) -- C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (Elex do Brasil Participações Ltda)
    
    DRV - (iSafeKrnlR3) -- C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys (Elex do Brasil Participações Ltda)
    
    DRV - (iSafeNetFilter) -- C:\Program Files (x86)\iSafe\iSafeNetFilter.sys (Elex do Brasil Participações Ltda)
    
    [2011/10/27 11:41:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
    
    [2014/09/23 16:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\extensions
    
    [2014/08/07 22:10:42 | 000,126,171 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\[email protected]
    
    [2014/08/07 21:43:42 | 000,001,736 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi
    
    [2014/09/23 16:57:24 | 000,541,015 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
    
    [2014/08/07 21:22:19 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    
    [2014/08/30 10:50:06 | 000,300,373 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    
    [2014/09/19 09:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    
    [2014/09/19 09:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    
    :files
    
    C:\Users\Timo\AppData\Roaming\iSafe
    
    :Commands
    [resethosts]
    [emptytemp]
    [reboot]
    
    
  • Push Run Fix and wait patiently.
  • If asked to reboot, please allow it to.
  • A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

 

That's good to hear about the uninstalls. One of the infections removed was classified as a "Fraud / Rogue" type of software, so we need to scan for any traces left of that software.

  • Download RogueKiller (by tigzy) on to your desktop
  • Quit all programs.
  • Start RogueKiller.exe.
  • Wait until the Prescan has finished ...
  • Click on Scan. Once finished, click on Report

Note: DO NOT click on anything else other than SCAN and REPORT. I will review the log and see if there is anything left to remove first.

Please post the contents of the RKreport.txt in your next Reply.

 

Download aswMBR.exe to your desktop. If you already have this application, this is a new version I need you to download.

Double click the aswMBR.exe to run it

xaswMBR1.png.pagespeed.ic.uaMLRFdGSq.png

Click the "Scan" button to start scan

If your computer supports Virtualization Technology, select Yes to use it for rootkit detection.

msgbox.png

On completion of the scan click Save Log, save it to your desktop and post in your next reply

xaswMBR2.png.pagespeed.ic.cIfa_yNxzg.png



Third, scan with AdwCleaner >>>>


AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwScan.jpg?
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

  • 0

#6
taloi8

taloi8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Thanks for your help so far.

 

All processes killed
Error: Unable to interpret <:Commands[SETRESTOREPOINT]> in the current context!
========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
No active process named Program Files was found!
Error: No service named iSafeService was found to stop!
Unable to delete service\driver key iSafeService.
File move failed. C:\Program Files (x86)\iSafe\iSafeSvc.exe scheduled to be moved on reboot.
Error: No service named iSafeKrnlBoot was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnlBoot deleted successfully.
C:\Windows\SysNative\drivers\iSafeKrnlBoot.sys moved successfully.
Error: No service named iSafeKrnl was found to stop!
Unable to delete service\driver key iSafeKrnl.
File move failed. C:\Program Files (x86)\iSafe\iSafeKrnl.sys scheduled to be moved on reboot.
Error: No service named iSafeKrnlKit was found to stop!
Unable to delete service\driver key iSafeKrnlKit.
File move failed. C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys scheduled to be moved on reboot.
Error: No service named iSafeKrnlR3 was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iSafeKrnlR3 deleted successfully.
File move failed. C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys scheduled to be moved on reboot.
Error: No service named iSafeNetFilter was found to stop!
Unable to delete service\driver key iSafeNetFilter.
File move failed. C:\Program Files (x86)\iSafe\iSafeNetFilter.sys scheduled to be moved on reboot.
C:\Users\Timo\AppData\Roaming\mozilla\Extensions folder moved successfully.
C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\extensions folder moved successfully.
File C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\[email protected] not found.
File C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{46868735-c3fa-47ce-8ce7-cce51a66aceb}.xpi not found.
File C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi not found.
File C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
File C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
C:\Users\Timo\AppData\Roaming\iSafe\startup folder moved successfully.
C:\Users\Timo\AppData\Roaming\iSafe\SendTo folder moved successfully.
C:\Users\Timo\AppData\Roaming\iSafe\log folder moved successfully.
C:\Users\Timo\AppData\Roaming\iSafe\ico folder moved successfully.
C:\Users\Timo\AppData\Roaming\iSafe folder moved successfully.
========== COMMANDS ==========
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes
 
User: Default User
 
User: Public
 
User: Timo
->Temp folder emptied: 11723223 bytes
->Temporary Internet Files folder emptied: 1613213 bytes
->Java cache emptied: 65256392 bytes
->FireFox cache emptied: 373579802 bytes
->Flash cache emptied: 5565 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1104575 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 195 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 432.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09292014_212839

Files\Folders moved on Reboot...
File move failed. C:\Program Files (x86)\iSafe\iSafeSvc.exe scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\iSafe\iSafeKrnl.sys scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys scheduled to be moved on reboot.
File move failed. C:\Program Files (x86)\iSafe\iSafeNetFilter.sys scheduled to be moved on reboot.
C:\Users\Timo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Timo\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software

Run date: 2014-09-29 21:58:39
-----------------------------
21:58:39.055    OS Version: Windows x64 6.1.7601 Service Pack 1
21:58:39.056    Number of processors: 4 586 0x2A07
21:58:39.056    ComputerName: TIMO-HP  UserName: Timo
21:58:41.009    Initialize success
21:58:41.133    VM: initialized successfully
21:58:41.135    VM: Intel CPU BiosDisabled
21:59:00.390    VM: supported disk I/O iaStor.sys
22:00:00.729    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:00:00.729    Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
22:00:01.119    Disk 0 MBR read successfully
22:00:01.119    Disk 0 MBR scan
22:00:01.135    Disk 0 Windows 7 default MBR code
22:00:01.150    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:00:01.182    Disk 0 Boot: NTFS     code=1
22:00:01.260    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       695431 MB offset 409600
22:00:01.291    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        19670 MB offset 1424652288
22:00:01.338    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      102 MB offset 1464936448
22:00:01.618    Disk 0 scanning C:\Windows\system32\drivers
22:00:12.024    Service scanning
22:00:15.736    Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys **LOCKED** 5
22:00:16.891    Service ccSet_NIS C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys **LOCKED** 5
22:00:23.692    Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys **LOCKED** 5
22:00:28.466    Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.022\ENG64.SYS **LOCKED** 5
22:00:28.731    Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140928.022\EX64.SYS **LOCKED** 5
22:00:35.595    Service SRTSPX C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS **LOCKED** 5
22:00:36.625    Service SymDS C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS **LOCKED** 5
22:00:36.812    Service SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS **LOCKED** 5
22:00:36.937    Service SymIRON C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS **LOCKED** 5
22:00:37.030    Service SymNetS C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS **LOCKED** 5
22:00:43.629    Modules scanning
22:00:43.629    Disk 0 trace - called modules:
22:00:43.645    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
22:00:43.660    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008486060]
22:00:43.660    3 CLASSPNP.SYS[fffff8800105143f] -> nt!IofCallDriver -> [0xfffffa8006689b10]
22:00:43.676    5 hpdskflt.sys[fffff880019f3189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006561050]
22:00:43.676    Scan finished successfully
22:01:33.035    Disk 0 MBR has been saved successfully to "C:\Users\Timo\Desktop\MBR.dat"
22:01:33.035    The log file has been saved successfully to "C:\Users\Timo\Desktop\aswMBR.txt"

 

RogueKiller V9.2.13.0 [Sep 25 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Timo [Admin rights]
Mode : Scan -- Date : 09/29/2014  21:55:07

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5588E4BF-9F90-4AE8-BCB4-15F85269A7ED} | NameServer : 192.89.123.230 192.89.123.231  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B6DC2381-7822-46B6-BBE4-EDAE8A95FEC5} | NameServer : 192.89.123.230 192.89.123.231  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4D80E081-4B04-4184-9021-6A98B3553785} | NameServer : 192.89.123.231 192.89.123.230  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{87FFD6C5-67DC-406A-AFAE-9A8F7BE4517D} | NameServer : 192.89.123.231 192.89.123.230  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C82A1C6A-E50B-4F84-9054-61B5BC9C08A9} | NameServer : 192.89.123.231 192.89.123.230  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5588E4BF-9F90-4AE8-BCB4-15F85269A7ED} | NameServer : 192.89.123.230 192.89.123.231  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B6DC2381-7822-46B6-BBE4-EDAE8A95FEC5} | NameServer : 192.89.123.230 192.89.123.231  -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{5588E4BF-9F90-4AE8-BCB4-15F85269A7ED} | NameServer : 192.89.123.230 192.89.123.231  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\Windows\System32\drivers\etc\hosts] ::1       localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] bc3d7e0736d89d73bd048623805a396d
[BSP] 31b3c7d68690718eccc4b5e87923c08c : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 695431 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1424652288 | Size: 19670 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] a03947f847cb37a63fc00e862b4200cc
[BSP] 31b3c7d68690718eccc4b5e87923c08c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB

+++++ PhysicalDrive1: HUAWEI TF CARD Storage USB Device +++++
Error reading User MBR! ([15] Laite ei ole valmiina. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] Pyyntöä ei tueta. )

 

# AdwCleaner v3.310 - Report created 29/09/2014 at 22:05:21
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Timo - TIMO-HP
# Running from : C:\Users\Timo\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Windows\System32\log\iSafeKrnlCall.log
Folder Found : C:\Program Files (x86)\midicair
Folder Found : C:\ProgramData\AlawarWrapper
Folder Found : C:\Users\Timo\AppData\Local\AlawarWrapper
Folder Found : C:\Users\Timo\AppData\Local\Temp\iSafeRightKeyScan
Folder Found : C:\Users\Timo\AppData\LocalLow\midicair
Folder Found : C:\Users\Timo\AppData\Roaming\eCyber
Folder Found : C:\Users\Timo\AppData\Roaming\iSafe

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\midicair
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{77F8C945-4B74-4BD6-A073-E0D1997EDCE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77F8C945-4B74-4BD6-A073-E0D1997EDCE8}
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222772293}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622182257}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{77F8C945-4B74-4BD6-A073-E0D1997EDCE8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB0C157-F9B1-4B0B-AE43-8217B2B2AA44}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655185557}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666186657}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2795622
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244774493}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644184457}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Found : HKLM\SOFTWARE\iSafe
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{011F33D1-A583-45A6-B986-35E8E8B650D2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3B039D1-1C62-4967-ADE0-E024E599E065}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\registrybooster_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_spider-player_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_spider-player_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CB0C157-F9B1-4B0B-AE43-8217B2B2AA44}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\midicair Toolbar
Key Found : HKLM\SOFTWARE\midicair
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622182257}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255775593}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655185557}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266776693}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666186657}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8430 octets] - [29/09/2014 22:05:21]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8490 octets] ##########


 


  • 0

#7
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

A little better, but still some work to do. Please run the following tool and post the resulting log please. Also, let me know how the computer is behaving after this tool runs. :thumbsup:

 

51a5bf3d99e8a-ComboFixlogo16.png Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.
Do not run ComboFix on your own!


Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.



  • Right-click on 51a5bf3d99e8a-ComboFixlogo16.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the disclaimer and agree if prompted to install Recovery Console.
  • Do not take any actions while ComboFix goes through your System - it may cause it to stall!
  • This scan may take some time!
  • When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.
icon_idea.gif If you'll encounter any issues with internet connection after running ComboFix, please visit this link.
icon_idea.gif If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

 


  • 0

#8
taloi8

taloi8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Computer seems little faster now.

 

ComboFix 14-09-29.02 - Timo 29.09.2014  23:55:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.358.1035.18.6092.4785 [GMT 3:00]
Sijainti: c:\users\Timo\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((   Muut poistot   ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Client.txt
.
.
(((((   Tiedostot, jotka on luotu seuraavalla aikavälillä: 2014-08-28 to 2014-09-29  )))))))))))))))))
.
.
2014-09-29 19:04 . 2014-09-29 19:05    --------    d-----w-    C:\AdwCleaner
2014-09-29 18:48 . 2014-09-29 18:48    34808    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-09-29 18:47 . 2014-09-29 18:48    --------    d-----w-    c:\programdata\RogueKiller
2014-09-29 18:28 . 2014-09-29 18:28    --------    d-----w-    C:\_OTL
2014-09-24 11:58 . 2014-09-24 15:21    --------    d-----w-    c:\windows\system32\drivers\NISx64\1506000.020
2014-09-24 10:20 . 2014-09-09 22:11    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-24 10:20 . 2014-09-09 21:47    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-18 11:20 . 2014-09-18 11:20    --------    d--h--w-    c:\windows\PIF
2014-09-12 18:37 . 2014-09-28 10:38    122584    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-12 18:37 . 2014-09-12 18:37    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-12 18:37 . 2014-09-12 18:37    --------    d-----w-    c:\programdata\Malwarebytes
2014-09-12 18:37 . 2014-05-12 04:26    63704    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-09-12 18:37 . 2014-05-12 04:26    91352    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-09-12 18:37 . 2014-05-12 04:25    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-09-11 20:30 . 2014-08-18 22:03    139264    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-09-11 20:20 . 2014-06-27 02:08    2777088    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-09-11 20:20 . 2014-06-27 01:45    2285056    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-11 14:05 . 2014-08-01 11:53    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-09-11 14:05 . 2014-08-01 11:35    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2014-09-11 14:05 . 2014-06-24 03:29    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
2014-09-11 14:05 . 2014-06-24 02:59    1987584    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-09-11 14:04 . 2014-07-07 02:06    728064    ----a-w-    c:\windows\system32\kerberos.dll
2014-09-11 14:04 . 2014-07-07 02:06    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-09-11 14:04 . 2014-07-07 01:40    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-09-11 14:04 . 2014-07-07 01:40    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2014-09-11 14:04 . 2014-07-07 01:39    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2014-09-11 14:04 . 2014-09-05 02:10    578048    ----a-w-    c:\windows\system32\aepdu.dll
2014-09-11 14:04 . 2014-09-05 02:05    424448    ----a-w-    c:\windows\system32\aeinv.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M-raportti   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-27 19:49 . 2012-04-04 06:00    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-27 19:49 . 2011-10-27 19:19    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-22 17:25 . 2012-07-17 11:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-11 20:21 . 2011-10-28 15:31    101694776    ----a-w-    c:\windows\system32\MRT.exe
2014-08-23 02:07 . 2014-08-27 19:23    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 19:23    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-08-27 19:23    3163648    ----a-w-    c:\windows\system32\win32k.sys
2014-08-14 12:54 . 2014-08-14 12:52    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-07 18:08 . 2014-08-07 17:35    290304    ----a-w-    c:\windows\SysWow64\subinacl.exe
2014-08-07 14:57 . 2014-07-14 15:41    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-07-24 23:35 . 2014-07-24 23:35    875688    ----a-w-    c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 20:47 . 2014-07-24 20:47    869544    ----a-w-    c:\windows\system32\msvcr120_clr0400.dll
2014-07-18 18:36 . 2014-07-18 18:36    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-18 18:36 . 2014-07-18 18:37    321448    ----a-w-    c:\windows\system32\javaws.exe
2014-07-18 18:36 . 2014-07-18 18:36    191400    ----a-w-    c:\windows\system32\javaw.exe
2014-07-18 18:36 . 2014-07-18 18:36    190888    ----a-w-    c:\windows\system32\java.exe
2014-07-14 02:02 . 2014-08-13 14:20    1216000    ----a-w-    c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 14:20    664064    ----a-w-    c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 13:16    7168    ----a-w-    c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 13:16    7168    ----a-w-    c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 13:16    7168    ----a-w-    c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 13:16    6656    ----a-w-    c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 13:16    7168    ----a-w-    c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 13:16    7168    ----a-w-    c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 13:16    6656    ----a-w-    c:\windows\SysWow64\KBDBASH.DLL
.
.
((((((((((((((((((((((((((((((   Rekisterin käynnistyskohteet   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-07 17:33    220632    ----a-w-    c:\users\Timo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-07 17:33    220632    ----a-w-    c:\users\Timo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-07 17:33    220632    ----a-w-    c:\users\Timo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 Mobile Broadband. RunOuc;Mobile Broadband. OUC;c:\program files (x86)\Mobile Broadband\UpdateDog\ouc.exe;c:\program files (x86)\Mobile Broadband\UpdateDog\ouc.exe [x]
R3 a2acc;a2acc;c:\users\TIMO\DOCUMENTS\MAMUTU\a2accx64.sys;c:\users\TIMO\DOCUMENTS\MAMUTU\a2accx64.sys [x]
R3 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R3 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R3 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
R3 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R3 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juwwanecm.sys [x]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbmdm.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windowsin aktivointitekniikoiden palvelu;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys;c:\windows\SYSNATIVE\drivers\WsAudio_DeviceS(5).sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\SYMEFA64.SYS [x]
S1 a2injectiondriver;a2injectiondriver;c:\users\Timo\Documents\Mamutu\a2dix64.sys;c:\users\Timo\Documents\Mamutu\a2dix64.sys [x]
S1 a2util;a-squared Malware-IDS utility driver;c:\users\Timo\Documents\Mamutu\a2util64.sys;c:\users\Timo\Documents\Mamutu\a2util64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140926.003\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1506000.020\SYMNETS.SYS [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Mamutu;Mamutu Service;c:\users\TIMO\DOCUMENTS\MAMUTU\a2service.exe;c:\users\TIMO\DOCUMENTS\MAMUTU\a2service.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys;c:\windows\SYSNATIVE\DRIVERS\rrnetcap.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WsAudio_Device(1);WsAudio_Device(1);c:\windows\system32\drivers\VirtualAudio1.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio1.sys [x]
S3 WsAudio_Device(2);WsAudio_Device(2);c:\windows\system32\drivers\VirtualAudio2.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio2.sys [x]
S3 WsAudio_Device(3);WsAudio_Device(3);c:\windows\system32\drivers\VirtualAudio3.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio3.sys [x]
S3 WsAudio_Device(4);WsAudio_Device(4);c:\windows\system32\drivers\VirtualAudio4.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio4.sys [x]
S3 WsAudio_Device(5);WsAudio_Device(5);c:\windows\system32\drivers\VirtualAudio5.sys;c:\windows\SYSNATIVE\drivers\VirtualAudio5.sys [x]
S3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);c:\windows\system32\drivers\WsAudioDevice_383S(1).sys;c:\windows\SYSNATIVE\drivers\WsAudioDevice_383S(1).sys [x]
.
.
--- Muut muistissa olevat ajurit/palvelut ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18    451872    ----a-w-    c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
'Ajoitetut tehtävät'-kansion sisältö
.
2014-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-91733369-1281498052-2340552009-1000UA.job
- c:\users\Timo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-20 19:52]
.
2014-09-16 c:\windows\Tasks\HPCeeScheduleForTIMO-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2014-09-27 c:\windows\Tasks\HPCeeScheduleForTimo.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-10-07 17:33    244696    ----a-w-    c:\users\Timo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-10-07 17:33    244696    ----a-w-    c:\users\Timo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-10-07 17:33    244696    ----a-w-    c:\users\Timo\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32    2240000    ----a-w-    c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-02 524800]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
.
------- Täydentävä tarkistus -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
TCP: Interfaces\{5588E4BF-9F90-4AE8-BCB4-15F85269A7ED}: NameServer = 192.89.123.230 192.89.123.231
FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
.
.
------- Tiedostokytkennät -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - POISTETUT JÄMÄRIVIT - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.6.0.32;c:\program files (x86)\Norton Internet Security\Engine64\21.6.0.32"
.
--------------------- LUKITUT REKISTERIAVAIMET ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Muut prosessit ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AnVir Task Manager Pro\anvir.exe
c:\programdata\Mobile Broadband\OnlineUpdate\ouc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Valmistumisajankohta: 2014-09-30  00:20:12 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt  2014-09-29 21:20
.
Ennen ajoa: 404 379 152 384 tavua vapaana
Ajon jälkeen: 403 823 157 248 tavua vapaana
.
- - End Of File - - 025883CD596A17483F5E95E900D157BE

 


  • 0

#9
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Next step...

 

Download Dr.Web CureIt to the desktop.
 

  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow xdrweb_green_arrow.jpg.pagespeed.ic.afG_ at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    xdrweb_check.gif.pagespeed.ic.4OoJwUJzE7
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    drweb_move.gif.pagespeed.ce.khQDi40h4R.g
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

 

Let me know how the machine is working? The logs look good so far, has the original issue resolved?


  • 0

#10
taloi8

taloi8

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts

Computer seems normal at the moment.Original issue seems resolved.

 

=============================================================================
Dr.Web Scanner SE for Windows v9.1.2.08270
© Doctor Web, Ltd., 1992-2013
Scan session started 2014/09/30 17:12:12
Module location : C:\Users\Timo\AppData\Local\Temp\B782BA40-1C5148B8-7153EF20-F70041D8\
=============================================================================
Total 128544274016 bytes in 164485 files scanned (182063 objects)
Total 164454 files (182027 objects) are clean
There are no infected objects detected
Total 36 files are raised error condition
Scan time is 01:11:41.064

 

OTL logfile created on: 9/30/2014 9:37:15 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
5.95 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 74.99% Memory free
11.90 Gb Paging File | 9.81 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.13 Gb Total Space | 375.71 Gb Free Space | 55.32% Space Free | Partition Type: NTFS
Drive D: | 19.21 Gb Total Space | 2.36 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: TIMO-HP | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Timo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\Mobile Broadband\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\AnVir Task Manager Pro\AnVir.exe (AnVir Software)
PRC - C:\USERS\TIMO\DOCUMENTS\MAMUTU\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\802a9bff6be56d5ea8384d20bee78562\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\27bf12496a31ac45c7f95f646bccff84\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2508b25b4d961a45659a8a8f128818a1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f8922283404046fb5227407194d59d7e\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5bf56d6064af88d8812a3f78e0dfd376\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4c4507612d22786d45594a65a0213c1f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_fi_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fi_b77a5c561934e089\mscorlib.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (Mobile Broadband. RunOuc) -- C:\Program Files (x86)\Mobile Broadband\UpdateDog\ouc.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Mamutu) -- C:\USERS\TIMO\DOCUMENTS\MAMUTU\a2service.exe (Emsi Software GmbH)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DataCardService\HWDeviceService64.exe ()
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (TrueSight) -- C:\Windows\SysNative\drivers\TrueSight.sys ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1506000.020\symds64.sys (Symantec Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (WsAudio_Device(5) -- C:\Windows\SysNative\drivers\VirtualAudio5.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(4) -- C:\Windows\SysNative\drivers\VirtualAudio4.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(3) -- C:\Windows\SysNative\drivers\VirtualAudio3.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(2) -- C:\Windows\SysNative\drivers\VirtualAudio2.sys (Wondershare)
DRV:64bit: - (WsAudio_Device(1) -- C:\Windows\SysNative\drivers\VirtualAudio1.sys (Wondershare)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (tbhsd) -- C:\Windows\SysNative\drivers\tbhsd.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCapMP) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (RRNetCap) -- C:\Windows\SysNative\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows ® 2000 DDK provider)
DRV:64bit: - (WsAudio_DeviceS(5) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys (Wondershare)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (WsAudio_DeviceS(3) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(2) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(1) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys (Wondershare)
DRV:64bit: - (WsAudio_DeviceS(4) -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys (Wondershare)
DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL2832U_IRHID) -- C:\Windows\SysNative\drivers\RTL2832U_IRHID.sys (Realtek)
DRV:64bit: - (RTL2832UUSB) -- C:\Windows\SysNative\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (RTL2832UBDA) -- C:\Windows\SysNative\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140929.018\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20140929.018\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20140929.001\IDSviA64.sys (Symantec Corporation)
DRV - (a2acc) -- C:\USERS\TIMO\DOCUMENTS\MAMUTU\a2accx64.sys (Emsi Software GmbH)
DRV - (a2injectiondriver) -- C:\Users\Timo\Documents\Mamutu\a2dix64.sys (Emsi Software GmbH)
DRV - (a2util) -- C:\Users\Timo\Documents\Mamutu\a2util64.sys (Emsi Software GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (RTL2832U_IRHID) -- C:\Windows\SysWOW64\drivers\RTL2832U_IRHID.sys (Realtek)
DRV - (RTL2832UUSB) -- C:\Windows\SysWOW64\drivers\RTL2832UUSB.sys (REALTEK SEMICONDUCTOR Corp.)
DRV - (RTL2832UBDA) -- C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys (REALTEK SEMICONDUCTOR Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE:64bit: - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKLM\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0191A6B0-1154-4C22-9182-23A95BBE92D9}
IE - HKCU\..\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.43
FF - prefs.js..extensions.enabledAddons: %7B3205B348-523A-4fac-9BC4-9939CBF583B0%7D:2.1.7
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.11.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic604.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Timo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Timo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Timo\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn\ [2014/09/30 10:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/06/04 11:58:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/06/04 11:58:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/06/04 11:58:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/09/27 11:30:13 | 000,000,000 | ---D | M]
 
[2014/09/29 22:21:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Extensions
[2014/09/29 22:42:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\extensions
[2014/09/29 22:42:16 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Users\Timo\AppData\Roaming\mozilla\Firefox\Profiles\c7ixr1j5.default-1407435073953\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2014/09/29 22:41:04 | 000,541,099 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/09/29 22:36:43 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/09/29 21:33:03 | 000,000,609 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\searchplugins\Google.xml
[2014/09/30 12:02:44 | 000,005,548 | ---- | M] () -- C:\Users\Timo\AppData\Roaming\mozilla\firefox\profiles\c7ixr1j5.default-1407435073953\searchplugins\startpage-https.xml
[2012/06/28 18:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: about:blank
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\Application\36.0.1985.125\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\Application\36.0.1985.125\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhfpefkeidlhbjljfdojcnngjbddgein\1.0_0\npwebsitelogon.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.2.5_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Timo\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Timo\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Bing Bar (Enabled) = C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Timo\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-haku = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Deezer = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.2_0\
CHR - Extension: Gmail = C:\Users\Timo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/09/30 00:12:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.11.2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.67.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48EFBF32-6516-499B-935B-C4F9DED72294}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5588E4BF-9F90-4AE8-BCB4-15F85269A7ED}: NameServer =  
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6DC2381-7822-46B6-BBE4-EDAE8A95FEC5}: NameServer =  
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O28 - HKCU ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/30 17:12:12 | 000,000,000 | ---D | C] -- C:\Users\Timo\Doctor Web
[2014/09/30 00:20:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/09/30 00:20:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/09/29 23:53:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/09/29 23:53:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/09/29 23:53:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/09/29 23:49:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/09/29 23:49:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/09/29 23:45:50 | 005,582,345 | R--- | C] (Swearware) -- C:\Users\Timo\Desktop\ComboFix.exe
[2014/09/29 22:04:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/29 21:58:07 | 005,185,536 | ---- | C] (AVAST Software) -- C:\Users\Timo\Desktop\aswmbr.exe
[2014/09/29 21:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/09/29 21:28:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/24 22:11:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/23 17:50:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2014/09/23 16:42:56 | 004,181,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Timo\Desktop\tdsskiller.exe
[2014/09/18 14:20:15 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2014/09/18 14:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quintessence - TBV
[2014/09/12 21:37:39 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/12 21:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/12 21:37:21 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/12 21:37:21 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/12 21:37:21 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/12 21:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/12 21:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/30 21:34:54 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-91733369-1281498052-2340552009-1000UA.job
[2014/09/30 21:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/30 17:11:29 | 155,494,184 | ---- | M] () -- C:\Users\Timo\Desktop\6z6fvhyo.exe
[2014/09/30 16:46:06 | 000,002,035 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Broadband.lnk
[2014/09/30 11:03:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/30 11:03:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/30 11:01:20 | 001,356,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/30 11:01:20 | 000,654,916 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/30 11:01:20 | 000,482,262 | ---- | M] () -- C:\Windows\SysNative\perfh00B.dat
[2014/09/30 11:01:20 | 000,122,530 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/30 11:01:20 | 000,102,064 | ---- | M] () -- C:\Windows\SysNative\perfc00B.dat
[2014/09/30 10:55:12 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/30 00:12:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/09/29 23:46:05 | 005,582,345 | R--- | M] (Swearware) -- C:\Users\Timo\Desktop\ComboFix.exe
[2014/09/29 22:03:25 | 001,373,475 | ---- | M] () -- C:\Users\Timo\Desktop\adwcleaner_3.310.exe
[2014/09/29 22:01:33 | 000,000,512 | -H-- | M] () -- C:\Users\Timo\Desktop\MBR.dat
[2014/09/29 21:58:13 | 005,185,536 | ---- | M] (AVAST Software) -- C:\Users\Timo\Desktop\aswmbr.exe
[2014/09/29 21:48:01 | 000,034,808 | ---- | M] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/09/29 21:46:57 | 004,893,784 | ---- | M] () -- C:\Users\Timo\Desktop\RogueKiller.exe
[2014/09/28 13:38:39 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/27 23:03:09 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTimo.job
[2014/09/27 22:28:51 | 000,854,417 | ---- | M] () -- C:\Users\Timo\Desktop\SecurityCheck.exe
[2014/09/27 15:27:38 | 000,001,668 | ---- | M] () -- C:\Windows\UOVSetup.DAT
[2014/09/24 18:23:10 | 000,002,501 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2014/09/24 18:22:29 | 002,407,874 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\Cat.DB
[2014/09/24 18:21:53 | 000,045,410 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\VT20140916.019
[2014/09/24 14:42:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\PrivaZer.lnk
[2014/09/23 17:50:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Timo\Desktop\OTL.exe
[2014/09/23 16:43:01 | 004,181,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Timo\Desktop\tdsskiller.exe
[2014/09/21 13:32:13 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1506000.020\isolate.ini
[2014/09/16 21:27:51 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTIMO-HP$.job
[2014/09/11 23:27:47 | 001,331,306 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/03 15:41:56 | 000,000,223 | ---- | M] () -- C:\Users\Timo\Desktop\The Treasures of Montezuma 4.url
 
========== Files Created - No Company Name ==========
 
[2014/09/30 17:06:21 | 155,494,184 | ---- | C] () -- C:\Users\Timo\Desktop\6z6fvhyo.exe
[2014/09/29 23:53:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/09/29 23:53:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/09/29 23:53:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/09/29 23:53:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/09/29 23:53:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/09/29 22:03:23 | 001,373,475 | ---- | C] () -- C:\Users\Timo\Desktop\adwcleaner_3.310.exe
[2014/09/29 22:01:33 | 000,000,512 | -H-- | C] () -- C:\Users\Timo\Desktop\MBR.dat
[2014/09/29 21:48:01 | 000,034,808 | ---- | C] () -- C:\Windows\SysNative\drivers\TrueSight.sys
[2014/09/29 21:46:45 | 004,893,784 | ---- | C] () -- C:\Users\Timo\Desktop\RogueKiller.exe
[2014/09/27 22:28:49 | 000,854,417 | ---- | C] () -- C:\Users\Timo\Desktop\SecurityCheck.exe
[2014/09/27 15:27:38 | 000,001,668 | ---- | C] () -- C:\Windows\UOVSetup.DAT
[2014/09/03 15:41:56 | 000,000,223 | ---- | C] () -- C:\Users\Timo\Desktop\The Treasures of Montezuma 4.url
[2014/01/03 01:04:00 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/04/15 13:27:54 | 000,000,600 | ---- | C] () -- C:\Users\Timo\PUTTY.RND
[2011/11/10 13:15:12 | 000,802,252 | ---- | C] () -- C:\Users\Timo\.DLMSave_back.xml
[2011/11/10 13:15:12 | 000,802,252 | ---- | C] () -- C:\Users\Timo\.DLMSave.xml
[2011/11/10 13:12:56 | 000,001,238 | ---- | C] () -- C:\Users\Timo\.Setting.ini
[2011/11/01 13:53:17 | 000,007,596 | ---- | C] () -- C:\Users\Timo\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 07:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/25 05:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 04:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 04:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 04:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/04/04 09:35:56 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\AdultAdvantage
[2014/08/14 21:37:50 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\AlawarEntertainment
[2012/05/15 00:07:40 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Apowersoft
[2014/06/24 21:20:17 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\AudioDope
[2011/11/07 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\BANDISOFT
[2014/01/04 17:08:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Battle.net
[2014/02/20 21:26:33 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Duplicate & Same Files Searcher
[2014/08/07 21:34:31 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\eCyber
[2011/12/24 16:53:09 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\EPSON
[2011/11/06 23:49:05 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\IDT
[2014/03/11 16:22:42 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\KoshyJohn.com
[2013/06/15 19:23:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Leawo
[2013/02/08 01:26:14 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\LibreOffice
[2012/07/18 17:33:43 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\MahJong Suite
[2013/12/13 19:35:24 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Mp3 Music Editor
[2012/03/02 17:21:05 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\mresreg
[2011/12/05 23:58:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\NeoDownloader
[2012/02/25 23:23:54 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Octoshape
[2014/01/21 18:26:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Oracle
[2012/11/02 13:40:07 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Origin
[2011/10/26 23:11:00 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PictureMover
[2013/11/14 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\PotPlayerMini
[2012/09/28 18:52:08 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\ProcessLasso
[2014/06/09 15:42:45 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\RadioMaximus
[2013/07/02 00:11:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\RaimaRadioPro
[2012/03/17 12:57:30 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\runic games
[2014/09/28 22:51:52 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\SoftGrid Client
[2013/01/03 10:18:48 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sound Editor Deluxe
[2014/09/23 12:50:20 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Spider Player
[2012/11/03 18:58:37 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Sports Interactive
[2014/09/19 13:25:39 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Spotify
[2011/10/26 23:09:58 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Synaptics
[2013/06/15 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\tiger-k
[2011/11/01 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\TP
[2011/11/22 00:22:51 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\URSoft
[2011/10/27 23:21:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\WildTangent
[2012/04/25 16:33:21 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Windows Live Writer
[2012/04/09 17:28:55 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Wondershare
[2013/05/12 18:22:18 | 000,000,000 | ---D | M] -- C:\Users\Timo\AppData\Roaming\Zoner
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:F8B88761
@Alternate Data Stream - 162 bytes -> C:\ProgramData\Temp:1CE11B51

< End of report >
 

OTL Extras logfile created on: 9/30/2014 9:37:15 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Timo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: Suomi | Language: FIN | Date Format: d.M.yyyy
 
5.95 Gb Total Physical Memory | 4.46 Gb Available Physical Memory | 74.99% Memory free
11.90 Gb Paging File | 9.81 Gb Available in Paging File | 82.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 679.13 Gb Total Space | 375.71 Gb Free Space | 55.32% Space Free | Partition Type: NTFS
Drive D: | 19.21 Gb Total Space | 2.36 Gb Free Space | 12.30% Space Free | Partition Type: NTFS
 
Computer Name: TIMO-HP | User Name: Timo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B5BE2C-CC0F-43E8-B87A-ADE95A4E2C81}" = rport=138 | protocol=17 | dir=out | app=system |
"{31891CFA-3AA7-4C67-9540-4B3B9B578919}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4154D354-873E-477D-B10F-2438FF605453}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B1B5C33-7B43-49B6-8F0B-34E5FFDE005F}" = lport=12972 | protocol=6 | dir=in | name=audials localhttpserver 12972 |
"{566A611F-85A5-4AFE-BEF4-9DF7D16EFCBB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{930F9C65-FDE5-4474-9B4C-93EEC1D4DBFD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A07290CE-D2CC-4A04-BCB0-1C4C2629A884}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A90BC9FA-2D5D-45ED-A413-A3C26DECBE19}" = lport=137 | protocol=17 | dir=in | app=system |
"{B8999AA1-B925-4EC9-9E2C-8CA96D49E497}" = rport=137 | protocol=17 | dir=out | app=system |
"{DF20E0BB-4024-4598-8BAB-D265320E9F5C}" = lport=445 | protocol=6 | dir=in | app=system |
"{E17F6773-F8CC-4195-97FC-8B28CDBA08E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E2F7DB85-9E3E-4EF5-94E6-6085EA28D0F0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E6AFB6CD-4660-4723-A95A-89F09AEB315F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8ACD4DF-EE32-4C3D-997A-F071E5E5EC9D}" = lport=31931 | protocol=6 | dir=in | name=audials localhttpserver 31931 |
"{EBEB466B-2201-4404-958C-EE135C246313}" = lport=139 | protocol=6 | dir=in | app=system |
"{F31E6E25-3AA4-4684-92C3-05441392AC16}" = rport=139 | protocol=6 | dir=out | app=system |
"{FF49D0A6-F696-43F4-91C1-A32CAE3B2F10}" = lport=14714 | protocol=6 | dir=in | name=audials localhttpserver 14714 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0018583F-81E3-4165-B1C7-955AB0C59DA3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{009D0A49-7C81-42A5-8946-1D271137683E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{07686F98-AEB9-4774-AF9D-A1E22EA4FF7A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{0BD759DE-0D3E-464E-80F0-F2A4B8AD0B18}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{0C6A2B52-2288-42BA-8177-8FC822F629A1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{0E01E87E-C2DA-4B2D-9C12-D640E7123778}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{0EA31404-182E-4B01-B9E2-FEC76D662E39}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{12158EED-85C7-4A74-AA68-AFA490C40564}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\montezuma 4\thetreasuresofmontezuma4.exe |
"{13CC5A5F-F514-4D3A-BB01-5E9F898AC899}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{15C3DF6F-31B7-440C-93BA-1C10BFC3792A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{18132779-6124-4450-97D3-7FC692C0402B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{186EDE8E-9BA6-4406-888C-59D4436BAB74}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3109\agent.exe |
"{18A76F8C-4B42-4FD7-BF68-7B68130C8B24}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{18BFB2DB-CF9E-43F3-97C3-E196CFCCB614}" = protocol=1 | dir=out | [email protected],-28544 |
"{1AEB623B-9318-4C63-B610-F82D610C293E}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{1C4D9502-5852-41E5-BF6D-A5BFBC51848B}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{1D5C7B83-E2AC-4D38-81A8-A4906A36C2AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{1EABE26B-BA22-4B70-A3E5-03DA061D4BF3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{1F56107C-57FB-4E09-A68B-C0B6FBAA7BB3}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2010\fm.exe |
"{22204260-E54A-4974-A256-E2180186C99C}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{2241E3A7-4345-443A-B6F5-BC338213ED53}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2013 demo\fm.exe |
"{260D8DF2-349F-4EF7-B119-7CEB2BE958B1}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{262E7FB0-F967-4225-A428-0D9F5EE537F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{264A7001-4B25-4D86-ACDF-7841B9D51070}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{283E1553-895A-423B-B694-E46AE1E68FBF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{28B98599-2D1C-45D9-84E4-B528414BE54E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{293AC71E-3C7C-423C-84E5-00105998EDBB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{29782A1E-8E29-4C6A-ACA1-0C5A891D9F8F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{2A8DD514-64B7-48F7-8D01-ACB289E4DA75}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{2A9369E8-2A4A-4774-B41E-8EACA163566B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{2B668247-3E04-4C62-8668-F77D404ECD00}" = protocol=58 | dir=out | [email protected],-28546 |
"{32A83405-71CD-45C3-B701-418C11887A77}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{34E18136-70EC-4436-B50F-2000E22DC38B}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{359C5D19-1119-4475-BBF0-47AC384F4DFE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.515\agent.exe |
"{35AD50F3-BCB4-4DF1-BEC3-6ED025433A2E}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{37213746-838B-4EF0-AC0F-896F045CE709}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{37BB19FF-3C5D-43F4-BFBE-8E8DF597AF57}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{38E7C1B6-556E-44BC-B58D-2A990907C0EA}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{39B1A930-E71F-4D3A-8024-71DB3014D63D}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\apowersoftdump.dll |
"{3C405AB2-2EDA-43F6-91DE-B52E85D3B6CB}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{3E86052C-399B-4FC8-AB19-A2DF806770FF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{3F4333F6-31F7-445E-AF20-9974DD533241}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{402030B8-619E-4677-852D-E4FDDAE144CB}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{416B25EA-22B9-417F-9CB6-A026CF7E9895}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{449C16FF-FC45-4DA9-B1C5-569CC6ECAB53}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{460153C0-4F9D-4470-8084-C65BEB4FA78E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{47C73B49-678C-40D8-BB73-86223FDF51EA}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{485BEE4E-23F3-4092-A831-708B1F97248D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{4922DE82-602E-4189-BB10-EB76B5C3E472}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4A7B9900-92D9-4410-BEB0-22F4A4452D75}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{4C2D5ADD-366C-491E-BF4E-88EDCBDCDF73}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4D068A22-1828-4850-921C-EDA44417F670}" = protocol=1 | dir=in | [email protected],-28543 |
"{4D14D613-DD84-44FB-9CA6-6E1EB1C3CA4E}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{4E67AB5E-A922-4952-98F9-72B3A00ECA7B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe |
"{4F5E6A7D-6C52-4049-BC0A-37F5319280F7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5178C8A6-D9FB-4DBF-9259-76750014507D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{5397D31E-F7F6-4A60-BE5F-B53F8901B7CC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{53BA0852-284E-44E6-BA75-6480F00724C5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{54F05C9E-B1E5-423E-9520-D5B2B0C6D07B}" = dir=in | app=c:\users\timo\appdata\local\microsoft\skydrive\skydrive.exe |
"{5AC1942F-DA54-425E-9C5D-448B5530FD86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3346\agent.exe |
"{5B7F44B5-3594-406E-BC60-623DD55F5F39}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{5C32CB12-F202-43DA-8C9F-36A282FA2D0C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{61E2FA6E-686E-4F99-A7E1-2FC266016208}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{63AFE769-459F-4DF5-80CB-CB7388122211}" = protocol=58 | dir=in | [email protected],-28545 |
"{64C49999-DFEF-42F2-9DAB-0C80A9E238D6}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\bin\steamwebhelper.exe |
"{65BADF31-8B3B-4838-BEAA-18C22DE9BD2F}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\torchlight2.exe |
"{67886EC2-4F07-4FA3-90C5-6868BEF35144}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{688BE3F6-A687-4ECD-A658-6A1710713C65}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{6972A3C8-AADD-4A1E-ABDC-B979FDD923E8}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{71D11C75-24F0-4280-813E-603D2D2D5B64}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{71D8B5AB-F879-445F-B5D1-EF7864CC5164}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{722C8F39-7F3A-4682-B59B-081757F363A7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{7304B7CD-F1AA-4920-8FEC-BE1B50D84A0E}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\max payne\maxpayne.exe |
"{737D1EDC-DB9D-4BE7-BB94-A939997EC660}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{7484AC64-8F03-45B6-AFFD-44F4E6AF285C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2880\agent.exe |
"{7537B31C-0647-42E4-BF9F-BB940FF0844B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3182\agent.exe |
"{7687AB1C-B971-42AE-A78C-DCF8391D4795}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{7760EC25-BBCC-4293-B93D-B2BFF3705CDC}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight\torchlight.exe |
"{7C1F8337-F148-4EBC-8F08-2C3B059A111D}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\episodedownloader.exe |
"{7C5D9E01-04C4-4EB0-8515-11968BD7443D}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{7C63037A-9A1D-4B37-AEE5-EDCE85B0C9B4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{7CA93790-CFBC-44B3-990E-FAA26DF97703}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{7E6E2FFB-C0A7-4A6F-B28D-37C6137E0869}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{8003DC62-E6C9-4830-AF46-93B6DB330201}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{820B519E-B532-4DAA-B104-69E7A9D23728}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{82C1939B-782E-4285-8A1F-581677808FDF}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{8458476C-C78E-4397-A5E4-BAA4426C2CB8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe |
"{84E3517A-A1A5-4C37-856C-C1CD056C767C}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{85F2A52A-37D9-44AA-B7DE-005CD1B8A110}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{87A8D136-38C7-49CB-AEB0-A71C03C0C40B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{88ECEB8F-0450-471D-8638-707E8425FDF6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{8A60C7E5-EE35-479F-AAFA-9FA3904B9950}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{8FC8E403-C56D-40FA-8919-5A186C0894B4}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight\torchlight.exe |
"{8FF3B15C-11B1-4AE8-BDE4-A4A85E151121}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{90F9D0D3-ACBE-4923-9B2E-A92B9AFB3A24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{97497EB6-DAF2-4F57-B8B5-4E43005273B9}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{9A30D442-1691-43D2-A2BA-0CC661F29246}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{9A379518-DB78-4414-9714-AC4F2416B9F1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{9A5EF8A1-5A95-4D51-98EE-16A0DA55A3E2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{9BB1AD5F-ED49-4391-A2EF-3CC21065DA41}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{9D324583-C2D1-44B9-A35E-8118313CF959}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\bin\steamwebhelper.exe |
"{9E92D7A3-F6E8-4564-AD23-AC771AFADDFA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{9E9C1120-2AAD-4947-931E-626CC2386703}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{9F3C7A97-4352-4FEB-AD3D-4FE479C19696}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{9FAEC9C8-51D8-442B-A5B2-92D62CB405CA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{A04EB468-77A0-435A-BF28-F76916CA6BD9}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{A3A912AC-2894-4B00-9E9C-9B33491545FB}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{A47AC44B-C2DD-407C-B961-A6B95ED72CEF}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\space rangers 2 reboot\rangers.exe |
"{A5C0D093-8442-47A3-817A-3D3A45D60DE8}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AA154E12-3558-4B1B-B949-2C106F82E645}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\dota 2 beta\dota.exe |
"{AA8BDBF9-E078-4FE1-8FE6-4A74E4F7825B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{AAE16480-81E9-4406-8BE1-C21501B6802A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe |
"{AAEDCEB8-EECE-4F04-A5D5-BBFE5DFB72C0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe |
"{AD0D3A83-625E-4B4C-9B98-0F04EA7CA457}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\episode-downloader.exe |
"{AE4DF5DE-CA38-4ACB-AF38-B943B4CB16E2}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\montezuma 4\thetreasuresofmontezuma4.exe |
"{AEE122F5-780C-4770-878F-0CD1C5523EF8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{B10C8D63-5101-484D-91F4-DEAD59BAF075}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{B14A12F9-7E0D-4FFA-8F18-EBDDF6007298}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B1E13993-0248-4AB3-8F74-025B2434DE93}" = dir=in | app=c:\program files (x86)\rapidsolution\audials 9\audials.exe |
"{B2A2D06B-9B6E-4C73-B402-EEB42799EA8A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{B3CA92B4-5D4E-433E-A1CC-1B22DB077F51}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{B5D296C4-6F2B-4F0F-BB0C-7FCF969A2780}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{B86648EF-5167-4347-84A9-DBBE5D963BF3}" = dir=in | app=c:\program files (x86)\apowersoft\episode downloader\apowersoftsrv.dll |
"{BAA07FF6-02B5-4F80-BD45-B0EC48B5BEA0}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\max payne\maxpayne.exe |
"{BB33AB41-34C1-4E24-8A73-4932A5920574}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{BC8B3D26-7501-40F1-9F95-126C5D9B794A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{BE23C79E-7D3A-4373-A239-70316359A240}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{BFFE4FBA-4665-4EE0-B628-65402353992C}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{C20261DD-3B86-4B1E-BCCF-AC234280EAD6}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2010\fm.exe |
"{C3833A69-53AF-440F-96EB-6B27CA99F75B}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{C3D2D812-A098-447C-8251-20EA31A14426}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3147\agent.exe |
"{C538B553-2D84-4C44-9693-F543E3DD9833}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{C60FCF68-9309-4485-AD83-2EE4B286AEF5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{C87C1B23-B444-495A-AE69-43AFAC56007B}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{C97FD3CF-3E21-411C-914D-466D4EEE7409}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{C9D0C3FE-4C31-43C7-9605-446FC61FBD27}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{CA457C09-F4A8-4F9D-9819-9A9D0394E840}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3235\agent.exe |
"{CA4A34AE-5F09-44AD-8503-F95D486CD4F9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{CD1EE135-BD4A-4449-BD7A-C218EF8E0A43}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2816\agent.exe |
"{D391CF94-0937-49DB-B9FB-42D9CB6316D0}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe |
"{D5D9F24A-3D96-4013-A10E-F3F2B0D35175}" = protocol=17 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{D8B32D99-CDEB-4023-9E4C-60B1178E2296}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{DD154878-103B-45F4-AC06-FD4D1D714A7E}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{DEF8B340-E24E-4483-9238-2DE2739EE52C}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\football manager 2014\fm.exe |
"{E10761C5-2396-4108-8FD3-115ED573F87C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3023\agent.exe |
"{E765FCF9-5114-4282-8E06-BEC61513CD2A}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe |
"{E7883D3D-1FA1-4210-ADC5-EF58FB235AAE}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\torchlight ii\modlauncher.exe |
"{EB4A5F1F-1CA2-4D55-BA48-E6AEF70A45B8}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{ECD345AE-E87E-44ED-8EF6-7A6785D3B527}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\railroad tycoon 2 platinum\rt2_plat.exe |
"{ED73481F-5DCC-432F-B77B-52CF78C2D254}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe |
"{EF7EF8A0-CAA4-47E8-A2C3-E11F73633096}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3323\agent.exe |
"{F1910E2C-AB5C-4943-9027-89422AF80799}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe |
"{F5565D9E-846F-41D2-867B-C0DF2F5DFD0F}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steam.exe |
"{F613FA64-BCDA-40B7-9FB2-ED0B6EB24691}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{F67B776A-FE52-41B4-B371-FCD3300ADCDC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3286\agent.exe |
"{FB5B28F5-B4BE-4154-A046-D0D762E244B3}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{FB5F9E07-FE8F-4282-B9E2-9B13CABCC89E}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\terraria\terraria.exe |
"{FC628E20-4F8C-4657-8CC7-ED3C9D4E3FA3}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\space rangers 2 reboot\rangers.exe |
"{FCC9B764-E199-4260-BDED-6DF99EF17ADF}" = protocol=6 | dir=in | app=c:\users\timo\documents\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FD12DD96-F914-438C-991A-35217775570F}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.3372\agent.exe |
"{FE25396B-765E-45F9-8800-03AFE1984D80}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.3334\agent.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1C3266D4-0DA1-415B-951B-7B5B050B16F1}" = Validity WBF DDK
"{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb" = GOG.com Heroes of Might and Magic 3
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418011FF}" = Java 8 Update 11 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2DF79A08-9BFB-3120-B62D-F7E489A984EE}" = Microsoft .NET Framework 4.5.1 (FIN)
"{2E794F67-DAC1-C4A3-9128-0C841DF8A1BE}" = ATI Catalyst Install Manager
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6B1CE2EC-0C3A-4AE1-A8EF-B517016A2342}" = HP 3D DriveGuard
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-040B-1000-0000000FF1CE}" = Microsoft Officen pika-asennus 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035" = Microsoft .NET Framework 4.5.1 (suomi)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7EEF79E-06B2-4382-9D2E-39DBA0F72D50}" = Eraser 6.0.8.2273
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F12CAF9A-1803-610D-C686-220E35980C99}" = ccc-utility64
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"DiskMax" = DiskMax 4.71
"EPSON SX235 Series" = EPSON SX235 Series Printer Uninstall
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ZonerPhotoStudio14_EN_is1" = Zoner Photo Studio 14
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048C8498-C20B-4AF7-9978-7A79E567D74C}" = Photo Common
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0A143C9B-DCE4-5089-E3DE-12BBCA178C12}" = CCC Help Russian
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0B783100-6F04-4E2F-B83D-0A9B4EEDE47A}" = Windows Live Writer Resources
"{0F7BFF8F-274A-05FE-2D37-A0C644424871}" = CCC Help Greek
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{15775C9B-CD12-BDAF-F5FA-E06A7CB4F25D}" = CCC Help Korean
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18562567-BC92-9861-00B8-90B8F5545EA8}" = LangoMax Adult Advantage
"{1A79A578-4277-48AF-98A6-F9E48CF1B6D8}" = Windows Live Writer
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1D6F9A9A-DCF3-45A7-9B14-46DDA778313F}" = Windows Liven sähköposti
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{1FE417E2-6B8F-44CA-A7DF-A4BD072E8ED8}_is1" =  Leawo DVD Ripper version  5.1.0.0
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 3.1
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2CAF2C07-3219-8143-0E1C-EB1E20223171}" = CCC Help Japanese
"{2CF48C8D-38F6-09E3-C24D-69999191726F}" = CCC Help Portuguese
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3436866E-2C3A-AC6F-C6CF-1ABFF5FB69A3}" = CCC Help Thai
"{381AAE35-6FB5-437E-8DD9-9C5C733943ED}" = Windows Live Family Safety
"{3BC81D4E-0E14-472D-2DA4-CB51D9A21BAE}" = Catalyst Control Center InstallProxy
"{3CBC0CD2-18F0-523D-DA6A-B224C3C4B2CF}" = CCC Help French
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}" = Paragon Backup and Recovery™ 11 Compact Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4C2BF3B9-7E8A-49DE-B662-3656FE60BB01}" = Civ3 Conquests v1.22 Full
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5175254C-4F5C-61DF-9647-306994652857}" = CCC Help Chinese Traditional
"{52FB1497-BBDD-F46F-2ADE-407148D63C65}" = CCC Help Dutch
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{57CDA1B9-ED35-4382-AA87-C55A87676E65}_is1" = Fortop FLV Player 1.1
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5B9C9486-4287-4621-8F9D-EC3EE622A82F}" = LibreOffice 4.0.5.2
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{610A0147-10AB-D148-B6E1-503E40A444B9}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62CC9AF4-EDD9-43C8-9856-FFD60362CFA9}" = Windows Live Messenger
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66F0F1EB-A7B1-4592-BE90-404CD9E49053}" = HP Documentation
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{77C4850C-3592-4A2F-B652-ACB77A1EF77C}" = Bing Bar Platform
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F9EA30A-2DD4-81B6-8A08-719EB8683C40}" = CCC Help Finnish
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83F8B662-32C3-D1B6-8048-35ED4B94DC87}" = CCC Help Danish
"{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140011-0066-040B-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - suomi
"{90A4562F-D4A1-4B65-906D-41F236CF6902}" = Path of Exile
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{931CFA8E-3CE1-4A96-97D7-32B21A7A8DAA}_is1" = Command & Conquer Gold Edition Stand Alone v1.06c revision 3
"{94D44424-3A83-C25E-CB75-0703750714C2}" = Catalyst Control Center Localization All
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954680D5-B7C6-E5BA-9B62-09A5AB1F8022}" = CCC Help Hungarian
"{95CEC285-7B63-3D66-0B3F-EF0D9116375C}" = CCC Help Spanish
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC8FD91-0E7A-4FC4-82C7-160F0BB3A91A}" = HP Software Framework
"{A02D7029-C4EF-44C1-9FD4-C0D3CA518113}" = Epson Easy Photo Print 2
"{A1CD76EB-30CA-45EE-9946-5FC20BA62012}" = Age of Wulin
"{AB2E32E3-B0C3-592C-8093-308249A70C82}" = PX Profile Update
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
"{B1AEF127-E01A-40D8-3CDC-F4C76BF2A42B}" = CCC Help Polish
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B584C0FA-5037-C2DB-8399-A3153101B066}" = Catalyst Control Center Graphics Previews Common
"{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
"{B8812AF2-8483-4538-88AB-F1A4A145B209}" = Audials
"{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack
"{BAD4B8FA-4BDA-4A59-BE64-9741031680C7}" = Movie Maker
"{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}" = WestwoodOnline
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C125CF1B-32B7-A63B-4DBE-72555A1D4730}" = CCC Help Italian
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2E21D9B-8AD7-588F-9BE9-70054C864D20}" = CCC Help Norwegian
"{C32F4F5A-C9FB-427C-9F6F-9DB157611FFF}" = Valokuvavalikoima
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{C9BFF8C0-2698-4E07-A808-5971E573D257}_is1" = Quintessence - The Blighted Venom [Chapter 1 - 11]
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D6399FF6-7BDF-F604-E493-76B47CF59C15}" = CCC Help Swedish
"{D79531DC-85D7-997F-4083-CE65505F1B7E}" = Catalyst Control Center Profiles Mobile
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E7117563-58FF-5A50-664D-619DA8B5E3BF}" = CCC Help Chinese Standard
"{E76CDDCE-EFC0-4FE5-9972-9489CE49AA55}_is1" = NeoDownloader 2.9.5
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED3D587B-9B2E-9F1F-723E-CE137F82CA85}" = ccc-core-static
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F1DD6CD2-6734-4089-9EF5-441F51E083B6}" = HP SimplePass 2011
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F31BC49F-AB7B-4A53-A399-EB7331B585BC}" = Civilization III: Conquests
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FB3F7ACE-1633-5A41-250A-FA00E95EE402}" = CCC Help Czech
"{FC18709C-C93F-6BF7-904A-43B0125725ED}" = CCC Help English
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AdultAdvantage" = LangoMax Adult Advantage
"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.5.5.0)
"allslots" = All Slots Casino
"AnVir Task Manager Pro" = AnVir Task Manager Pro
"Areena 5 v1.21" = Areena 5 v1.21
"Around the World in 80 Days_is1" = Around the World in 80 Days
"Audiodope_is1" = Audiodope 0.26
"Baldur's Gate II_is1" = Baldur's Gate II
"Baldur's Gate_is1" = Baldur's Gate
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battle.net" = Battle.net
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CleanMem" = CleanMem
"D-Fend Reloaded" = D-Fend Reloaded 1.3.2 (deinstall)
"Diablo II" = Diablo II
"Divine Divinity_is1" = Divine Divinity
"eMusic Download Manager 5.0.3" = eMusic Download Manager
"eMusic Download Manager 6" = eMusic Download Manager 6
"EPSON Scanner" = EPSON Scan
"EPSON SX235 Series Netg" = Verkko-opas EPSON SX235 Series
"EPSON SX235 Series Useg" = Käyttöopas EPSON SX235 Series
"Everlong" = Everlong
"FeyRecorder" = FeyRecorder
"ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
"FileHippo.com" = FileHippo.com Update Checker
"GOGPACKAVERNUM_is1" = Avernum Series
"GOGPACKHARVESTER_is1" = Harvester
"GOGPACKHOMM3COMPLETE_is1" = Heroes of Might and Magic 3 Complete
"GOGPACKPANZERGENERAL2_is1" = Panzer General 2
"Hearthstone" = Hearthstone
"Hide Your IP Address_is1" = Hide Your IP Address
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Jagged Alliance 2_is1" = Jagged Alliance 2
"LastFM_is1" = Last.fm Scrobbler 2.1.30
"MahJong Suite_is1" = MahJong Suite 2012 v9.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versio 2.0.2.1012
"MEDIA Revolution_is1" = MEDIA Revolution
"midicair Toolbar" = midicair Toolbar
"Mobile Broadband" = Mobile Broadband
"Mozilla Firefox 32.0.3 (x86 en-US)" = Mozilla Firefox 32.0.3 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"My HP Game Console" = HP Game Console
"NIS" = Norton Internet Security
"Office14.Click2Run" = Microsoft Officen pika-asennus 2010
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter 1.0.0.5
"Origin" = Origin
"Outcast_is1" = Outcast
"PotPlayer" = Daum PotPlayer 1.5.39036
"PrivaZer" = PrivaZer
"ProcessLasso" = Process Lasso
"RadioMaximus_is1" = RadioMaximus 1.85
"RarmaRadio_is1" = RarmaRadio 2.69
"RealPlayer 6.0" = RealPlayer
"Royal Envoy_is1" = Royal Envoy
"Sid Meier's Railroad Tycoon" = Sid Meier's Railroad Tycoon
"Sound Editor Deluxe_is1" = Sound Editor Deluxe v6.0.1
"SpeedFan" = SpeedFan (remove only)
"Spider Player_is1" = Spider Player 2.5.3
"Steam App 105600" = Terraria
"Steam App 12140" = Max Payne
"Steam App 200710" = Torchlight II
"Steam App 216530" = Football Manager 2013 Demo
"Steam App 220" = Half-Life 2
"Steam App 231670" = Football Manager 2014
"Steam App 301150" = The Treasures of Montezuma 4
"Steam App 34000" = Football Manager 2010
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 41500" = Torchlight
"Steam App 440" = Team Fortress 2
"Steam App 46330" = Space Rangers 2: Reboot
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7620" = Railroad Tycoon 2: Platinum
"SysResources Manager11.1" = SysResources Manager
"Theme Hospital_is1" = Theme Hospital
"Veetle TV" = Veetle TV
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"YU2010_is1" = Your Uninstaller! 7
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZumoDrive" = HP CloudDrive
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape Streaming Services" = Octoshape Streaming Services
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"TwistedBrush Pro Studio" = TwistedBrush Pro Studio
"webmdshow" = WebM Project Directshow Filters
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/15/2013 5:34:11 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/15/2013 4:42:53 PM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/16/2013 3:43:33 PM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/16/2013 5:48:19 PM | Computer Name = Timo-HP | Source = Application Error | ID = 1000
Description = Viallisen sovelluksen nimi: Client.exe, versio: 0.0.0.0, aikaleima:
 0x511b0fcf  Viallisen moduulin nimi: Client.exe, versio: 0.0.0.0, aikaleima: 0x511b0fcf
Poikkeuskoodi:
 0xc0000094  Virhepoikkeama: 0x0001bac6  Viallisen prosessin tunnus: 0x8a0  Viallisen
sovelluksen käynnistysaika: 0x01ce0c7c2608ac51  Viallisen sovelluksen polku: C:\Program
 Files (x86)\Grinding Gear Games\Path of Exile\Client.exe  Viallisen moduulin polku:
 C:\Program Files (x86)\Grinding Gear Games\Path of Exile\Client.exe  Raportin tunnus:
 92ee1890-7882-11e2-9275-001e101f7f74
 
Error - 2/18/2013 11:27:16 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/18/2013 12:16:39 PM | Computer Name = Timo-HP | Source = SideBySide | ID = 16842832
Description = Aktivointikontekstin luonti kohteelle C:\Users\Timo\Downloads\SoftonicDownloader_for_spider-player.exe
 epäonnistui. Virhe luettelo- tai käytäntötiedoston  rivillä .  Sovelluksen edellyttämä
 osaversio on ristiriidassa jo aktiivisena olevan osaversion kanssa.  Ristiriitaiset
 osat:  Osa 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Osa
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 2/19/2013 11:25:09 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/19/2013 3:56:55 PM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
Error - 2/20/2013 5:03:25 AM | Computer Name = Timo-HP | Source = CVHSVC | ID = 100
Description = Vain tietoja.  (Patch task for {90140011-0066-040B-0000-0000000FF1CE}):
 DownloadLatest Failed:
 
Error - 2/20/2013 11:08:16 AM | Computer Name = Timo-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
 
[ Hewlett-Packard Events ]
Error - 7/20/2012 1:01:57 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/20/2012 4:00:54 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/20/2012 8:08:22 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 8/20/2012 3:22:59 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 10/20/2012 9:41:32 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 11/20/2012 11:50:25 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/20/2013 10:58:56 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/20/2013 12:36:34 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 2/20/2013 4:46:52 PM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
Error - 3/20/2013 6:39:13 AM | Computer Name = Timo-HP | Source = HPSF.exe | ID = 4000
Description =
 
[ HP Software Framework Events ]
Error - 2/4/2013 3:40:15 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.04 21:40:15.431|0000164C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/4/2013 3:42:06 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.04 21:42:06.441|0000168C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/4/2013 3:42:07 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.04 21:42:07.835|0000080C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/25/2013 3:36:06 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.25 21:36:06.171|000018B8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/25/2013 3:37:37 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.25 21:37:37.089|00001160|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/25/2013 3:37:38 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.02.25 21:37:38.433|00001D38|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/11/2013 3:38:27 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.11 21:38:27.298|00001764|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/11/2013 3:40:16 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.11 21:40:16.794|00001698|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/11/2013 3:40:18 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.11 21:40:18.257|00001950|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 3/25/2013 5:42:50 PM | Computer Name = Timo-HP | Source = CaslWmi | ID = 5
Description = 2013.03.25 23:42:50.106|00000478|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ HP Wireless Assistant Events ]
Error - 11/17/2011 3:26:26 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/17/2011 3:26:26 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/18/2011 11:18:39 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/18/2011 11:18:39 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/19/2011 9:59:27 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/19/2011 9:59:28 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/20/2011 10:20:40 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/20/2011 10:20:40 AM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
Error - 11/21/2011 2:06:55 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
 failed to create hardware layer Virhe sovelluksessa.    kohteessa HardwareAccess.Hardware..ctor(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HardwareAccess.Hardware.Create(Dispatcher
 dispatcher, ServicePort port, Int32 timeout)     kohteessa HPWA_Main.App.ApplicationStartup(Object
 sender, StartupEventArgs args)
 
Error - 11/21/2011 2:06:56 PM | Computer Name = Timo-HP | Source = HP WA Application | ID = 0
Description = MainWindow.ShowImpl; not initialized, closing application...
 
[ System Events ]
Error - 9/29/2014 5:12:20 PM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7000
Description = Palvelua Mobile Broadband. OUC ei voi käynnistää. Virhekoodi on   %%1053
 
Error - 9/29/2014 5:14:44 PM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7000
Description = Palvelua HP Support Assistant Service ei voi käynnistää. Virhekoodi
 on   %%31
 
Error - 9/29/2014 5:24:58 PM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 millisekuntia) odotettaessa Mobile Broadband.
OUC-palvelun yhteyden muodostusta.
 
Error - 9/29/2014 5:24:58 PM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7000
Description = Palvelua Mobile Broadband. OUC ei voi käynnistää. Virhekoodi on   %%1053
 
Error - 9/29/2014 5:25:47 PM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 millisekuntia) odotettaessa Client Virtualization
 Handler-palvelun yhteyden muodostusta.
 
Error - 9/29/2014 5:25:47 PM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7000
Description = Palvelua Client Virtualization Handler ei voi käynnistää. Virhekoodi
 on   %%1053
 
Error - 9/30/2014 3:55:33 AM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7009
Description = Aikakatkaisu (30000 millisekuntia) odotettaessa Mobile Broadband.
OUC-palvelun yhteyden muodostusta.
 
Error - 9/30/2014 3:55:33 AM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7000
Description = Palvelua Mobile Broadband. OUC ei voi käynnistää. Virhekoodi on   %%1053
 
Error - 9/30/2014 3:56:16 AM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7034
Description = Palvelu Adobe Acrobat Update Service lopetti yllättäen toimintansa.
 Se on tehnyt näin jo 1 kertaa.
 
Error - 9/30/2014 3:56:20 AM | Computer Name = Timo-HP | Source = Service Control Manager | ID = 7034
Description = Palvelu ArcSoft Connect Daemon lopetti yllättäen toimintansa. Se on
 tehnyt näin jo 1 kertaa.
 
 
< End of report >
 


  • 0

#11
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Alright, pending no further issues, I am going to send you on your way :)

 

If you have questions or issues, please let me know. Otherwise, run the following program and it will clean up all of the tools we used. :thumbsup:

 

51a5ce45263de-delfix.png Clean with DelFix
 
Please download DelFix by Xplode and save it to your desktop.
 
  • Right-click on 51a5ce45263de-delfix.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Ensure that Remove disinfection tools, Purge system restore and Reset system settings are checked.
  • Push Run.
  • When finished, it will display a notepad report.

    • 0

    #12
    taloi8

    taloi8

      New Member

    • Topic Starter
    • Member
    • Pip
    • 6 posts

    Thanks for your help.


    • 0

    #13
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts

    You are quite welcome. :thumbsup:  It was a pleasure. :)


    • 0

    #14
    Biscuithd

    Biscuithd

      Trusted Helper

    • Malware Removal
    • 2,573 posts
    Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

    If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

    Everyone else please begin a New Topic.
    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP