Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

An intrussion attempt was blocked (OS Attack GNU Bash CVE-2014-6271) [

intrussion attack

  • This topic is locked This topic is locked

#1
moyu22

moyu22

    New Member

  • Member
  • Pip
  • 3 posts

Hello,

My Norton Antivirus (Internet Security) notified me of a blocked attempted intrussion earlier today, and four minutes later a second notification popped up with a similar yet different intrussion. I had been away from home so upon reviewing the Norton Security History, I realized there had been a total of five intrussions during the day.

UPDATE: The first five attacks where close to each other (within 2 hours), but more attacks seem to be occurring not as close together as before, info has been added for those as well.

All intrussions show

IPS Alert Name: OS Attack GNU Bash CVE-2014-6271

Attacker URL: 127.0.0.1/cgi-bin/authLogin.cgi

Destination Address: PC (192.168.1.81, 8080)

Attacking Computer/Source Address:

 - 181.55.127.245, 52828 at 3:58:37 PM on 1/28/2015

 - 85.178.81.183, 59224 at 4:39:31 PM

 - 181.55.127.245, 40831 at 5:05:35 PM

 - 79.205.193.125, 35257 at 5:47:22 PM

 - 80.182.47.113, 41970 at 5:51:26 PM

 - 101.187.11.150, 36441 at 8:09:06 PM

 - 121.138.82.30, 53632 at 10:29:18 PM

 - 5.23.203.131, 38346 at 1:38:40 AM on 1/29/2015

 - 61.238.237.254, 52343 at 11:31:31 AM

 - 93.104.93.238, 51335 at 5:19:09 PM

The following message was included in all intrussion notifications:

Network traffic from 127.0.0.1/cgi-bin/authLogin.cgi matches the signature of a known attack. The attack was resulted from \DEVICE\HARDDISKVOLUME2\PROGRAM FILES\ISPY\ISPY (64 BIT)\ISPY.EXE.

ISpy is an open source camera security software that I use to monitor wireless cameras, it hasn't given me any problems before.

Also, not sure if this might be related or not, but about a week ago I got two URL:MAL notifications from SKYPE.EXE. The sleep mode on my computer won't work, it goes to sleep and about 5 seconds later it comes back on again; the fan starts running at high speed and gets really loud, it's happened quite a few times since yesterday and usually lasts about 10-15 seconds or so. Again this may not be related to the virus/intrusions mentioned before but I thought I would include them just in case.

Thanks in advance for any help you can offer.

OTL log:

-----------------------------

OTL logfile created on: 1/28/2015 6:37:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17501)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 23.93% Memory free

15.98 Gb Paging File | 9.09 Gb Available in Paging File | 56.85% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.09 Gb Total Space | 503.96 Gb Free Space | 54.77% Space Free | Partition Type: NTFS

Drive D: | 11.13 Gb Total Space | 1.59 Gb Free Space | 14.32% Space Free | Partition Type: NTFS

Drive E: | 161.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: *-PC | User Name: * | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2015/01/28 18:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe

PRC - [2015/01/26 15:20:43 | 000,338,032 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2015/01/26 13:40:21 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\avastui.exe

PRC - [2015/01/25 03:35:37 | 001,880,752 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe

PRC - [2014/12/04 21:12:28 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/11/21 18:23:48 | 000,073,656 | ---- | M] () -- C:\Program Files\iSpy\iSpy (64 bit)\iSpyMonitor.exe

PRC - [2013/10/15 15:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Users\*\AppData\Local\FluxSoftware\Flux\flux.exe

PRC - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccsvchst.exe

PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

PRC - [2011/03/09 07:55:54 | 002,667,520 | ---- | M] () -- C:\Program Files (x86)\EyeLeo\EyeLeo.exe

PRC - [2010/07/22 21:10:47 | 000,402,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

PRC - [2010/04/07 03:01:40 | 035,444,688 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe

PRC - [2009/12/01 19:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

PRC - [2009/09/19 14:40:54 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe

PRC - [2009/09/19 14:40:48 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe

PRC - [2009/09/19 14:39:06 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

PRC - [2009/09/19 14:38:48 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe

PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

PRC - [2007/04/30 18:43:54 | 003,450,608 | ---- | M] (Stardock) -- C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe

PRC - [1999/12/31 16:00:00 | 001,966,080 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\tor.exe

PRC - [1999/12/31 16:00:00 | 000,338,432 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Tor Browser\Browser\firefox.exe

========== Modules (No Company Name) ==========

MOD - [2015/01/26 15:20:43 | 003,925,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2015/01/25 03:35:36 | 016,844,976 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll

MOD - [2015/01/24 22:08:43 | 014,913,864 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll

MOD - [2015/01/24 22:08:41 | 009,170,760 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll

MOD - [2015/01/24 22:08:37 | 001,117,512 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\libglesv2.dll

MOD - [2015/01/24 22:08:35 | 000,211,272 | ---- | M] () -- C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\libegl.dll

MOD - [2014/12/04 21:12:34 | 038,562,088 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll

MOD - [2014/10/16 01:15:38 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla\fzshellext.dll

MOD - [2014/10/15 02:21:41 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll

MOD - [2014/10/15 02:21:39 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll

MOD - [2014/10/15 02:21:37 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll

MOD - [2014/10/15 02:21:36 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll

MOD - [2014/10/15 02:21:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll

MOD - [2014/10/15 02:21:31 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll

MOD - [2014/05/24 08:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla\libstdc++-6.dll

MOD - [2014/05/24 08:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla\libgcc_s_sjlj-1.dll

MOD - [2014/02/27 03:06:21 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll

MOD - [2014/02/27 03:06:21 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll

MOD - [2013/11/21 18:23:48 | 000,073,656 | ---- | M] () -- C:\Program Files\iSpy\iSpy (64 bit)\iSpyMonitor.exe

MOD - [2013/09/05 00:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2012/05/30 06:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\wincfi39.dll

MOD - [2011/03/09 07:55:54 | 002,667,520 | ---- | M] () -- C:\Program Files (x86)\EyeLeo\EyeLeo.exe

MOD - [2011/01/02 00:30:36 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\EyeLeo\ActivityMonitor.dll

MOD - [2010/04/07 01:34:46 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\QuickTimeGlue.dll

MOD - [2010/02/22 03:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2009/12/01 19:49:50 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

MOD - [2007/04/30 18:18:50 | 000,112,400 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll

MOD - [2007/04/21 12:47:52 | 000,059,592 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll

MOD - [2007/04/19 13:23:48 | 000,095,944 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll

MOD - [2002/11/19 13:11:40 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\Common Files\Stardock\ODimg.dll

MOD - [2002/03/13 18:46:32 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Stardock\ObjectDock\ODimg.dll

MOD - [1999/12/31 16:00:00 | 005,057,038 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\mozjs.dll

MOD - [1999/12/31 16:00:00 | 001,966,080 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\tor.exe

MOD - [1999/12/31 16:00:00 | 000,714,452 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll

MOD - [1999/12/31 16:00:00 | 000,517,814 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll

MOD - [1999/12/31 16:00:00 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll

MOD - [1999/12/31 16:00:00 | 000,091,026 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll

MOD - [1999/12/31 16:00:00 | 000,091,026 | ---- | M] () -- C:\Program Files (x86)\Tor Browser\Browser\libssp-0.dll

========== Services (SafeList) ==========

SRV:64bit: - [2014/12/04 21:12:28 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/07/08 03:29:02 | 000,183,896 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/06/01 00:58:10 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV - [2015/01/26 15:20:43 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2015/01/25 03:35:39 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/12/11 10:30:48 | 000,315,496 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2014/09/12 01:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/12/04 06:19:32 | 005,316,448 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)

SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/05/20 20:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ccSvcHst.exe -- (NIS)

SRV - [2012/09/27 10:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2010/05/12 00:16:13 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009/09/19 14:39:06 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)

SRV - [2009/06/05 16:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/12/04 21:13:46 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)

DRV:64bit: - [2014/12/04 21:12:41 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2014/12/04 21:12:41 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)

DRV:64bit: - [2014/12/04 21:12:40 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)

DRV:64bit: - [2014/12/04 21:12:40 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2014/12/04 21:12:40 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2014/12/04 21:12:40 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)

DRV:64bit: - [2014/12/04 21:12:38 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2014/07/28 13:52:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2014/01/22 07:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)

DRV:64bit: - [2014/01/22 07:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)

DRV:64bit: - [2013/07/08 03:29:00 | 000,199,384 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)

DRV:64bit: - [2013/06/17 13:04:19 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2013/05/22 21:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\symefa64.sys -- (SymEFA)

DRV:64bit: - [2013/05/20 21:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\symds64.sys -- (SymDS)

DRV:64bit: - [2013/05/15 21:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2013/04/24 16:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\symnets.sys -- (SymNetS)

DRV:64bit: - [2013/04/15 18:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\ccsetx64.sys -- (ccSet_NIS)

DRV:64bit: - [2013/03/04 18:14:18 | 000,043,680 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)

DRV:64bit: - [2013/03/04 17:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\ironx64.sys -- (SymIRON)

DRV:64bit: - [2013/03/04 17:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1406000.01B\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2012/09/21 11:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)

DRV:64bit: - [2012/09/21 11:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/04/06 10:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)

DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)

DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)

DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)

DRV:64bit: - [2011/12/19 15:41:32 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)

DRV:64bit: - [2011/06/01 03:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2011/06/01 03:12:38 | 009,320,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2011/06/01 00:19:14 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/29 06:31:18 | 001,579,520 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/07/18 13:22:27 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)

DRV:64bit: - [2010/02/04 22:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)

DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)

DRV:64bit: - [2009/10/07 07:45:38 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)

DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)

DRV:64bit: - [2009/10/06 05:49:14 | 000,230,456 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)

DRV:64bit: - [2009/08/20 16:05:06 | 000,239,616 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/08/09 13:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)

DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)

DRV:64bit: - [2009/04/03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)

DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)

DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV - [2015/01/20 04:27:28 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20150127.040\ex64.sys -- (NAVEX15)

DRV - [2015/01/20 04:27:28 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20150127.040\eng64.sys -- (NAVENG)

DRV - [2015/01/10 20:53:21 | 000,668,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20150127.001\IDSviA64.sys -- (IDSVia64)

DRV - [2015/01/06 11:15:26 | 001,622,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20150106.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2014/12/11 12:45:55 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2014/12/11 12:45:54 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2011/10/25 02:14:06 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2010/06/15 20:23:28 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/05 23:52:46] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})

DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CF702269-11C9-40DA-97AB-2C0E1934AAF5}

IE:64bit: - HKLM\..\SearchScopes\{AE4B2865-ED2A-4AEB-AE3A-803E03566E3B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE:64bit: - HKLM\..\SearchScopes\{CF702269-11C9-40DA-97AB-2C0E1934AAF5}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01

IE - HKLM\..\SearchScopes,DefaultScope = {632F07F3-19A1-4d16-A23F-E6CE9486BAB5}

IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01

IE - HKLM\..\SearchScopes\{AE4B2865-ED2A-4AEB-AE3A-803E03566E3B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKLM\..\SearchScopes\{CF702269-11C9-40DA-97AB-2C0E1934AAF5}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=AV01

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...q={searchTerms}

IE - HKCU\..\SearchScopes\{13B66D15-B7E5-45F2-82C7-015B9F2D8167}: "URL" = http://www.google.co...utputEncoding?}

IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01

IE - HKCU\..\SearchScopes\{6A0A0E22-8707-4AFD-A0DA-F1DEA84B47B2}: "URL" = http://blekko.com/ws...rchTerms}&r=483

IE - HKCU\..\SearchScopes\{AE4B2865-ED2A-4AEB-AE3A-803E03566E3B}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpd

IE - HKCU\..\SearchScopes\{CF702269-11C9-40DA-97AB-2C0E1934AAF5}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;*.local;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 62.253.249.2:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.defaultthis.engineName: "Google"

FF - prefs.js..browser.search.defaulturl: "https://www.google.com/search"

FF - prefs.js..browser.search.highlightCount: 0

FF - prefs.js..browser.search.isUS: true

FF - prefs.js..browser.search.order.1: "Google"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledAddons: %7B64161300-e22b-11db-8314-0800200c9a66%7D:0.9.6.16

FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:5.0

FF - prefs.js..extensions.enabledAddons: %7Bb0e1b4a6-2c6f-4e99-94f2-8e625d7ae255%7D:3.5.0

FF - prefs.js..extensions.enabledAddons: searchyoutube%40searchyoutube.fr:1.0

FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.27

FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.18

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0.1

FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3

FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:3.1.3

FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.8

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13

FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.2

FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.7

FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.3.6

FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.7.0.8773

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29

FF - prefs.js..keyword.URL: "https://www.google.com/search"

FF - prefs.js..network.proxy.http: "64.182.21.63"

FF - prefs.js..network.proxy.http_port: 29786

FF - prefs.js..network.proxy.socks_version: 4

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Itunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@hola.org/vlc,version=1.6.463: C:\Users\*\AppData\Local\Hola\firefox\app\vlc [2015/01/28 13:32:27 | 000,000,000 | ---D | M]

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\*\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\*\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\*\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\*\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\*\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Update;version=3: C:\Users\*\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)

FF - HKCU\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Update;version=9: C:\Users\*\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll (Epic Privacy Browser)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ [2015/01/28 13:17:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2015/01/27 12:28:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013/04/08 16:04:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/01/26 15:20:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/01/26 15:20:40 | 000,000,000 | ---D | M]

[2011/12/12 19:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Extensions

[2011/12/12 19:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Extensions\[email protected]

[2015/01/22 15:08:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions

[2015/01/16 13:19:29 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]

[2014/12/04 13:12:44 | 000,000,000 | ---D | M] (Hola Better Internet) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]

[2014/12/09 13:58:04 | 002,551,632 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]

[2014/09/11 12:22:11 | 000,105,346 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]

[2013/12/25 13:57:53 | 000,009,470 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\[email protected]

[2013/07/02 14:12:54 | 000,345,379 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{30E08C68-889E-11E0-95EF-DA7E4824019B}.xpi

[2013/09/17 12:33:24 | 000,281,800 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi

[2012/12/10 13:58:31 | 000,013,972 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi

[2013/09/08 12:50:56 | 000,242,531 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}.xpi

[2014/11/15 01:39:13 | 000,020,782 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi

[2015/01/14 15:08:22 | 000,985,112 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2015/01/21 13:40:17 | 000,732,089 | ---- | M] () (No name found) -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi

[2014/06/05 14:15:48 | 000,002,823 | ---- | M] () -- C:\Users\*\AppData\Roaming\Mozilla\Firefox\Profiles\e294z1gb.default\searchplugins\Google.xml

[2015/01/26 15:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2015/01/26 15:20:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

[2015/01/26 15:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2015/01/26 15:20:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome  ==========

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url =

CHR - default_search_provider: suggest_url =

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\Application\40.0.2214.93\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\*\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\*\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Google Update (Enabled) = C:\Users\*\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.8_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\bejnhdlplbjhffionohbdnpcbobfejcc\2013.4.14.18_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.10_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\14.5_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.7_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.2.2_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.17_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.6.222_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhfcdbheobinplaamokffboaccidbal\2.0_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\3.1_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghaepecjeidnnkkkcjpbnhebdknmhjp\0.3.0_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl\5.6_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgjfppmemjoiimknjbbmnajephibioe\3.0_0\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_1\

CHR - Extension: No name found = C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_1\.svn\props\.svn-work

O1 HOSTS File: ([2014/10/17 03:20:21 | 000,001,586 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 www.adobeereg.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 125.252.224.90

O1 - Hosts: 127.0.0.1 125.252.224.91

O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com

O1 - Hosts: 127.0.0.1                   65.52.240.48

O1 - Hosts: 127.0.0.1                   activation.cloud.techsmith.com

O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coieplg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll File not found

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)

O4 - HKCU..\Run: [AdobeBridge]  File not found

O4 - HKCU..\Run: [F.lux] C:\Users\*\AppData\Local\FluxSoftware\Flux\flux.exe (Flux Software LLC)

O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)

O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EyeLeo.lnk = C:\Program Files (x86)\EyeLeo\EyeLeo.exe ()

O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe File not found

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)

O16 - DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///E:/activeX/DCP.cab (DCPForm Control 1.0.1.1)

O16 - DPF: {57AF0810-BDA7-47A5-B02D-FDA1073C04B0} https://la.mydlink.c...eX//TunnelX.ocx (TunnelX Control)

O16 - DPF: {7191F0AC-D686-46A8-BFCC-EA61778C74DD} https://la.mydlink.c...aplugLiteDL.cab (Gif89 Lite +Audio Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.25.2)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_67)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 11.25.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B3B2058-8B6F-43B8-B2A4-419E1B6E9317}: DhcpNameServer = 192.168.1.254 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81EE121D-168C-4E88-A41D-516BEC7B9D0E}: DhcpNameServer = 192.168.1.254 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1A2473B-17F6-462C-9D92-C996D67717A1}: DhcpNameServer = 10.95.104.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/12/05 16:56:07 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O32 - AutoRun File - [2011/05/19 23:24:24 | 000,647,376 | R--- | M] (D-Link Inc.) - E:\autorun.exe -- [ CDFS ]

O32 - AutoRun File - [2010/11/04 23:05:24 | 000,000,042 | R--- | M] () - E:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{6bbe6853-e8ca-11de-a439-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6bbe6853-e8ca-11de-a439-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2011/05/19 23:24:24 | 000,647,376 | R--- | M] (D-Link Inc.)

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a

O33 - MountPoints2\N\Shell - "" = AutoRun

O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2015/01/28 18:20:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe

[2015/01/26 18:26:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe

[2015/01/26 15:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2015/01/20 03:59:41 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\dream

[2015/01/20 03:14:02 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\target

[2015/01/17 00:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2015/01/04 16:47:02 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Stock Images

[2015/01/02 19:31:03 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\Elegance Documentation

[2015/01/02 19:31:02 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\elegance

[2014/12/31 01:15:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM

[2013/07/28 18:59:14 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

[2010/07/18 13:22:27 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\*\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2015/01/28 18:42:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001UA.job

[2015/01/28 18:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2015/01/28 18:20:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe

[2015/01/28 18:04:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001UA.job

[2015/01/28 13:25:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2015/01/28 13:25:03 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2015/01/28 13:21:12 | 000,000,266 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job

[2015/01/28 13:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2015/01/27 21:42:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001Core.job

[2015/01/27 19:04:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2051642768-11231000-3813961495-1001Core.job

[2015/01/27 12:37:59 | 006,039,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2015/01/26 07:05:36 | 000,039,484 | ---- | M] () -- C:\Users\*\Desktop\B8SKhMTCcAESMZU.jpg

[2015/01/25 18:32:04 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor*.job

[2015/01/22 23:35:49 | 000,030,358 | ---- | M] () -- C:\Users\*\Desktop\petcontrollogo.png

[2015/01/19 20:26:50 | 000,001,024 | ---- | M] () -- C:\Users\*\Desktop\price.php

[2015/01/13 13:29:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs

[2015/01/12 18:23:59 | 000,488,446 | ---- | M] () -- C:\Users\*\Desktop\1215sh.jpg

[2015/01/11 06:03:17 | 001,668,775 | ---- | M] () -- C:\Users\*\Desktop\DesignCrowd Logos.ai

[2015/01/06 03:29:57 | 000,976,111 | ---- | M] () -- C:\Users\*\Desktop\US Logo Template.ai

[2015/01/02 16:07:40 | 000,089,770 | ---- | M] () -- C:\Users\*\Desktop\10906254_10152903618371390_3616972994366641429_n.jpg

[2015/01/02 05:09:55 | 012,857,849 | ---- | M] () -- C:\Users\*\Desktop\Poster.psd

[2014/12/31 16:21:48 | 000,000,204 | -H-- | M] () -- C:\Users\*\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2

[2014/12/31 16:21:48 | 000,000,204 | -H-- | M] () -- C:\ProgramData\b0aa5df4d755c86d155bd20c03c50c4194988cc2

========== Files Created - No Company Name ==========

[2015/01/26 07:05:35 | 000,039,484 | ---- | C] () -- C:\Users\*\Desktop\B8SKhMTCcAESMZU.jpg

[2015/01/22 23:35:45 | 000,030,358 | ---- | C] () -- C:\Users\*\Desktop\petcontrollogo.png

[2015/01/19 20:26:49 | 000,001,024 | ---- | C] () -- C:\Users\*\Desktop\price.php

[2015/01/12 13:16:21 | 000,488,446 | ---- | C] () -- C:\Users\*\Desktop\1215sh.jpg

[2015/01/04 20:38:41 | 000,002,932 | ---- | C] () -- C:\Users\*\Desktop\american-express.png

[2015/01/02 16:07:40 | 000,089,770 | ---- | C] () -- C:\Users\*\Desktop\10906254_10152903618371390_3616972994366641429_n.jpg

[2015/01/02 05:09:53 | 012,857,849 | ---- | C] () -- C:\Users\*\Desktop\Poster.psd

[2014/12/31 01:34:10 | 000,335,631 | ---- | C] () -- C:\Users\*\Desktop\business_card.ai

[2014/12/31 01:18:19 | 000,001,612 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk

[2014/12/31 01:16:02 | 000,001,480 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk

[2014/12/31 01:14:19 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk

[2014/12/31 01:13:21 | 000,001,131 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk

[2014/12/31 01:11:00 | 000,001,315 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk

[2014/12/31 01:10:53 | 000,001,481 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk

[2014/12/31 01:10:21 | 000,000,959 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk

[2014/11/29 17:37:02 | 000,000,600 | ---- | C] () -- C:\Users\*\AppData\Local\PUTTY.RND

[2014/10/11 21:15:20 | 000,000,641 | ---- | C] () -- C:\Users\*\.bash_history

[2014/01/17 19:57:51 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI

[2013/12/11 13:49:07 | 000,631,688 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2013/12/04 14:51:00 | 000,000,096 | ---- | C] () -- C:\Users\*\AppData\Roaming\wklnhst.dat

[2013/10/30 16:44:09 | 000,000,407 | ---- | C] () -- C:\Users\*\AppData\Roaming\burnaware.ini

[2013/10/30 12:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll

[2013/10/30 12:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll

[2013/10/30 12:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll

[2013/10/30 12:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll

[2013/09/10 16:41:01 | 000,000,662 | ---- | C] () -- C:\Windows\SysWow64\sys32dlkb.dll

[2013/09/10 16:41:01 | 000,000,340 | ---- | C] () -- C:\Windows\SysWow64\lc62pn4.dll

[2013/07/20 04:26:36 | 000,002,418 | ---- | C] () -- C:\Windows\Sandboxie.ini

[2013/07/19 19:34:13 | 000,000,010 | ---- | C] () -- C:\ProgramData\.F4G6EEC4-B493-3E31-C6BG-8C6C9B764D36

[2013/07/19 19:34:13 | 000,000,010 | ---- | C] () -- C:\Users\*\AppData\Local\.C3F2FH85-G3D2-2F02-D5CH-7D3D8C553E56

[2013/06/04 20:19:28 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat

[2013/06/04 20:15:12 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI

[2013/05/06 03:55:08 | 000,000,150 | ---- | C] () -- C:\Users\*\.jupload.properties

[2013/04/23 03:33:17 | 000,000,064 | -H-- | C] () -- C:\Users\*\AppData\Roaming\c8744ab0b37445ba55ea0b76c46affe3949e12ea

[2013/04/23 03:33:17 | 000,000,064 | -H-- | C] () -- C:\ProgramData\c8744ab0b37445ba55ea0b76c46affe3949e12ea

[2013/04/23 03:24:31 | 000,000,204 | -H-- | C] () -- C:\Users\*\AppData\Roaming\b0aa5df4d755c86d155bd20c03c50c4194988cc2

[2013/04/23 03:24:31 | 000,000,204 | -H-- | C] () -- C:\ProgramData\b0aa5df4d755c86d155bd20c03c50c4194988cc2

[2013/04/23 03:24:31 | 000,000,064 | -H-- | C] () -- C:\Users\*\AppData\Roaming\3cab8a6de5ed842d9d9f01148a6192164816d25f

[2013/04/23 03:24:31 | 000,000,064 | -H-- | C] () -- C:\ProgramData\3cab8a6de5ed842d9d9f01148a6192164816d25f

[2013/04/08 16:00:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012/05/02 02:32:59 | 014,707,262 | ---- | C] () -- C:\Users\*\Wallpaper.psd

[2012/03/03 20:57:26 | 2854,350,472 | ---- | C] () -- C:\Program Files\AvidStudio_Trial_Part-1-of-1.exe

[2011/12/20 01:12:18 | 000,074,485 | ---- | C] () -- C:\Users\*\1_2010120912221810Z354.jpg

[2011/12/11 16:49:26 | 000,001,456 | ---- | C] () -- C:\Users\*\AppData\Local\Adobe Save for Web 12.0 Prefs

[2011/11/30 01:37:44 | 003,223,211 | ---- | C] () -- C:\Users\*\tumblr_lvgq1peQL41qeg2owo1_500.psd

[2011/10/24 12:42:27 | 000,000,355 | ---- | C] () -- C:\Users\*\Favorites - Shortcut.lnk

[2011/09/16 20:33:44 | 000,000,132 | ---- | C] () -- C:\Users\*\AppData\Roaming\Adobe GIF Format CS5 Prefs

[2011/05/27 02:50:42 | 000,029,935 | ---- | C] () -- C:\Users\*\PrayerBracelet.png

[2010/09/02 01:20:21 | 000,000,465 | ---- | C] () -- C:\Users\*\AppData\Roaming\Poladroid prefs.plist

[2010/07/18 13:23:39 | 000,001,044 | ---- | C] () -- C:\Users\*\AppData\Roaming\vso_ts_preview.xml

[2010/07/18 13:22:27 | 000,099,384 | ---- | C] () -- C:\Users\*\AppData\Roaming\inst.exe

[2010/07/18 13:22:27 | 000,007,859 | ---- | C] () -- C:\Users\*\AppData\Roaming\pcouffin.cat

[2010/07/18 13:22:27 | 000,001,167 | ---- | C] () -- C:\Users\*\AppData\Roaming\pcouffin.inf

[2010/05/12 11:58:57 | 000,000,132 | ---- | C] () -- C:\Users\*\AppData\Roaming\Adobe PNG Format CS5 Prefs

[2010/05/02 12:42:51 | 000,000,000 | ---- | C] () -- C:\Users\*\AppData\Roaming\chrtmp

========== ZeroAccess Check ==========

[2014/06/25 02:00:00 | 000,002,671 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2051642768-11231000-3813961495-1001\$RVBX3QN\upload\default-avatars\l.png

[2014/06/25 02:00:00 | 000,002,896 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-2051642768-11231000-3813961495-1001\$RVBX3QN\upload\default-avatars\n.png

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/04/01 00:02:02 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\.#

[2014/11/03 16:25:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Add-in Express

[2010/06/07 16:36:12 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\adma

[2014/02/26 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Aegisub

[2013/07/20 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Alien Skin

[2013/03/29 12:29:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Ant.com

[2011/11/05 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Apowersoft

[2010/04/24 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\App Launcher Gadget

[2013/06/15 23:41:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Artisteer

[2011/07/11 17:22:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Artweaver

[2013/07/16 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Athentech

[2011/01/12 23:43:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\authorPOINT

[2010/12/05 17:35:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Autodesk

[2014/03/01 12:37:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\AVAST Software

[2010/08/09 01:41:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Avery

[2012/11/06 05:08:08 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\avidemux

[2013/06/05 12:09:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\BITS

[2010/06/02 19:36:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Blender Foundation

[2011/05/22 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\calibre

[2010/05/18 00:50:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Carnival Software

[2010/09/22 22:47:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/08/24 20:31:52 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2014/10/11 17:55:54 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Composer

[2013/10/29 14:40:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Cyberduck

[2013/05/23 04:06:49 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Divine

[2013/05/23 04:23:38 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Divine Elemente

[2013/12/09 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\DlinkViewCam

[2010/07/21 21:31:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Downloaded Installations

[2011/06/07 10:57:05 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Dropbox

[2010/12/03 21:57:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Eclipse

[2013/11/01 13:45:36 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\EyeLeo

[2014/11/15 23:16:03 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Fanurio

[2015/01/19 20:46:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FileZilla

[2013/06/05 12:09:53 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\FlashgetSetup

[2014/02/20 18:55:44 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\fontconfig

[2011/09/01 12:08:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\GetRightToGo

[2010/08/15 22:25:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Helios

[2013/07/20 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Imagenomic

[2013/04/23 02:58:58 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iPumper

[2013/05/11 13:47:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iSpring Solutions

[2015/01/28 13:30:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\iSpy

[2010/04/24 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Leadertech

[2011/01/10 18:43:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Local

[2013/09/24 20:49:48 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MAGIX

[2014/04/09 19:06:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Maxthon3

[2011/10/23 23:50:17 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\mjusbsp

[2010/05/28 23:19:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MPEG Streamclip

[2011/06/02 21:02:59 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\muvee Technologies

[2011/03/28 16:00:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\MxBoost

[2014/04/29 19:38:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Naturalsoft

[2014/01/03 00:28:28 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Notepad++

[2010/06/06 20:15:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OpenOffice.org

[2010/05/22 03:05:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera

[2013/07/03 13:19:31 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Opera Software

[2014/10/02 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Oracle

[2010/11/13 02:48:46 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\OrphneDev

[2010/05/17 16:02:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PACE Anti-Piracy

[2013/09/24 20:11:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\PDAppFlex

[2011/03/15 01:15:00 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Rovio

[2014/01/06 16:03:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Samsung

[2013/10/29 17:52:37 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\SendBlaster3

[2013/09/25 12:07:21 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\simplitec

[2011/12/12 19:11:16 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Songbird2

[2013/03/20 23:32:51 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Speedsolving

[2010/05/08 02:16:04 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2013/08/21 18:43:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Sublime Text 2

[2014/09/14 20:47:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TeamViewer

[2013/03/11 20:18:22 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TechSmith

[2013/12/04 14:51:02 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Template

[2014/06/01 04:52:42 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\TemplateToaster

[2014/11/23 15:31:10 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Thunderbird

[2015/01/04 05:49:27 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\uTorrent

[2010/07/23 17:11:45 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Vso

[2010/09/13 22:18:30 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WildTangent

[2010/04/24 01:14:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\WinBatch

[2013/07/25 21:44:23 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Windows Live Writer

[2013/10/29 13:12:57 | 000,000,000 | -HSD | M] -- C:\Users\*\AppData\Roaming\wyUpdate AU

[2014/01/22 01:31:35 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Xilisoft

[2010/05/04 19:36:34 | 000,000,000 | ---D | M] -- C:\Users\*\AppData\Roaming\Youtube Downloader HD

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\ProgramData:Kinetics 6

@Alternate Data Stream - 64 bytes -> C:\ProgramData:iSpring Suite 6

@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns4

@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns2

@Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns1

@Alternate Data Stream - 4 bytes -> C:\ProgramData\Nalpeiron:user.ns3

@Alternate Data Stream - 204 bytes -> C:\ProgramData:iSpring Pro 6

@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

@Alternate Data Stream - 1058 bytes -> C:\ProgramData\Microsoft:MyYj6Bq5Iyr89AYtP6GCtR7Z1k6gbJ

@Alternate Data Stream - 1047 bytes -> C:\ProgramData\Microsoft:bfNYFrmTUUoTEG6cJsyS

@Alternate Data Stream - 1031 bytes -> C:\ProgramData\Microsoft:rJPd4d2DuI0xo91UMsCzl

< End of report >


Edited by moyu22, 02 February 2015 - 09:32 PM.

  • 0

Advertisements


#2
moyu22

moyu22

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

OTL extra log

-------------------------

OTL Extras logfile created on: 1/28/2015 6:37:38 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17501)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 23.93% Memory free

15.98 Gb Paging File | 9.09 Gb Available in Paging File | 56.85% Paging File free

Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 920.09 Gb Total Space | 503.96 Gb Free Space | 54.77% Space Free | Partition Type: NTFS

Drive D: | 11.13 Gb Total Space | 1.59 Gb Free Space | 14.32% Space Free | Partition Type: NTFS

Drive E: | 161.10 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: *-PC | User Name: * | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [ID3-TagIT] -- "C:\Program Files (x86)\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1"

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D518318-BC63-45C4-8314-60770119471F}" = rport=139 | protocol=6 | dir=out | app=system |

"{144C50E8-6332-4337-A7B7-30109983C1F3}" = rport=445 | protocol=6 | dir=out | app=system |

"{18682CC6-BD04-4A1E-9833-29A86A9C281F}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |

"{193AA6E3-60F6-4CE4-BED9-FC4E11B96621}" = lport=445 | protocol=6 | dir=in | app=system |

"{1A75F59B-20F0-4B6A-8CF3-DD9D36F144C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{1F72DF03-820D-4ABB-A0A1-3B7BAE3A79FF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{20D958EF-85BB-4109-9550-5455622701CC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{249BBDD2-959B-46FA-932F-FC2EDBC94476}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{2E51DF73-D0DF-45D4-B807-5B68FCE61A0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{304586D7-A1EE-41B9-B8E1-39B32B986CFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3CF7967F-53A5-41EE-8A4F-D58E76669D5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3D11871A-F0BB-43E7-8B5B-06C7FEDF1CC2}" = rport=10243 | protocol=6 | dir=out | app=system |

"{44E4A3BF-E273-4294-B981-9B6DB540B182}" = lport=5978 | protocol=6 | dir=in | name=dlink-easysetup |

"{4D034E71-EE34-40A2-95C3-6D3FBB12111C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{4E2B46FC-30D1-434E-906D-F23012EE832E}" = rport=138 | protocol=17 | dir=out | app=system |

"{56E54687-5030-49CE-AF94-47FDDF2BDB6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5D58A988-EF61-493E-9D29-50EA0EE00744}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{6BC0C0C3-954C-4BF9-A4A2-A9F26F7C09D9}" = lport=5353 | protocol=17 | dir=in | app=c:\users\*\appdata\local\google\chrome\application\chrome.exe |

"{721797FA-5922-4563-A8BD-45D15B06EB2B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7658C02A-62E8-4848-AA80-CC3D6018FD6C}" = lport=137 | protocol=17 | dir=in | app=system |

"{76CFB8A2-FBD5-4F70-B965-8B1575931D78}" = rport=137 | protocol=17 | dir=out | app=system |

"{7C9B3C1E-B360-4011-812A-3B96A13694B2}" = lport=2869 | protocol=6 | dir=in | app=system |

"{891D0AFF-D5C7-47DD-8FB1-90ED2FC94C3B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{8A1307DB-B930-4397-957B-FAE6D2310609}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8DBF5323-1B41-49EA-92B6-61DAAC6DDCB8}" = lport=2869 | protocol=6 | dir=in | app=system |

"{8E295596-0D09-4958-9EC7-383A0EA513A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BAB7ED8B-0B74-444F-A050-5149D308E2BE}" = lport=138 | protocol=17 | dir=in | app=system |

"{C146BBB3-DAFA-4467-ACCC-575BA2049BFC}" = lport=139 | protocol=6 | dir=in | app=system |

"{C4046015-2029-400E-8A5F-B9A121EE79EB}" = lport=51114 | protocol=6 | dir=in | name=akamai netsession interface |

"{CE30C89A-FBD3-4F58-9CDE-E2138A6E4E0A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{CEA7A9FE-4126-4480-8CF3-2DE26DA07A9B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D479A1AA-C042-4BCE-B01A-64439A9C6B18}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

"{DBAF8B49-3533-4E1D-A3D4-F614733DD8A4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E81E80BD-A032-4B51-ABFF-239DF5799988}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

"{F2A7AC6A-77EB-4D85-86A8-6541CBF66F5A}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{041E693A-C2D4-4D4D-BBE5-1B9219C38770}" = dir=in | app=c:\users\*\appdata\roaming\mozilla\firefox\profiles\e294z1gb.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |

"{04660085-F31A-4B97-8BDB-7483BE765B19}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\akamai\netsession_win.exe |

"{0559AA1A-F504-4529-B16E-825628455805}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |

"{05E537DE-FCB6-4ED1-9C8C-A01035C18145}" = protocol=1 | dir=in | [email protected],-28543 |

"{06EA2480-E468-4471-91FB-0DBD632AE967}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{07BD3EE6-A6B7-46F6-92F0-3F68DDF15730}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |

"{09392D8C-6CD8-4E50-8ED4-6E5A437EAE48}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |

"{10F59F80-E0C6-49FD-9A06-D5E1777E01D2}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |

"{130180A7-EA56-4308-92D9-667F045C8C50}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{13EE7E85-1D70-411C-A51D-B55266D11918}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{16583E0D-7518-4D98-9ACE-B2D9D4BA45C1}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{21794EE0-C60E-4E89-8EBC-1B6D3E799434}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{2604AA2C-7EA5-497F-9CB6-FD316103C51A}" = protocol=6 | dir=in | app=c:\windows\syswow64\mshta.exe |

"{263A980F-3EDA-4C71-844F-A6D0AE6884D7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |

"{283A99EB-75E7-471D-92FF-0A57D87BB538}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |

"{290AA939-C355-4AED-8354-61AF359FC3F0}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{2C75A330-8838-4967-A5FC-E61706DED089}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |

"{2C7BFB95-3F4B-4557-92FF-2BEF73BC3691}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |

"{2DBE1DAD-AE40-47EE-B839-6E5780D25305}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{2E861810-0A5A-49F8-87CF-82C912E330F5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |

"{2E886AB9-80B8-4E63-BB37-A81B1C535BDC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{2F1CB07C-F8A8-4D7C-B9C9-933A5B6713D5}" = protocol=17 | dir=in | app=c:\users\*\appdata\roaming\dropbox\bin\dropbox.exe |

"{2FE93A23-16F8-4638-AECC-3D51E788870E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{31EE66B0-A212-4B93-85F6-597D6DD12D7E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{320A5CC8-791D-44EB-BD69-260F5BE9E35A}" = protocol=6 | dir=in | app=c:\users\*\appdata\roaming\utorrent\utorrent.exe |

"{34BA3C76-9A0D-4A47-B23C-FEB131318516}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{36792B5C-37A8-490C-AF52-DEE745FBBB55}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{36D114FF-34BC-49BC-A4FD-EB8137E1D3F7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{36F37792-CB69-4B3F-BF0A-4AF2988657D1}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |

"{37BD4564-FC77-423B-A2CA-BAAC7D19905C}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{387A9F82-1D08-4824-9403-D75332A9873D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{392E5146-5943-4186-B652-1DDF023FC975}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |

"{39F67422-6E16-407C-ACAE-93AB763A3A05}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\hola\firefox\app\hola_plugin.exe |

"{3D35B25B-BA3F-44AB-865D-FE73A41497FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{3D57C63C-6550-4E65-9F8A-ABC59E49ECFB}" = dir=in | app=c:\users\*\downloads\install\d-link\wizard\autorun.exe |

"{3E4549C1-396B-4160-A625-58BD18BB3901}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |

"{3F48A5DD-1257-4F59-B574-91F3DEF6C68E}" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

"{40552C5B-9806-43F3-8D82-BA93AA23C160}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{4163C0BE-C89B-4EE6-AA6A-4E0829D05E7B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{45834A50-3FA2-4D12-B187-49BD8CB0C837}" = protocol=17 | dir=in | app=c:\windows\syswow64\mshta.exe |

"{48BF9F60-D091-4730-9311-F05C1D6AE23C}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{4D4E0662-51E4-462D-B95F-18DE425A8348}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{4D555CAA-7E38-4CC6-96D1-9D387E0BA987}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe |

"{4DC941E6-D521-4AE1-B7DF-421D072E13DE}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

"{4E091FA4-6A7B-43F4-8A75-7D292B3F69C1}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{507E30EC-A1E2-4BB7-826B-311EEE430783}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\maxthon.exe |

"{5424FB62-5D6B-449C-ADC4-505163C96DD9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |

"{55AEABAC-7BA9-4E63-B341-71AC63ED1724}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\akamai\netsession_win.exe |

"{55B1BB91-FE29-43F7-8FD6-37D420CD5DA2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{57A6877E-971C-4E4A-B428-A2707DC7A2B5}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{596B26F0-C5B7-4916-BB83-0C670E8FF81A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5B107A9B-ECF3-4B72-B9C6-698231703C18}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{5C4D3CA3-EFC6-44AA-8318-7919CDBBED71}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |

"{5DD83C22-9AEF-443A-A4DB-62BC16613ED6}" = dir=in | app=c:\users\*\appdata\roaming\mozilla\firefox\profiles\e294z1gb.default\extensions\[email protected]\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe |

"{5EFB579B-211E-484E-AFDD-95F3FF737247}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{63A7A8DE-0B28-46FA-871B-5C839CD4D6C3}" = protocol=6 | dir=in | app=c:\program files (x86)\templatetoaster 2\deactivator.exe |

"{68E6070E-D51A-40B8-8AE5-A880B573F631}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{69BBBD55-487A-44E5-80E5-411DB96CC600}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |

"{69FF0F43-7E61-42E7-BF9F-CF05792DB63C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{6A108338-4FCD-4A60-8038-414973D0B649}" = protocol=6 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |

"{6A6904B7-9AF6-491A-A529-85BECB8D37BB}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{6AD82302-F127-4926-8D7F-598231207F97}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"{6B53EFE2-7A4A-41C7-9D12-F7DAD3AF7547}" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"{6BB13263-69D4-42B8-BB21-D1A9C8BBB709}" = protocol=17 | dir=in | app=c:\users\*\appdata\roaming\utorrent\utorrent.exe |

"{70CB7840-3563-458F-A505-04A9AE61B2F5}" = protocol=58 | dir=in | [email protected],-28545 |

"{70DEDA59-3FD3-415B-BE66-B8D75403F238}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7133AB71-F2F9-4545-8D07-DCAA04FA0873}" = dir=in | app=c:\users\*\downloads\install\d-link\wizard\autorun.exe |

"{743F108F-165B-4FF8-B932-6BCFC0A01F0C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{79C50099-B339-40F3-955F-FBABBC15435C}" = dir=in | app=c:\users\*\desktop\wizard\autorun.exe |

"{7BDDAA7B-1EED-4A52-9CFB-CC1946FDB3D1}" = protocol=6 | dir=in | app=c:\windows\syswow64\mshta.exe |

"{7C125EFF-3378-4D27-9714-9DC8EA08D241}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |

"{7CFCF525-D41A-4CBC-ADE4-676B82F02DF7}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |

"{7E18F9AF-B93E-4B73-9C88-032CCB0CAB06}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{7ED8AB5A-7135-4BF2-B3E0-E48034093EA9}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |

"{7FBF5939-A47B-46DE-8428-C21931566A41}" = dir=in | app=c:\users\*\appdata\local\hola\firefox\app\hola_plugin.exe |

"{7FE8122B-19F1-440D-8481-FAB7F42D9B49}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |

"{847A35E4-06D3-43D4-93C4-676554769557}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

"{85F129F0-F310-4B8A-B108-FDCD759A98D7}" = protocol=17 | dir=in | app=c:\windows\syswow64\mshta.exe |

"{8A43C3C8-A4F8-4DEF-8278-C1D4CCB6F407}" = protocol=6 | dir=out | app=system |

"{8F74B824-27C2-4F3E-9BC7-C563203964FB}" = protocol=6 | dir=in | app=c:\users\*\appdata\roaming\utorrent\utorrent.exe |

"{92AA97DA-97FA-4632-B554-229F68112887}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |

"{936CC623-44C7-4817-A28D-521F954871C4}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |

"{959EE795-186E-4680-A46C-6C6CC18768F8}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\temp\7zs6a14\hpdiagnosticcoreui.exe |

"{986157E0-A046-4221-B08A-98D169F4BF1A}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |

"{9A7145F3-CCCD-40D6-BD67-7B97EF9F4C61}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{9B13F15F-40CE-4607-B3EF-80F750CE955A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{9E96B59E-8F4C-4CA2-BB0D-9BC2DBB4729A}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\temp\7zs6a14\hpdiagnosticcoreui.exe |

"{A55EB6CF-4547-44DD-9CE7-D46032D9E7B5}" = dir=in | app=c:\users\*\downloads\install\d-link\wizard\autorun.exe |

"{A5A29021-3A05-49EF-9F62-CB83F61F58A4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{A8598AEE-2897-4DAC-AD23-C23BECB9C676}" = protocol=6 | dir=in | app=c:\program files (x86)\templatetoaster 2\deactivator.exe |

"{A87DC166-0163-4B91-A64F-399501444C08}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\hola\firefox\app\hola_plugin.exe |

"{AB54C766-9F05-4311-B926-9FEF6BAF1963}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |

"{B00E9BB4-00AB-4E28-B79A-B0C696436162}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{B0A92973-EF15-4F89-93EA-3CB262A25A16}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |

"{B1A0688C-3633-4C5E-8E0B-78CFF28BB501}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{B1B161CE-9BD4-4470-B916-FF8EE7EC25E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{B4C39393-36A2-412A-928A-BC7D6D932289}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{B53D88CA-3BAA-43EB-B73D-01F40819F644}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |

"{B5EFB588-7F11-40B8-B6CF-69D81EE5C451}" = dir=in | app=c:\users\*\downloads\install\d-link\wizard\autorun.exe |

"{B6D2E7ED-7EFD-426B-897B-E65FF8C2B560}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |

"{B7B1A8A8-4F0D-4B1A-AD17-161230CA56E2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{BA820620-602B-4363-ADE9-CA6ABC44860E}" = protocol=17 | dir=in | app=c:\users\*\appdata\roaming\utorrent\utorrent.exe |

"{BB18F84D-BBE9-471D-AFAB-BEF40E229858}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |

"{BC6592B3-CCBA-46EC-9BF2-1529E994AC96}" = protocol=17 | dir=in | app=c:\program files (x86)\templatetoaster 2\deactivator.exe |

"{BDAAAE25-4A0E-4428-A2CE-CAA689B42BAC}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

"{BE25E708-F956-48EE-8DE4-D670A97628D3}" = protocol=17 | dir=in | app=c:\users\*\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{C174A054-FDE9-414A-A267-75E649E8B403}" = protocol=58 | dir=out | [email protected],-28546 |

"{C43E3798-E1AB-4D27-8182-AD999000660F}" = protocol=17 | dir=in | app=c:\program files (x86)\maxthon\bin\mxup.exe |

"{C4C4E198-2077-4D6F-93B0-6C403B0FE949}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C505724D-E70F-47A4-8166-8FB68B2EE395}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{C5DA9E6F-2261-4D40-8676-8A2F92836FDB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

"{C6E9D84C-D724-4933-BC8B-F52334DB9A86}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |

"{CA4494EB-EDBB-4301-8528-E1364659F7FC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{CBB89E09-DF3B-4468-97D4-3160386B7BAD}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |

"{CF8F6B91-D818-432B-94F0-F56B881CD987}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D0CF1968-528E-4B9F-9A5F-CA35DF2FCDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\live meeting 8\console\pwconsole.exe |

"{D457C245-1C5A-4C3B-BA3C-8A2D896F652A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |

"{D52DB016-F541-4B7C-887D-2D5E58DA8104}" = protocol=6 | dir=in | app=c:\users\*\appdata\roaming\dropbox\bin\dropbox.exe |

"{D5FC240E-6CA3-4127-8A01-84FFEFC4C458}" = dir=in | app=c:\users\*\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{D9946A7A-6B13-430D-8A75-F69D1628B1B9}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |

"{DCCCD3AD-2718-4CFA-B406-8E11A5F25687}" = protocol=6 | dir=in | app=c:\users\*\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{E654C742-0D1E-4FBA-88D9-B0866622977D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |

"{E7893255-F8E2-41E7-920F-16226417D72F}" = protocol=1 | dir=out | [email protected],-28544 |

"{EC41CDF3-1611-4003-81F3-53E9C51792C1}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |

"{EDBA485B-BDE2-422F-83E7-863CC7934811}" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

"{EEE95C6F-6762-4A06-8543-27A726E73C3A}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{EF2076EF-3827-48F2-8B8A-E64EBC70685E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{F134FDA6-0AC8-412E-8BEF-95508E90D457}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |

"{F2EE8A65-BA42-49FA-AAE3-14DFBDE8A031}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |

"{F465C753-1C45-421A-9A7C-D78461F09FA1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |

"{F68D5CD9-CFC7-4204-820C-BE61033810EE}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |

"{F7CF4F11-C73D-4504-8F52-4516C92E27F1}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |

"{FB8B2E12-9590-4460-9AD7-AE4FECAFF1F6}" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

"{FBA3AC85-9144-4556-9F3C-FB0BEE13095F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{FEE32CC2-D8AC-4762-85FB-574BED435BFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{07DE5E93-7347-4012-BD35-8B5B55AB1299}C:\users\*\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\*\appdata\local\akamai\netsession_win.exe |

"TCP Query User{13452962-0BB7-4094-89ED-BA98E3FE6441}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

"TCP Query User{531E61F3-6C03-4739-AF56-7A78DCDDC167}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

"TCP Query User{7407E625-7F2F-429B-B350-B1DB92C40D7E}C:\program files\ispy\ispy (64 bit)\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy (64 bit)\ispy.exe |

"TCP Query User{B9A00F98-0570-4DAA-BB76-3A4BF55DF6F8}C:\program files\ispy\ispy (64 bit)\ispy.exe" = protocol=6 | dir=in | app=c:\program files\ispy\ispy (64 bit)\ispy.exe |

"TCP Query User{E4BBB39C-FBB1-4678-9FC7-0D278B08D78B}E:\autorun.exe" = protocol=6 | dir=in | app=e:\autorun.exe |

"UDP Query User{71E3110D-4399-4BC8-83E7-40D85158F5AD}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |

"UDP Query User{B2B1326B-7647-40D6-AFFB-F9D9DE467E26}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |

"UDP Query User{B3259F0C-E4D3-461A-B7C3-6A1CD52CA1C4}C:\program files\ispy\ispy (64 bit)\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy (64 bit)\ispy.exe |

"UDP Query User{CE6D93E7-E9A9-40AB-990C-6149E7974BF4}C:\program files\ispy\ispy (64 bit)\ispy.exe" = protocol=17 | dir=in | app=c:\program files\ispy\ispy (64 bit)\ispy.exe |

"UDP Query User{EF3F4A5D-98A8-46B5-9E93-C49F8AC650D9}E:\autorun.exe" = protocol=17 | dir=in | app=e:\autorun.exe |

"UDP Query User{FB87ED26-4EB6-403E-AF78-944BC497A5B5}C:\users\*\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\*\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{0BC62162-0022-4C0A-97E8-5B7FD50D1B7C}" = Magic Bullet Looks 64-bit

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}" = iTunes

"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0

"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{470DA0AE-96BF-4F9C-888C-360DEF2DE71E}" = Autodesk DirectConnect 2010 R1 (64-bit)

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files

"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{A2E836B3-59A6-486B-82DC-1EA3878BCDEA}" = HP Officejet 4620 series Basic Device Software

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files

"{B5CF5995-5E0B-967D-3FC5-325089795937}" = ccc-utility64

"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client

"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}" = Apple Mobile Device Support

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared

"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones

"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DDE113EA-5DB0-4F68-BB58-5F67DD2308B4}" = Autodesk MatchMover 2011 64-bit

"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared

"{EAB11D99-33C0-4D0C-A072-4D3B66025256}" = iSpy (64 bit)

"{F9F4430E-80DE-EC0F-BF8E-476352C8F954}" = ATI Catalyst Install Manager

"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services

"{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)

"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services

"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0

"Alien Skin Blow Up 3" = Alien Skin Blow Up 3

"CCleaner" = CCleaner

"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.3 Plug-in (build 2308)

"lvdrivers_12.10" = Logitech Webcam Software Driver Package

"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0

"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)

"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)

"OfficeTrial" = Microsoft Office Home and Student 60 day trial

"PC-Doctor for Windows" = Hardware Diagnostic Tools

"Sandboxie" = Sandboxie 4.04 (64-bit)

"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{09F46E3D-EAFB-9390-B6D9-F6DAA73B3ECB}" = CCC Help Finnish

"{0A172278-5048-3BDA-D318-974ED0AA0B95}" = CCC Help Greek

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B2536F0-8E7A-340F-9031-1AA60BEFBFD8}" = Catalyst Control Center Graphics Full Existing

"{0C5C1177-94C5-3EFB-A8BE-3F6AF1AF887F}" = Google Talk Plugin

"{0D490016-5D01-4CB3-A037-55814AC63D2E}" = Giga Pocket Hardware Library 5.5

"{0D526570-6B8F-3CE9-04DB-16FD2E68FCBE}" = CCC Help Danish

"{0E6CE44A-EE07-1C20-72C8-9A24CA2ED2CB}" = Catalyst Control Center HydraVision Full

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{113F4E2E-416A-33BD-D2A6-39C58AB6ACAC}" = CCC Help Korean

"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005

"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{1688104B-0261-42FC-D796-CB97EA5159A4}" = CCC Help Thai

"{16B9D94B-6BD5-6AD2-7524-4742D2B0FD2E}" = Catalyst Control Center InstallProxy

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{18812D65-95DB-5482-4CAC-3B3B5E5446B0}" = CCC Help Italian

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1D5B3A03-17FD-EC8F-755B-6164ABFF450A}" = CCC Help Turkish

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{223CCCD3-2217-9AA1-98F0-2879733549D0}" = CCC Help English

"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.0

"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 3.1.2

"{26A24AE4-039D-4CA4-87B4-2F83218025F0}" = Java 8 Update 25

"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection

"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java™ SE Development Kit 6 Update 21

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{38830F1E-C7E6-4349-A854-E00E1E935E03}" = MySQL Server 5.5

"{389F8A7A-8611-42E8-8169-20D2BAF0C595}" = Microsoft Office Live Meeting 2007

"{394F1B21-1FA4-DDE1-C00B-0A3EEA1A94D1}" = ccc-core-static

"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU

"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player

"{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}" = QuickTime 7

"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2011.0.0

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{40965CEA-43EE-B8D7-09AB-705B5E2A2521}" = CCC Help Hungarian

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{440E9F90-0619-4E84-8226-65AD5073AD24}" = D-Link D-ViewCam

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{4680D4CC-5220-6AAF-54D3-C1E75C90A69A}" = CCC Help German

"{4869414E-7AEA-4C8E-BE1C-8D40977FD517}" = Adobe Illustrator CS6

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects

"{4F11AE1B-452A-2A9B-250D-EDB725E39199}" = CCC Help Russian

"{4F9B4C70-F223-B34B-C7D3-55FC1D2BAD2E}" = CCC Help Chinese Standard

"{536B1C39-A1F1-869F-B0DC-543963398BDF}" = Adobe Muse

"{565DE707-5798-4FC3-8DF6-0F58A348A9B0}" = Adobe Premiere Pro CS5 Third Party Royalty Content

"{5906DAFF-9370-2B54-D483-343ABB9BE748}" = Catalyst Control Center Graphics Light

"{5DDABB74-A879-4BE7-A4C6-FD41793942DB}" = Adobe Media Encoder CS5 Dolby X64

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{606C37AB-EB04-4270-A592-201A03C2DB36}" = HP Officejet 4620 series Help

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{659F8F13-E8C5-C4B8-85E7-1D3912C06929}" = Catalyst Control Center Localization All

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6C6B8B89-AC64-4B04-DBE1-992B80C83F1A}" = CCC Help Japanese

"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

"{6e8f74e0-43bd-4dce-8477-6ff6828acc07}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7315AF68-E777-496A-A6A2-4763A98ED35A}_is1" = Composer - Php Dependency Manager

"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193k

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime

"{7B9D9DC4-EDB9-3181-4D1B-E47C34609E0C}" = CCC Help Portuguese

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Apple Application Support

"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update

"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = KMPlayer Toolbar

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8966B8B5-D87A-E689-B370-E79B7691299C}" = Catalyst Control Center Core Implementation

"{89EA759B-B9C8-6CB5-6BF2-248961E68809}" = Catalyst Control Center InstallProxy

"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010

"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010

"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010

"{90140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010

"{90140000-00B4-0C0A-0000-0000000FF1CE}" = Microsoft Office Project MUI (Spanish) 2010

"{90140000-00B5-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-00BD-0409-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - English

"{90140000-0101-0409-0000-0000000FF1CE}" = Microsoft Office X MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{931E11B0-1ACE-438D-90AF-E5D8C64880EF}" = Catalyst Control Center - Branding

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9C23A506-3E8B-B91C-4F9B-040518EC792D}" = CCC Help Norwegian

"{9D54290B-CD49-4B36-2EF2-7597FD0D683F}" = CCC Help Swedish

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}" = HP MediaSmart Demo

"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab

"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR

"{A50DE037-B5C0-4C8A-8049-B0C576B313D1}" = Google+ Auto Backup

"{A6BFDF60-FD08-4EF9-8D26-B762A19DB9A0}" = Giga Pocket 5.5

"{A6F42664-73EC-25B0-F3A9-D8CCE53CFB25}" = Catalyst Control Center Graphics Previews Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A7C0BB1A-1546-44D6-1BE0-FB0F84364787}" = HydraVision

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9C89180-E3B6-4451-A788-0BDC8A5EF34A}_is1" = SpeedSolving

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-1033-F400-7760-000000000004}_955" = Adobe Acrobat 9.5.5 - CPSID_83708

"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.09)

"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager

"{B07E4A53-C39E-9BEB-9716-1953F0EE2953}" = CCC Help French

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar

"{B439A476-119C-13A9-6FB8-B2B2D566CF63}" = CCC Help Spanish

"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86

"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5

"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer

"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information

"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6

"{C0AA232E-BD1B-40B5-A176-A2BEB67FFAE1}" = Adobe After Effects CS5 Third Party Content

"{C13A8E73-7E98-4295-BA94-6931701CD1F9}" = Topaz Vivacity

"{C54BBB47-5D1A-5C82-614E-0D75C1AD92B5}" = Catalyst Control Center Graphics Previews Vista

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser

"{C725937A-C6B3-0D07-A765-029FB1FD66B6}" = CCC Help Chinese Traditional

"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari

"{CB04D8E1-7B9C-4F35-B2E2-E87CBE520805}" = Adobe After Effects CS5.5

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CD29B5CA-4727-4114-9AD9-25CCCE6E4014}" = Adobe After Effects CS5 Third Party Royalty Content

"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

"{CE26F10F-C80F-4377-908B-1B7882AE2CE3}" = Crystal Reports Basic Runtime for Visual Studio 2008

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D228187B-0D49-44C6-DEA8-64F180D14DB9}" = CCC Help Polish

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D54D4A22-4382-4485-92DF-00C39F123E87}" = Device Pack

"{D74B4F5A-28CB-33E4-AFC2-412B8227C582}" = CCC Help Dutch

"{D86CC59E-381B-E4E9-EEDF-CBE4105C784D}" = muvee Reveal

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DB93E2C2-851F-44B2-B09C-351D2C624AE1}" = Camtasia Studio 8

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant

"{E3CE0395-5256-4716-BC0E-AB3E90EAFC5C}" = iSpring Suite 6

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E49F0BB0-2FE3-44DF-92E1-CC094DF7C90B}" = mocha AE V2.5.1-3297

"{E4E188D2-27D5-4E4C-92CE-87F9D24AD2F6}" = Adobe Extension Manager CS5

"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{EFEDD205-43FE-4208-B682-0937E803E19E}_is1" = NexusFont 2.5 (ver 2.5.8.1582)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F5492B8D-B6DB-C3D2-8309-1B6A766CAF85}" = Catalyst Control Center Graphics Full New

"{F5F38D48-5AF3-EEEC-7E0C-25D516D1DC74}" = CCC Help Czech

"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005

"{F9C71630-0EE3-475C-9E2B-ED95AE197DBD}" = Adobe Media Encoder CS5 PCI X64

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FEE404D1-832A-48CA-8E2D-18830DE449CB}" = MAGIX Speed burnR (MSI)

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX

"Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI

"AdobeMuse" = Adobe Muse

"Aimersoft DRM Media Converter_is1" = Aimersoft DRM Media Converter(Build 1.4.7.2)

"avast" = Avast Free Antivirus

"Avidemux 2.5" = Avidemux 2.5

"AviSynth" = AviSynth 2.5

"BurnAware Free_is1" = BurnAware Free 6.6

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager

"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player

"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant

"Cycore FX 1.0.1 for After Effects" = Cycore FX 1.0.1 for After Effects

"DivX Setup.divx.com" = DivX Setup

"Edraw Max_is1" = Edraw Max 5.1

"EyeLeo" = EyeLeo

"Fanurio" = Fanurio

"FileZilla Client" = FileZilla Client 3.9.0.6

"GenArts Sapphire Plug-ins Version 1.07 for After Effects" = GenArts Sapphire Plug-ins Version 1.07 for After Effects

"Git_is1" = Git version 1.9.4-preview20140929

"HP Remote Solution" = HP Remote Solution

"InstallShield_{0BC62162-0022-4C0A-97E8-5B7FD50D1B7C}" = Magic Bullet Looks 64-bit

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies

"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Maxthon3" = Maxthon Cloud Browser

"Miro Video Converter" = Miro Video Converter

"Mozilla Firefox 35.0.1 (x86 en-US)" = Mozilla Firefox 35.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NIS" = Norton Internet Security

"Notepad++" = Notepad++

"ObjectDock" = ObjectDock

"Office14.PMUI.en-us" = Microsoft Project Language Pack 2010 - English

"Office14.PRJPRO" = Microsoft Project Professional 2010

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter

"Opera 27.0.1689.54" = Opera Stable 27.0.1689.54

"Perfectly Clear Plugin" = Perfectly Clear Plugin 1.7.0

"Picasa 3" = Picasa 3

"SiteGrinder3" = Media Lab SiteGrinder 3

"Songbird-release-2160" = Songbird 1.10.1 (Build 2160)

"SpeedFan" = SpeedFan (remove only)

"Sublime Text 2_is1" = Sublime Text 2.0.2

"TeamViewer 9" = TeamViewer 9

"Vector Magic" = Vector Magic

"VertusFluidMask3" = Vertus Fluid Mask 3 3.0.6

"VLC media player" = VLC media player

"WildTangent hp Master Uninstall" = HP Games

"Windows Grep_is1" = Windows Grep 2.3

"WinLiveSuite" = Windows Live Essentials

"xampp" = XAMPP

"Xilisoft HD Video Converter" = Xilisoft HD Video Converter

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79A765E1-C399-405B-85AF-466F52E918B0}" = KMPlayer Toolbar Updater

"515606be846245bb" = Screenshot Monitor

"Akamai" = Akamai NetSession Interface

"Epic" = Epic Privacy Browser

"Flux" = f.lux

"Google Chrome" = Google Chrome

"Google+ Auto Backup" = Google+ Auto Backup

"MyFreeCodec" = MyFreeCodec

"oDVT" = oDesk Team

"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 1/13/2015 9:15:07 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/14/2015 5:36:23 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/14/2015 5:36:23 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/22/2015 10:40:09 AM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/22/2015 10:40:10 AM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/23/2015 9:31:29 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/23/2015 9:31:29 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/27/2015 1:22:08 AM | Computer Name = *-PC | Source = Application Error | ID = 1000

Description = Faulting application name: msfeedssync.exe, version: 11.0.9600.16428,

time stamp: 0x525b91e9  Faulting module name: RPCRT4.dll, version: 6.1.7601.18532,

time stamp: 0x53c339ee  Exception code: 0xc0020043  Fault offset: 0x000000000008a663

Faulting

process id: 0xdd0  Faulting application start time: 0x01d039f075aba59c  Faulting application

path: C:\Windows\system32\msfeedssync.exe  Faulting module path: C:\Windows\system32\RPCRT4.dll

Report

Id: 6f96df85-a5e4-11e4-ae2b-18a905b8d846

Error - 1/28/2015 9:54:59 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 1/28/2015 9:54:59 PM | Computer Name = *-PC | Source = SideBySide | ID = 16842832

Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat

9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line

.  A component version required by the application conflicts with another component

version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component

2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ Hewlett-Packard Events ]

Error - 4/11/2013 5:02:25 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 5/15/2013 3:58:07 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 6/5/2013 12:22:32 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 6/26/2013 12:06:16 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 7/3/2013 12:03:39 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 7/10/2013 12:33:09 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 7/10/2013 9:10:40 PM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 7/24/2013 12:10:02 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 8/7/2013 12:04:39 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP

Support Framework\Logs\SystemInfoAA.xml'. mscorlib    at System.IO.__Error.WinIOError(Int32

errorCode, String maybeFullPath)     at System.IO.FileStream.Init(String path, FileMode

mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32

bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,

Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode mode,

FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String

msgPath, Boolean bFromProxy)     at System.IO.FileStream..ctor(String path, FileMode

mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   at System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,

Int32 bufferSize)     at System.IO.StreamReader..ctor(String path, Encoding encoding)

   at System.IO.File.ReadAllText(String path, Encoding encoding)     at n.a()

Error - 9/11/2013 2:54:08 AM | Computer Name = *-PC | Source = Hewlett-Packard | ID = 0

Description = en-US Object reference not set to an instance of an object. HPSF    at

HPAssistant.Pages.MaintainAnalyzing.MaintainAnalyzing_Unloaded(Object sender, RoutedEventArgs

e)     at System.Windows.RoutedEventHandlerInfo.InvokeHandler(Object target, RoutedEventArgs

routedEventArgs)     at System.Windows.EventRoute.InvokeHandlersImpl(Object source,

RoutedEventArgs args, Boolean reRaised)     at System.Windows.UIElement.RaiseEventImpl(DependencyObject

sender, RoutedEventArgs args)     at System.Windows.UIElement.RaiseEvent(RoutedEventArgs

e)     at System.Windows.BroadcastEventHelper.BroadcastEvent(DependencyObject root,

RoutedEvent routedEvent)     at System.Windows.BroadcastEventHelper.BroadcastUnloadedEvent(Object

root)     at MS.Internal.LoadedOrUnloadedOperation.DoWork()     at System.Windows.Media.MediaContext.FireLoadedPendingCallbacks()

   at System.Windows.Media.MediaContext.FireInvokeOnRenderCallbacks()     at System.Windows.Media.MediaContext.RenderMessageHandlerCore(Object

resizedCompositionTarget)     at System.Windows.Media.MediaContext.RenderMessageHandler(Object

resizedCompositionTarget)     at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate

callback, Object args, Boolean isSingleParameter)     at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object

source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)

[ System Events ]

Error - 1/27/2015 4:32:20 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = The TeamViewer 9 service failed to start due to the following error:

   %%1053

Error - 1/27/2015 4:38:10 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

Error - 1/28/2015 10:29:31 AM | Computer Name = *-PC | Source = DCOM | ID = 10010

Description =

Error - 1/28/2015 5:16:07 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = The Coupon Printer Service service failed to start due to the following

error:   %%2

Error - 1/28/2015 5:16:42 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the SQL

Server (SQLEXPRESS) service to connect.

Error - 1/28/2015 5:16:42 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = The SQL Server (SQLEXPRESS) service failed to start due to the following

error:   %%1053

Error - 1/28/2015 5:16:47 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = The Nalpeiron Licensing Service service failed to start due to the

following error:   %%2

Error - 1/28/2015 5:17:30 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7009

Description = A timeout was reached (30000 milliseconds) while waiting for the TeamViewer

9 service to connect.

Error - 1/28/2015 5:17:30 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7000

Description = The TeamViewer 9 service failed to start due to the following error:

   %%1053

Error - 1/28/2015 5:22:33 PM | Computer Name = *-PC | Source = Service Control Manager | ID = 7022

Description = The Windows Update service hung on starting.

< End of report >


Edited by moyu22, 02 February 2015 - 09:34 PM.

  • 0

#3
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello moyu22,

 

First, your computer is operating both P2P software and TOR software. I suspect that you know this...  However, if you don't, it's quite dangerous to the security and operation of your computer. Below I will post more information about P2P.

 

So, that said, I would "guess", although possible incorrectly, that your Intrusion Notifications are merely TOR participation notifications. That's essentially how TOR networks operate. If we were to use the analogy of your home rather than your computer, what TOR does, is allow, completely anonymously, people to drop by your house and use the features of your house. In return, you can do the same. So, that crowd of loud people in your living room, eating spaghetti with their hands and getting sauce all over your sofa...you invited them. 

 

Probably a poor analogy, but it's early ;)    There's really only two options: you continue as you are, running P2P and participating in TOR and I wish you well :wave:     Or, I can help you remove the P2P software, help you remove the TOR software, help you clean the computer and hopefully restore it to a functional, secure, computer. At this point you absolutely do not have a secure computer! I would do no banking or financial transactions, etc. with that machine. That said, I've only given a cursory look to your OTL logs. Beyond the Red Flags mentioned so far, I'm not sure what remains, however, I am will to help you, so let me know your thoughts :)

 

I've spotted signs of a P2P program installed on your machine.



icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.
 

 

 

 


  • 0

#4
moyu22

moyu22

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

Hello Biscuithd, thanks for responding to my message.

 

First of all, I am aware that both P2P and TOR software are in my computer, they are used occasionally and carefully and do not under any circumstance remain active when not in use.

 

Before taking any actions, I would like to know if there's a possibility that the intrusions are actually a result of something else, for example, the ISpy software my antivirus shows as the starting point of the attacks. I'm currently monitoring 4 cameras connected through my WIFI and I have noticed the intrusions only seem to happen when the ISpy program is active, this is a concern not only for the computer itself, but I would feel uncomfortable knowing that my camera feeds may possibly be accessed by someone else.

 

Thanks!


  • 0

#5
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

It would take forensics beyond what we have available here on G2G to answer your questions.

 

Here is a short response, but not an answer. Whenever you open your computer to the outside, you need monitoring in place. Typically post 80 and 443 handle IP traffic and we need them open to access the internet. To that end, Norton (to the extent it is able) has a view on those and other ports. As you begin to add more external accessories to your infrastructure (camera's, etc.), more wiring is needed. Typically we start with routers, hubs and switches to add lavers of protection. Additionally, there are software and firmware products that add layers of protection depending on the OSI layer one is trying to monitor. As you can see, this becomes a much larger topic.

 

When you allow known nefarious sources into your system, P2P, TOR, Extranets, remote access clients, etc., the security of your system "can" be adversely compromised. Typically we are working with the average home user that doesn't have or desire a myriad of external connections. Hence, we help them shore up and close up pretty much everything but what is necessary for general home use. Once you get past that, you personally are going to need to up your technology game or hire it out in order to stay safe.

 

I can review your logs and help you clean what I see, but from where I sit, it's just going to accumulate again with P2P and TOR. I know you think you're being safe, but something untoward is going on with your system, right? I don't mean to chastise, but I have to ask...if you value your computer and the security of the camera's, etc. why would you take a chance with TOR or P2P? At a minimum, why not use a second computer?


  • 0

#6
Biscuithd

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP