My hotmail account has been used to send spam to my contact list twice in the last two days. I checked the event log on the computer that sent the spam email - my computer - and I found an anonymous login from my sons computer at the time the spam was sent. I am including the OTC log from my son's computer and my computer. Thanks in advance for any help with this. I have run malware bytes on both computers with nothing shown as an issue. They are both running MS security essentials. I noticed a entry in the firewall exceptions list on my son's computer which is XP - it was for C:\WINDOWS\explorer.exe - and I am unable to edit or delete it - its greyed out. My computer is Vista, my son's is XP.
My son's computer OTL.Txt:
OTL logfile created on: 5/26/2012 3:39:13 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Naruemon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.13% Memory free
2.59 Gb Paging File | 1.72 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.08 Gb Total Space | 2.09 Gb Free Space | 1.43% Space Free | Partition Type: NTFS
Computer Name: MOM | User Name: Naruemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/26 15:30:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
PRC - [2012/05/08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/04/03 16:32:20 | 001,252,808 | ---- | M] (INCA Internet Co.,Ltd.) -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/03/20 16:05:58 | 000,019,272 | ---- | M] (Smartbar) -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/01/26 16:06:29 | 002,659,192 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
PRC - [2012/01/22 17:39:49 | 000,124,832 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
PRC - [2011/10/19 22:50:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/13 16:53:42 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/06 11:08:10 | 000,397,312 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/13 18:01:06 | 000,061,440 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
========== Modules (No Company Name) ==========
MOD - [2012/05/09 03:27:02 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3e11aea7d742b5eddbd0b6bd1012f7df\System.Web.Services.ni.dll
MOD - [2012/05/09 03:26:03 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 03:22:36 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 03:22:25 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/05/09 03:21:55 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/05/09 03:19:06 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 03:18:42 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/03/27 19:06:34 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_6c825ce.dll
MOD - [2012/03/20 16:06:46 | 000,015,688 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2012/03/20 16:06:42 | 000,018,760 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2012/03/20 16:06:38 | 000,012,616 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2012/03/20 16:06:34 | 000,067,400 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2012/03/20 16:06:32 | 000,331,080 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.FilesManager.dll
MOD - [2012/03/20 16:06:30 | 000,034,120 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2012/03/20 16:06:26 | 000,077,640 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2012/03/20 16:06:26 | 000,015,176 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2012/03/20 16:06:18 | 000,017,736 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2012/03/20 16:06:16 | 000,053,064 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2012/03/20 16:06:10 | 000,011,080 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2012/03/20 16:06:08 | 000,026,952 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2012/03/20 16:06:08 | 000,011,592 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2012/03/20 16:06:02 | 001,105,736 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2012/03/20 16:06:02 | 000,080,200 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2012/03/20 16:06:00 | 000,541,512 | ---- | M] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2011/11/07 11:18:26 | 008,499,712 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtGui4.dll
MOD - [2011/11/07 11:18:24 | 002,347,520 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\QtCore4.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\SYSTEM32\quartz.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SYSTEM32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\SYSTEM32\devenum.dll
MOD - [2002/07/04 10:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression\Share\PIHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/04/03 16:32:20 | 001,252,808 | ---- | M] (INCA Internet Co.,Ltd.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe -- (NSPUpdateService)
SRV - [2012/03/31 16:32:10 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/27 19:06:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/29 09:16:46 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/22 17:39:49 | 000,124,832 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)
SRV - [2012/01/14 23:18:22 | 000,581,248 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe -- (NSPService)
SRV - [2011/10/19 22:50:29 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/16 01:10:14 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/04 19:34:00 | 003,433,232 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\GameMon.des -- (npggsvc)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva391.sys -- (XDva391)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva387.sys -- (XDva387)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva385.sys -- (XDva385)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva383.sys -- (XDva383)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva382.sys -- (XDva382)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva380.sys -- (XDva380)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva375.sys -- (XDva375)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva370.sys -- (XDva370)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva344.sys -- (XDva344)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva337.sys -- (XDva337)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva281.sys -- (XDva281)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva273.sys -- (XDva273)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva248.sys -- (XDva248)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\XDva238.sys -- (XDva238)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before Last Install)
DRV - File not found [Adapter | On_Demand | Unknown] -- -- (Winsock - Google Desktop Search Backup Before First Install)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20040813.178\symidsco.sys -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ip6fw.sys -- (Ip6Fw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\cdrom.sys -- (Cdrom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\aeaudio.sys -- (aeaudio)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys -- (MBAMProtector)
DRV - [2012/01/14 22:24:20 | 000,108,480 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKCtrl2k.sys -- (TKCtrl)
DRV - [2011/10/23 19:04:48 | 000,497,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EagleXNt.sys -- (EagleXNt)
DRV - [2011/10/19 22:50:26 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/10/19 22:50:26 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/09/29 14:07:56 | 000,141,632 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKFsAv.sys -- (TKFsAvM)
DRV - [2011/09/29 14:07:56 | 000,028,480 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKPcFtHk.sys -- (TKPcFt)
DRV - [2011/06/15 12:20:32 | 000,108,736 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npfw.sys -- (NPFW)
DRV - [2011/03/28 11:55:58 | 000,086,368 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npids.sys -- (NPIDS)
DRV - [2011/03/28 11:55:58 | 000,082,496 | ---- | M] (INCA Internet Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npfwflt.sys -- (NPFWFLT)
DRV - [2011/03/28 11:55:58 | 000,018,496 | ---- | M] (INCA Internet Co., Ltd.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\TKFsFt.sys -- (TkFsFtM)
DRV - [2010/11/25 10:43:00 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pctDS.sys -- (pctDS)
DRV - [2005/02/24 17:41:40 | 000,273,408 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (ZD1211U(Hawking Technologies)) Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies)
DRV - [2005/02/24 17:41:40 | 000,273,408 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZD1211U.sys -- (WLAN(WLAN)) 802.11b+g USB Wireless LAN Adapter Driver(WLAN)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/01/14 12:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\ZDPNDIS5.sys -- (ZDPNDIS5)
DRV - [2003/09/19 16:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/12/13 04:06:40 | 000,129,875 | R--- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2002/11/08 15:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwo...q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwo...q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://www.plusnetwo...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{76271242-43FE-48EB-B375-097D9C3FC55C}: "URL" = http://www.google.co...ie7&rlz=1I7GGLG
IE - HKCU\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/...039&form=ZGAIDF
IE - HKCU\..\SearchScopes\{C3E7C74A-A43F-4BC0-84E5-0ADFFA7DA9EB}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-nick
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = file://C:\WINDOWS\proxy.pac
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.plusnetwo...ork.com/?sp=hp"
FF - prefs.js..browser.search.selectedEngine: "Messenger Plus Smartbar Search"
FF - prefs.js..keyword.URL: "http://www.plusnetwo...m/?sp=faddr&q="
FF - user.js..browser.startup.homepage: "http://search.condui...ctid=CT1940427"
FF - user.js..network.proxy.backup.ftp: ""
FF - user.js..network.proxy.backup.ftp_port: 0
FF - user.js..network.proxy.backup.gopher: ""
FF - user.js..network.proxy.backup.gopher_port: 0
FF - user.js..network.proxy.backup.socks: ""
FF - user.js..network.proxy.backup.socks_port: 0
FF - user.js..network.proxy.backup.ssl: ""
FF - user.js..network.proxy.backup.ssl_port: 0
FF - user.js..network.proxy.ftp: "127.0.0.1"
FF - user.js..network.proxy.ftp_port: 8080
FF - user.js..network.proxy.gopher: "127.0.0.1"
FF - user.js..network.proxy.gopher_port: 8080
FF - user.js..network.proxy.http: "127.0.0.1"
FF - user.js..network.proxy.http_port: 8080
FF - user.js..network.proxy.share_proxy_settings: true
FF - user.js..network.proxy.socks: "127.0.0.1"
FF - user.js..network.proxy.socks_port: 8080
FF - user.js..network.proxy.ssl: "127.0.0.1"
FF - user.js..network.proxy.ssl_port: 8080
FF - user.js..network.proxy.type: 2
FF - user.js..network.proxy.autoconfig_url: "file:///C:\WINDOWS\proxy.pac"
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Program Files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll (Veoh Networks )
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Program Files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/13 20:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Veoh Networks\VeohWebPlayer\FFVideoFinder [2008/12/03 21:27:56 | 000,000,000 | ---D | M]
[2009/06/25 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Extensions
[2009/06/25 02:06:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Extensions\[email protected]
[2012/05/26 15:40:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions
[2012/05/26 15:40:10 | 000,000,000 | ---D | M] ("Messenger Plus! Community Smartbar") -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\[email protected]
[2012/05/26 15:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\extensions\staged
[2012/02/14 17:25:50 | 000,002,244 | ---- | M] () -- C:\Documents and Settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\searchplugins\Messenger Plus Smartbar Search.xml
[2011/12/30 19:29:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2011/04/17 14:36:51 | 000,433,788 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14934 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Dictionary.com) - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com) - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\SYSTEM32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Media Connect 2] C:\Program Files\Windows Media Connect 2\WMCCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe (Smartbar)
O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [GateWay] C:\Documents and Settings\Naruemon\GateWayMain.exe File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; GTB6.6; SearchToolbar 1.2; (R1 1.5); .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 2.0.50727)" -"http://www.vixine.co...swap_game.html" File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking HWU54D Utility.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O8 - Extra context menu item: Search &Dictionary - C:\Program Files\Lexico\Toolbar\dictionary.htm ()
O8 - Extra context menu item: Search &Thesaurus - C:\Program Files\Lexico\Toolbar\thesaurus.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Naruemon\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: linkworkspace.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://www.linkwork...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.9.113.cab (CDownloadCtrl Object)
O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.micr...20/pmupd806.exe (MSN Money Charting)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {4B48D5DF-9021-45F7-A240-60304302A215} http://download.micr.../WebCleaner.cab (Malicious Software Removal Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1208126236109 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} http://www.parallelg...in/cortvrml.cab (ParallelGraphics Cortona Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} http://www.netgame.c...ch_USAv1004.cab (MGLaunch_v1004 Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} http://www.yoyogames...ctivex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers...eminfo/MSC3.cab (Futuremark Measurement Services Client)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} http://dictionary.re...lbar/lexico.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D7BC391-8E7B-4233-B94F-3D49E9709F16}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53B82366-2926-40FA-AFC4-8BDD633EE722}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE928E25-F8F3-446E-9932-6FC1208E18E9}: NameServer = 167.206.251.16,167.206.251.80,167.206.251.15
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Naruemon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Naruemon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/26 15:30:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
[2012/05/26 15:29:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2012/05/19 01:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ubisoft
[2012/05/09 21:45:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\Oddworld
[2012/05/06 22:21:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\Drakensang
[2012/05/05 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Naruemon\My Documents\gothic3
[2012/05/05 22:41:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dreamcatcher
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/26 15:56:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/26 15:42:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/26 15:36:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2012/05/26 15:33:06 | 000,196,793 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/26 15:32:51 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job
[2012/05/26 15:32:38 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/26 15:32:37 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\tasks\ConfigExec.job
[2012/05/26 15:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2012/05/26 15:31:02 | 000,000,211 | RHS- | M] () -- C:\BOOT.INI
[2012/05/26 15:30:36 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Naruemon\Desktop\OTL.exe
[2012/05/26 15:29:56 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2012/05/26 14:06:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 13:43:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\tasks\DataUpload.job
[2012/05/25 21:35:29 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 3 Online - AnimeDreaming.url
[2012/05/21 19:18:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job
[2012/05/19 01:08:22 | 000,002,218 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Prince of Persia The Sands of Time.lnk
[2012/05/19 00:53:24 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\- Artist - Softmode.url
[2012/05/19 00:28:03 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GameFly.lnk
[2012/05/18 17:47:57 | 000,000,516 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\4koma cat comic english hard translated katawa shoujo monochrome mouth hold nakai hisao pimmy tezuka rin translated Sankaku Channel.url
[2012/05/18 17:39:38 | 000,000,540 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\comic drill hair english katawa shoujo mikado shiina satou lilly Sankaku Channel.url
[2012/05/18 17:34:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/17 00:06:08 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Sora no Otoshimono Forte Episode 5 Online - AnimeDreaming.url
[2012/05/15 19:21:30 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/09 03:49:37 | 003,629,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/09 03:17:53 | 000,494,750 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2012/05/09 03:17:53 | 000,091,962 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2012/05/09 03:12:50 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/05 22:41:44 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Gothic III.lnk
[2012/05/02 22:01:01 | 000,000,269 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 A Beautiful World - YouTube.url
[2012/05/02 21:55:24 | 000,000,401 | ---- | M] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 Lion's Arch Diving Board - YouTube.url
[2012/05/01 03:03:46 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Naruemon\My Documents\*.tmp files -> C:\Documents and Settings\Naruemon\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/26 15:31:03 | 000,001,799 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Hawking HWU54D Utility.lnk.disabled
[2012/05/26 15:31:03 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\802.11b+g USB Wireless LAN Utility.lnk.disabled
[2012/05/26 15:31:03 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/05/26 15:31:03 | 000,000,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2012/05/26 15:31:03 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk
[2012/05/26 15:31:02 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/05/25 21:35:29 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Bakemonogatari Episode 3 Online - AnimeDreaming.url
[2012/05/19 01:08:22 | 000,002,218 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Prince of Persia The Sands of Time.lnk
[2012/05/19 00:53:24 | 000,000,523 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\- Artist - Softmode.url
[2012/05/19 00:28:03 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\GameFly.lnk
[2012/05/19 00:28:03 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GameFly.lnk
[2012/05/18 17:47:57 | 000,000,516 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\4koma cat comic english hard translated katawa shoujo monochrome mouth hold nakai hisao pimmy tezuka rin translated Sankaku Channel.url
[2012/05/18 17:39:38 | 000,000,540 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\comic drill hair english katawa shoujo mikado shiina satou lilly Sankaku Channel.url
[2012/05/17 00:06:08 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Watch Sora no Otoshimono Forte Episode 5 Online - AnimeDreaming.url
[2012/05/05 22:41:42 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Gothic III.lnk
[2012/05/02 22:01:01 | 000,000,269 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 A Beautiful World - YouTube.url
[2012/05/02 21:55:24 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\Naruemon\Desktop\Guild Wars 2 Lion's Arch Diving Board - YouTube.url
[2012/05/01 03:13:36 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/05/01 03:03:40 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/04/04 23:23:42 | 000,000,534 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2012/02/15 04:19:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/19 02:21:35 | 001,511,424 | ---- | C] () -- C:\WINDOWS\System32\sn3win.dll
[2011/09/13 20:04:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/25 18:46:49 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/05/25 18:46:49 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Naruemon\Application Data\PnkBstrK.sys
[2011/05/25 18:46:47 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/05/25 18:46:32 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/05/15 14:33:45 | 000,015,324 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0d0w4kk54c0b50x30s4tl5v
[2011/04/17 14:24:08 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/04/16 22:58:52 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\bgfs.sys
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\Naruemon\Local Settings\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 20:19:51 | 000,015,036 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2010/07/03 20:19:12 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\System32\HsInfo.dat
========== LOP Check ==========
[2005/04/14 20:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2008/11/15 00:40:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/05/28 12:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dI06504CgHeD06504
[2010/05/30 10:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2008/03/16 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2008/03/13 19:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Go Go Gourmet
[2012/02/14 17:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/05/26 15:36:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus! for Skype
[2010/08/23 19:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/04/25 19:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/07/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2012/02/08 18:32:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/05/24 13:29:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/11/28 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2005/12/24 12:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\River Past G4
[2008/03/14 20:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/12/04 22:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/05/26 15:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/03 22:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoYoGames
[2012/01/28 13:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\.minecraft
[2011/10/19 22:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\46A744AFDD6CDC4B6C37CAD56B339F2A
[2012/01/31 13:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Asofys
[2011/01/08 20:17:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Audacity
[2009/07/06 18:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\BoneTown Demo
[2011/04/26 19:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\BugTrap Console Test108
[2012/02/15 21:46:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Naruemon\Application Data\C12C590F
[2011/11/28 18:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/03 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Dragona
[2008/03/16 19:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\FloodLightGames
[2008/07/12 00:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\FLV Extract
[2006/02/11 11:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\funkitron
[2008/03/19 21:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Gaijin Ent
[2012/04/03 21:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GameFly
[2011/10/27 22:31:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GetRightToGo
[2009/10/08 19:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\GSC 2.00
[2008/10/29 22:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\ICAClient
[2005/12/20 21:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Leadertech
[2006/02/12 17:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Magic Match
[2007/05/07 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Musicmatch
[2005/12/14 21:10:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Panasonic
[2008/07/16 18:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PlayFirst
[2008/07/07 15:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Playrix Entertainment
[2011/04/12 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\PriceGong
[2012/05/18 17:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\RenPy
[2005/12/24 12:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\River Past G4
[2010/06/28 15:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\SPORE
[2008/09/06 22:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\SPORE Creature Creator
[2011/06/23 20:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Stu Bedore
[2012/02/05 03:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Syispe
[2005/11/28 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\The Labyrinth Plus! Edition
[2008/03/29 18:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Total Eclipse
[2005/11/26 20:12:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Wildfire
[2010/01/18 10:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Windows Desktop Search
[2010/01/18 10:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Naruemon\Application Data\Windows Search
[2012/05/26 15:32:37 | 000,000,616 | -H-- | M] () -- C:\WINDOWS\Tasks\ConfigExec.job
[2012/05/26 13:43:00 | 000,000,580 | -H-- | M] () -- C:\WINDOWS\Tasks\DataUpload.job
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2011/12/19 19:41:48 | 000,000,404 | ---- | M] ()(C:\Documents and Settings\Naruemon\Desktop\?????/Namine Ritsu] Bad Apple!!?UTAU???? - YouTube.url) -- C:\Documents and Settings\Naruemon\Desktop\【波音リツ/Namine Ritsu] Bad Apple!!【UTAUカバー】 - YouTube.url
[2011/11/23 14:50:02 | 000,000,404 | ---- | C] ()(C:\Documents and Settings\Naruemon\Desktop\?????/Namine Ritsu] Bad Apple!!?UTAU???? - YouTube.url) -- C:\Documents and Settings\Naruemon\Desktop\【波音リツ/Namine Ritsu] Bad Apple!!【UTAUカバー】 - YouTube.url
[2010/08/23 19:06:47 | 000,000,000 | ---D | M](C:\Documents and Settings\Naruemon\My Documents\?? ???) -- C:\Documents and Settings\Naruemon\My Documents\넥슨 플러그
[2010/08/23 19:06:47 | 000,000,000 | ---D | C](C:\Documents and Settings\Naruemon\My Documents\?? ???) -- C:\Documents and Settings\Naruemon\My Documents\넥슨 플러그
[2007/04/03 02:14:58 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\กราบนมัสการ ท่านพระอาจารย์มหากริชกาย.doc
[2007/04/03 02:14:58 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\กราบนมัสการ ท่านพระอาจารย์มหากริชกาย.doc
[2006/12/29 23:29:44 | 000,036,352 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\กรรมฐาน ๔๐.doc
[2006/12/14 11:51:09 | 000,026,191 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\Re_ ????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\Re_ ลูกสำรอง.eml
[2006/12/14 11:51:09 | 000,026,191 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\Re_ ????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\Re_ ลูกสำรอง.eml
[2006/12/14 11:46:38 | 000,024,013 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\ลูกสำรอง.eml
[2006/12/14 11:41:54 | 000,024,013 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????.eml) -- C:\Documents and Settings\Naruemon\My Documents\ลูกสำรอง.eml
[2006/12/02 02:00:46 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อ่อมไก่บ้าน เครื่องปรุงเนื้อไก่ตับไก่มะระกอสับผักชีลาวใบมะกรูดพริกขี้หนูเม็ดใหญ่กระเทียมผงรสดีใบแมงลักวิธีทำผัดเครื่องแกง.doc
[2006/12/02 02:00:46 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อ่อมไก่บ้าน เครื่องปรุงเนื้อไก่ตับไก่มะระกอสับผักชีลาวใบมะกรูดพริกขี้หนูเม็ดใหญ่กระเทียมผงรสดีใบแมงลักวิธีทำผัดเครื่องแกง.doc
[2006/11/22 12:50:01 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ก๋วยเตี๋ยวราดหน้าหมูสับ.doc
[2006/11/22 12:36:09 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ก๋วยเตี๋ยวราดหน้าหมูสับ.doc
[2006/11/10 00:59:04 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\สามเณระปัญหะปาโฐ.doc
[2006/11/10 00:59:04 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\สามเณระปัญหะปาโฐ.doc
[2006/10/19 01:25:52 | 000,054,784 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\พระคาถา พระอาการะวัตตาสูตร.doc
[2006/10/13 00:00:32 | 000,022,016 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? .doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร .doc
[2006/10/13 00:00:32 | 000,022,016 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? .doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร .doc
[2006/10/12 23:37:10 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร คิ.doc
[2006/10/12 23:37:10 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????? ????????????????????????????? ?????????????????????????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก คิดนึกรักมักนึกโกรธเห็นโทษไหม คิดนึกชังฝังอุราเป็นเช่นไร คิ.doc
[2006/10/08 23:45:02 | 000,054,784 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\พระคาถา พระอาการะวัตตาสูตร.doc
[2006/10/08 22:00:44 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????1.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จั1.doc
[2006/10/08 21:59:26 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????????????????1.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จั1.doc
[2006/10/07 09:45:01 | 000,019,968 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก.doc
[2006/10/07 09:37:39 | 000,019,968 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\คิดสิ่งใดในใจอยู่ให้รู้จัก.doc
[2006/10/06 01:23:50 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ???????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำ นำชีวิต.doc
[2006/10/06 01:23:50 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ???????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำ นำชีวิต.doc
[2006/10/02 23:51:34 | 000,026,112 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดี มีให้ทำนำชีวิต.doc
[2006/10/01 02:35:10 | 000,027,136 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อะนัตตะลักขะนะสูตร.doc
[2006/10/01 02:35:10 | 000,027,136 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อะนัตตะลักขะนะสูตร.doc
[2006/09/28 17:44:27 | 000,025,088 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำนำชีวิต.doc
[2006/09/28 17:34:57 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\เมื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:57 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:57 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:34:56 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\เมื่อเขาโกรธแล้วต่อว่าด่าเสียดสี.doc
[2006/09/28 17:07:01 | 000,025,088 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดีมีให้ทำนำชีวิต.doc
[2006/09/27 17:51:55 | 000,026,112 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อันสิ่งดี มีให้ทำนำชีวิต.doc
[2006/07/19 02:02:24 | 000,036,352 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????? ??.doc) -- C:\Documents and Settings\Naruemon\My Documents\กรรมฐาน ๔๐.doc
[2006/06/04 21:59:22 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปัจจยวิภังควาโร.doc
[2006/06/04 21:59:21 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปัจจยวิภังควาโร.doc
[2006/05/31 12:18:50 | 000,024,064 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา.doc
[2006/05/31 12:06:10 | 000,037,888 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา นโมเม.doc
[2006/05/31 12:06:09 | 000,037,888 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา นโมเม.doc
[2006/05/31 09:33:36 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ยยะมังคะละคาถา.doc
[2006/05/31 09:33:36 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Naruemon\My Documents\~$??????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\~$ยยะมังคะละคาถา.doc
[2006/05/30 15:27:09 | 000,027,648 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????? ??????? ?? ???????? ?? ????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะทัมโม จะสังโฆ จะ ทะสะปาโร จะ ชัยยะกัง.doc
[2006/05/30 15:25:11 | 000,025,600 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ??????? ?????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปะทักขิณานิ กัตวานะ ละภันตัตเถ ปะทักขิเณ.doc
[2006/05/28 02:23:41 | 000,025,600 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\??????????? ??????? ?????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ปะทักขิณานิ กัตวานะ ละภันตัตเถ ปะทักขิเณ.doc
[2006/05/28 01:58:45 | 000,027,648 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????? ??????? ?? ???????? ?? ????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะทัมโม จะสังโฆ จะ ทะสะปาโร จะ ชัยยะกัง.doc
[2006/05/28 00:17:08 | 000,024,064 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ชัยยะมังคะละคาถา.doc
[2005/09/13 21:28:03 | 000,021,504 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ไม่อยากได้อะไร เพราะไม่ใช่คนขี้ขอ.doc
[2005/09/13 21:28:02 | 000,021,504 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\?????????????? ??????????????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ไม่อยากได้อะไร เพราะไม่ใช่คนขี้ขอ.doc
[2005/09/08 00:18:59 | 000,020,480 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อานิสงค์ของเมตตา ๑๑ อย่าง.doc
[2005/09/08 00:18:59 | 000,020,480 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\???????????????? ?? ?????.doc) -- C:\Documents and Settings\Naruemon\My Documents\อานิสงค์ของเมตตา ๑๑ อย่าง.doc
[2005/09/07 23:55:45 | 000,024,576 | ---- | M] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ทำอย่างไร จะหายโกรธ.doc
[2005/09/07 23:55:45 | 000,024,576 | ---- | C] ()(C:\Documents and Settings\Naruemon\My Documents\????????? ?????????.doc) -- C:\Documents and Settings\Naruemon\My Documents\ทำอย่างไร จะหายโกรธ.doc
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB19013$] -> -> Unknown point type
========== Alternate Data Streams ==========
@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B12FF3F2
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA7FE636
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4D4624A4
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73C25840
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8985F330
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D63538E3
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D762B9DF
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41EF5EA2
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BF5EAC0C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7C017FB1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52562F72
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B4742F4
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9371B810
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B5B501E5
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D37AE80B
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2C321309
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E35A81F4
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADF211B1
< End of report >
My son's Extras.Txt:
OTL Extras logfile created on: 5/26/2012 3:39:13 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Naruemon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.13% Memory free
2.59 Gb Paging File | 1.72 Gb Available in Paging File | 66.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.08 Gb Total Space | 2.09 Gb Free Space | 1.43% Space Free | Partition Type: NTFS
Computer Name: MOM | User Name: Naruemon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"57080:TCP" = 57080:TCP:*:Enabled:Pando Media Booster
"57080:UDP" = 57080:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57080:TCP" = 57080:TCP:*:Enabled:Pando Media Booster
"57080:UDP" = 57080:UDP:*:Enabled:Pando Media Booster
"1067:TCP" = 1067:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\explorer.exe" = %windir%\explorer.exe -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\SonicProxy\sonic.exe" = C:\Program Files\SonicProxy\sonic.exe:*:Disabled:sonic
"C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Client -- (Akamai Technologies, Inc)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1389C6A4-4965-4AEC-9175-08B54A10FA48}" = Microsoft SQL Server 2005 Mobile [ENU] Developer Tools
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 20
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer
"{2eeef4d9-e5f4-4fb8-b67f-fe3e9ebb2efb}.sdb" = Kabod
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{581CE7EA-A30D-0000-1211-088635773309}" = 802.11b+g USB Wireless LAN Adapter
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = PlayNC Launcher
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C531060-84FB-4F96-8F33-29DF020632EB}" = Microsoft .NET Compact Framework 1.0 SP3 Developer
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78B75C6D-E53C-424C-BF83-4B63BD4A6682}" = Microsoft Device Emulator version 1.0 - ENU
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901D1286-529B-48A9-8DDD-4A60CF9E9BF1}" = H&R Block Tax Offer
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A183C1-E79D-44CB-A7FF-F63640B4246C}" = GameFly
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D197A87-44B6-47D0-8A0D-B421208C9A26}" = nProtect GameGuard Personal 3.0
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3B4BDAA-7B03-43B1-804C-54B451EF9668}" = nProtect Security Platform
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FCDB5675-78BF-4052-9E52-C4E9CB50181B}" = Messenger Plus! Community Smartbar
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Akamai" = Akamai NetSession Interface
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Chicken Invaders 2 Christmas Edition demo_is1" = Chicken Invaders 2 Christmas Edition demo v2.60
"Chicken Invaders 2 demo_is1" = Chicken Invaders 2 demo v2.60
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-07-30
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Download Manager" = Download Manager 2.3.7
"EA Download Manager" = EA Download Manager
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Game Maker 7.0" = Game Maker 7.0
"Game Maker 8.0" = Game Maker 8.0
"GameFly" = GameFly
"Gothic III" = Gothic III
"Grand Chase" = Grand Chase
"GSC 2.00" = GSC 2.00
"Guild Wars" = Guild Wars
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IGZones_is1" = IGZ Lobby System
"Insaniquarium Deluxe" = Insaniquarium Deluxe
"Katawa Shoujo" = Katawa Shoujo
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mavis Beacon Teaches Typing Deluxe 16" = Mavis Beacon Teaches Typing Deluxe 16
"McAfee Security Scan" = McAfee Security Scan Plus
"Measurement Services Client" = Futuremark Measurement Services Client
"Messenger Plus!" = Messenger Plus! 5
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
"Microsoft Security Client" = Microsoft Security Essentials
"MKV Player_is1" = MKV Player 2.0.1
"Money2006a" = MSN Money Investment Toolbox
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MPEG-4 Booster Pack" = River Past MPEG-4 Booster Pack
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyWaySearchAssistantDE" = My Way Search Assistant
"Neffy" = Neffy 1,3,29,0
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Nights Deluxe1.023" = Peggle Nights Deluxe
"PhotoStitch" = Canon Utilities PhotoStitch
"Prince of Persia The Sands of Time" = Prince of Persia The Sands of Time
"PROSet" = Intel® PRO Network Connections Drivers
"PunkBusterSvc" = PunkBuster Services
"Puzzle Quest - Challenge of the Warlords" = Puzzle Quest - Challenge of the Warlords
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Sandlot Games Client Services_is1" = Sandlot Games Client Services
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"Spyware Doctor" = Spyware Doctor 8.0
"SystemRequirementsLab" = System Requirements Lab
"Thai Typing Tutor" = Thai Typing Tutor
"Video Cleaner Pro" = River Past Video Cleaner Pro
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Messenger" = Yahoo! Messenger
"ZEN (MTP) Media Explorer" = ZEN Media Explorer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma's Revenge!1.0" = Zuma's Revenge!
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/6/2012 4:52:30 PM | Computer Name = MOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 2/6/2012 4:53:07 PM | Computer Name = MOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 timeout, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not boot,
P8 NIL, P9 NIL, P10 NIL.
Error - 2/6/2012 4:53:19 PM | Computer Name = MOM | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 3.0.8402.0, P3 passthrough, P4 1.1.8001.0, P5 fixed, P6 2 _ 2048, P7 5 _ not
boot, P8 NIL, P9 NIL, P10 NIL.
Error - 2/7/2012 9:17:46 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/7/2012 9:17:48 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/8/2012 6:09:36 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/9/2012 8:55:42 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/10/2012 5:26:12 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application dragonsaga.exe, version 0.11.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/10/2012 5:46:07 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application dragonsaga.exe, version 0.11.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 2/10/2012 10:32:14 PM | Computer Name = MOM | Source = Application Hang | ID = 1002
Description = Hanging application dragonsaga.exe, version 0.11.32.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 5/26/2012 3:02:59 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Automated Troubleshooting
Service service to connect.
Error - 5/26/2012 3:03:00 PM | Computer Name = MOM | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service MatSvc with
arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}
Error - 5/26/2012 3:03:04 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7000
Description = The Microsoft Automated Troubleshooting Service service failed to
start due to the following error: %%1053
Error - 5/26/2012 3:04:47 PM | Computer Name = MOM | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.
Error - 5/26/2012 3:05:04 PM | Computer Name = MOM | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.
Error - 5/26/2012 3:12:00 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 5/26/2012 3:12:55 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
Error - 5/26/2012 3:15:14 PM | Computer Name = MOM | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.
Error - 5/26/2012 3:34:09 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126
Error - 5/26/2012 3:35:06 PM | Computer Name = MOM | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi
< End of report >
My computer's OTL.Txt:
OTL logfile created on: 5/26/2012 3:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\unger\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.47% Memory free
12.09 Gb Paging File | 8.25 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 43.46 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.41 Gb Free Space | 56.05% Space Free | Partition Type: NTFS
Drive E: | 159.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.71 Gb Total Space | 10.27 Gb Free Space | 95.86% Space Free | Partition Type: FAT32
Computer Name: MOJO | User Name: unger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/05/26 15:31:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\unger\Desktop\OTL.exe
PRC - [2012/05/10 08:02:04 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/14 07:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2011/06/05 14:05:33 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
PRC - [2011/05/26 18:42:25 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/04/22 08:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/17 22:56:11 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/07/04 19:13:56 | 000,095,576 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/03/11 00:22:04 | 000,599,408 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/03/11 00:21:16 | 000,300,400 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/03/11 00:10:32 | 001,918,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
PRC - [2009/10/30 07:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/04/09 01:10:53 | 000,068,592 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2011/11/14 07:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 07:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 07:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 07:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 07:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 07:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 07:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2011/11/13 03:32:20 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/09 01:10:20 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/27 15:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 22:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (usprserv)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/10 08:02:04 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/22 11:18:40 | 001,191,656 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/05/26 18:42:25 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/11/05 16:11:52 | 000,081,920 | R--- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2010/03/25 21:02:09 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/06/03 13:39:00 | 003,116,380 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/03/09 02:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/03/08 23:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/05 15:47:06 | 000,091,664 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/02 02:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 02:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/08/06 16:43:22 | 000,971,360 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter)
DRV:64bit: - [2011/08/06 16:43:00 | 000,210,016 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vididr.sys -- (vididr)
DRV:64bit: - [2011/08/06 16:42:58 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\vsflt53.sys -- (vidsflt53) Acronis Disk Storage Filter (53)
DRV:64bit: - [2011/08/06 16:42:55 | 000,275,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snapman.sys -- (snapman)
DRV:64bit: - [2011/06/05 14:05:37 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/06/05 14:05:37 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2010/11/25 10:43:26 | 000,257,232 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/16 14:53:32 | 000,816,016 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2010/06/29 10:35:34 | 000,452,872 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/26 22:25:22 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010/04/26 22:25:22 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV:64bit: - [2010/04/26 22:25:22 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2009/12/29 14:03:16 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/10/05 10:08:44 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/09/30 10:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/16 10:22:40 | 000,308,296 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,102,472 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2009/09/16 10:22:40 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk)
DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk)
DRV:64bit: - [2009/08/25 16:10:52 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/07/06 21:29:22 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/07/06 21:29:22 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/06/20 21:11:33 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/06/20 21:11:33 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/06/17 12:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys -- (LHidEqd)
DRV:64bit: - [2009/06/17 12:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys -- (LEqdUsb)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/04/11 01:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/03/27 01:23:54 | 000,019,432 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cpuz132_x64.sys -- (cpuz132)
DRV:64bit: - [2009/01/16 00:37:44 | 000,587,136 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009/01/16 00:37:44 | 000,054,400 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2008/12/04 12:34:54 | 000,033,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\point64k.sys -- (Point64)
DRV:64bit: - [2008/09/28 08:46:48 | 000,316,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2008/09/28 04:22:14 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/08/01 02:01:00 | 000,306,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys -- (OA002Vid)
DRV:64bit: - [2008/06/03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys -- (OA002Ufd)
DRV:64bit: - [2008/05/27 11:41:40 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/05/27 11:41:40 | 000,137,768 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/05/27 11:41:38 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/05/27 11:41:38 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/05/27 11:41:38 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/05/27 11:41:38 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/05/27 11:41:32 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/04/22 09:53:36 | 000,012,744 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys -- (ENTECH64)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) Intel®
DRV:64bit: - [2008/01/09 13:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/11/14 04:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/06/08 02:00:02 | 000,219,544 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\OA002Afx.sys -- (OA002Afx)
DRV:64bit: - [2007/03/08 16:19:00 | 000,012,800 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2006/03/01 10:24:04 | 000,365,568 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\zd1211u.sys -- (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS)
DRV - [2010/06/14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 EF 8A 10 F6 35 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7GGLL_enUS308
IE - HKCU\..\SearchScopes\{B1253587-1FAB-425C-BD9E-9B37ABCEE882}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: [email protected]:1.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/27 12:53:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch: C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll (ESN AB)
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/11/27 12:53:53 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\unger\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\unger\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\unger\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\unger\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/17 22:56:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\unger\AppData\Roaming\Move Networks [2009/05/12 23:56:43 | 000,000,000 | ---D | M]
[2010/12/11 17:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unger\AppData\Roaming\Mozilla\Extensions
[2010/12/11 17:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\unger\AppData\Roaming\Mozilla\Extensions\[email protected]
[2011/11/23 11:06:16 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAM FILES (X86)\TOMTOM HOME 2\XUL\EXTENSIONS\[email protected]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
CHR - plugin: Logitech Device Detection (Enabled) = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.23.0.5_0\npLogitechDeviceDetection.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\unger\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: RayV Plugin (Enabled) = C:\Program Files (x86)\RayV\RayV\plugins\nprayvplugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\unger\AppData\Roaming\Move Networks\plugins\npqmp071500000347.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Logitech Device Detection = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\elncikmfipkphghakkmemnlnahadedno\1.24.0.9_0\
CHR - Extension: Click to call with Skype = C:\Users\unger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
O1 HOSTS File: ([2011/05/11 12:38:01 | 000,000,910 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.ad.tomshardware.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\unger\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: linkworkspace.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ncsoft.com ([secure] https in Trusted sites)
O16 - DPF: {00BC5049-C7F3-4AC9-92AE-1991C76608B0} http://tr.nopp.co.kr.../TRLauncher.cab (TRLauncher Control)
O16 - DPF: {06305358-99CE-4C47-B59C-939B76856C2B} http://download.micr...6B/pmupd806.exe (MSN Money Charting)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://www.linkwork...AWEB/icaweb.cab (Citrix ICA Client)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.7.cab (DLM Control)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14A83ACB-D43B-4DB5-BE1B-D7C7403E1A38}: NameServer = 167.206.251.130,167.206.251.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5DAEBB5-0AAA-467B-8359-4DF4E818B562}: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E334192D-F19A-4BE5-ABB9-69BCCEF6D212}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/24 14:24:54 | 000,000,082 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\##Daedalus#f\Shell\AutoRun\command - "" = Z:\AutoRun.exe
O33 - MountPoints2\{47aef90a-df47-11dd-83f6-00219b1bd00e}\Shell - "" = AutoRun
O33 - MountPoints2\{47aef90a-df47-11dd-83f6-00219b1bd00e}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{49ab6086-6904-11e0-af5c-0024e8204516}\Shell - "" = AutoRun
O33 - MountPoints2\{49ab6086-6904-11e0-af5c-0024e8204516}\Shell\AutoRun\command - "" = G:\setup.exe -a
O33 - MountPoints2\{8480a382-353f-11de-907e-00219b1bd00e}\Shell - "" = AutoRun
O33 - MountPoints2\{8480a382-353f-11de-907e-00219b1bd00e}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\KitSetup.exe
O33 - MountPoints2\{a78794a4-f71a-11de-8f5e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a78794a4-f71a-11de-8f5e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\tcauto.exe -- [2011/10/03 12:57:59 | 008,397,464 | R--- | M] (HR Block )
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/26 15:31:34 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\unger\Desktop\OTL.exe
[2012/05/25 02:47:56 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Roaming\Malwarebytes
[2012/05/25 02:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/25 02:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/25 02:47:46 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/25 02:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/24 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{E55D09F8-4B3D-4AD8-8DC1-9FC4031451A9}
[2012/05/24 16:50:45 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{571B8634-AE3B-4900-B69F-C859DCBFF034}
[2012/05/24 16:45:45 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Roaming\DragonSaga
[2012/05/22 17:15:23 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{BEF09C46-41A0-4907-85E1-137C0C487A96}
[2012/05/22 17:15:12 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{FD479454-191C-4F30-9DBD-D4AF71DB582E}
[2012/05/19 13:34:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/05/19 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/05/19 13:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/05/14 18:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/05/14 18:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2012/05/14 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{B558339D-D46E-4641-98F9-B382EEE44322}
[2012/05/14 14:51:41 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{E3B92600-F4DC-40BD-8E0A-12C61270680D}
[2012/05/11 16:19:53 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{A8130E9D-C604-4E74-9500-5F08AF628411}
[2012/05/11 16:19:40 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{67A3188D-11FD-4B0F-82E3-D90F4D23BFD8}
[2012/05/08 18:51:55 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{EA769B95-EA02-42E6-AE06-A15226018C31}
[2012/05/08 18:51:44 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{35D38F2A-7767-46A7-B44E-6ED5F2B49063}
[2012/05/05 03:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/04 15:00:36 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{5966983A-D354-464B-A136-C8C30EC94F2B}
[2012/05/04 15:00:23 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{FCF2B985-6369-40F8-864D-9D1C527626F3}
[2012/05/03 18:19:20 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{93192BB7-DEDC-42F4-90B7-77AC40131BED}
[2012/05/03 18:19:09 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{7F513ABC-D1FC-4CEA-8B82-F8C4845EA87B}
[2012/05/02 15:17:48 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{4317DDFC-DC03-487A-A701-01A2D7E8DFB9}
[2012/05/02 15:17:37 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{3A6177FC-392E-403B-AC0C-FC20A5E2C5DE}
[2012/05/01 17:09:19 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{A5B67E1C-C74C-4986-92A2-9B7416073265}
[2012/05/01 17:09:07 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{F6A8675E-F00C-4594-9551-C150EFC1AC33}
[2012/04/30 14:49:38 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{AFD0B5B2-0F81-4973-9F94-BB9371DEA44F}
[2012/04/30 14:49:28 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{3735D1CB-9522-4FCB-ACB7-7724B48788D7}
[2012/04/27 14:47:32 | 000,000,000 | ---D | C] -- C:\Users\unger\AppData\Local\{6D62C496-3263-4F9C-98F7-3DA98D4088FC}
[2012/04/26 18:43:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/26 18:27:35 | 002,266,624 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\pdfmona64.dll
[2012/04/26 18:27:35 | 000,000,000 | ---D | C] -- C:\ProgramData\pdf995
[2012/04/26 18:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
[2012/04/26 18:27:34 | 000,000,000 | ---D | C] -- C:\pdf995
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/05/26 15:31:35 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\unger\Desktop\OTL.exe
[2012/05/26 15:12:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 15:03:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000UA.job
[2012/05/26 15:03:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000Core.job
[2012/05/26 14:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/26 14:30:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 14:30:30 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/26 13:10:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000UA.job
[2012/05/26 03:06:46 | 000,787,202 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/26 03:06:46 | 000,651,038 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/26 03:06:46 | 000,123,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/26 00:12:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/25 16:10:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000Core.job
[2012/05/25 02:47:50 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/24 10:30:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/24 10:30:21 | 2138,234,879 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/23 22:15:50 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/05/19 13:34:37 | 000,001,718 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/14 19:06:40 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/10 03:52:08 | 000,307,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/10 03:11:04 | 003,136,866 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/05/08 19:02:11 | 000,245,996 | ---- | M] () -- C:\Users\unger\Documents\Odin MMR Immun.pdf
[2012/05/08 18:47:57 | 000,151,537 | ---- | M] () -- C:\Users\unger\Documents\30992793StaffordLoan.pdf
[2012/05/08 18:31:53 | 000,024,743 | ---- | M] () -- C:\Users\unger\Documents\studentloans.gov - viewAllCounseling.pdf
[2012/05/05 19:50:09 | 000,002,032 | ---- | M] () -- C:\Users\unger\AppData\Local\d3d9caps.dat
[2012/05/05 03:19:25 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/05 03:18:52 | 000,786,918 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/29 12:48:34 | 000,001,452 | ---- | M] () -- C:\Users\unger\Desktop\Gw2.lnk
[2012/04/26 18:27:35 | 000,000,025 | ---- | M] () -- C:\Windows\wpd99.drv
[2012/04/26 18:27:34 | 000,040,448 | ---- | M] () -- C:\Windows\SysWow64\pdf995mon64.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[11 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/05/25 02:47:50 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/19 13:34:37 | 000,001,718 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/14 18:36:33 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/05/10 08:02:05 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/08 19:02:11 | 000,245,996 | ---- | C] () -- C:\Users\unger\Documents\Odin MMR Immun.pdf
[2012/05/08 18:47:57 | 000,151,537 | ---- | C] () -- C:\Users\unger\Documents\30992793StaffordLoan.pdf
[2012/05/08 18:31:53 | 000,024,743 | ---- | C] () -- C:\Users\unger\Documents\studentloans.gov - viewAllCounseling.pdf
[2012/04/28 12:26:59 | 000,001,452 | ---- | C] () -- C:\Users\unger\Desktop\Gw2.lnk
[2012/04/26 19:01:25 | 000,000,957 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GamersFirst LIVE!.lnk.disabled
[2012/04/26 18:27:35 | 000,040,448 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64.dll
[2012/04/26 18:27:35 | 000,011,264 | ---- | C] () -- C:\Windows\SysNative\pdf995mon64ui.dll
[2012/04/26 18:27:35 | 000,000,025 | ---- | C] () -- C:\Windows\wpd99.drv
[2012/04/26 18:27:34 | 000,040,448 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll
[2012/03/09 01:26:20 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/24 04:27:16 | 000,000,732 | ---- | C] () -- C:\Users\unger\AppData\Local\d3d9caps64.dat
[2011/10/25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/05/15 20:17:06 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/03 15:57:58 | 000,008,248 | ---- | C] () -- C:\Users\unger\AppData\Local\en.ini
[2011/02/11 16:37:10 | 000,024,109 | ---- | C] () -- C:\Users\unger\AppData\Roaming\UserTile.png
[2011/01/15 12:28:34 | 000,001,100 | ---- | C] () -- C:\Users\unger\AppData\Local\d3d8caps.dat
[2010/12/27 21:26:17 | 000,000,093 | ---- | C] () -- C:\Users\unger\AppData\Local\fusioncache.dat
[2010/07/27 22:54:30 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD.dll
[2010/07/27 22:54:30 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\ZyDelReg.exe
[2010/07/27 22:54:30 | 000,015,872 | ---- | C] () -- C:\Windows\SysWow64\InsDrvZD64.DLL
[2010/06/11 22:16:25 | 000,281,656 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/06/11 22:16:21 | 002,419,568 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_apb.exe
[2010/06/11 22:16:21 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
========== LOP Check ==========
[2009/09/22 20:49:59 | 000,000,000 | -HSD | M] -- C:\Users\unger\AppData\Roaming\.#
[2011/08/06 16:47:41 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Acronis
[2012/05/13 01:55:38 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Advanced Combat Tracker
[2009/12/20 20:29:09 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Aventail
[2012/04/02 13:29:49 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Azureus
[2009/06/30 23:38:02 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Bullzip
[2010/06/05 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Canon
[2009/01/10 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DAEMON Tools
[2009/04/30 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DAEMON Tools Lite
[2009/01/10 14:52:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DAEMON Tools Pro
[2011/03/05 15:38:00 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DarksporeData
[2012/05/24 16:45:45 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\DragonSaga
[2010/08/25 21:42:25 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\GARMIN
[2010/03/28 23:25:48 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\GetRightToGo
[2012/05/24 02:04:02 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\ICAClient
[2009/09/30 23:28:11 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Leadertech
[2011/04/17 21:19:24 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\motorola
[2011/05/05 22:31:59 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Mumble
[2011/11/12 14:33:21 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Origin
[2011/10/19 21:28:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\OverDrive
[2011/11/25 13:39:55 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\PDF Writer
[2011/02/11 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\PeerNetworking
[2010/09/10 20:18:03 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\RayV
[2012/04/15 01:01:06 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\RIFT
[2010/08/05 21:46:53 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Samsung
[2010/06/26 20:07:51 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\SPORE
[2012/05/19 04:26:57 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Spotify
[2009/09/01 23:15:12 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Stardock
[2011/01/16 13:20:10 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\TalesRunner
[2012/01/09 01:17:52 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\TaxCut
[2009/01/06 17:08:26 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Template
[2010/12/11 17:22:31 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\TomTom
[2010/12/27 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\unger\AppData\Roaming\Turbine
[2012/05/25 16:10:00 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000Core.job
[2012/05/26 13:10:01 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4160082703-535099499-3804111918-1000UA.job
[2012/05/24 07:31:34 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
My computer's Extras.Txt:
OTL Extras logfile created on: 5/26/2012 3:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\unger\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.99 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 49.47% Memory free
12.09 Gb Paging File | 8.25 Gb Available in Paging File | 68.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 43.46 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.41 Gb Free Space | 56.05% Space Free | Partition Type: NTFS
Drive E: | 159.97 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 10.71 Gb Total Space | 10.27 Gb Free Space | 95.86% Space Free | Partition Type: FAT32
Computer Name: MOJO | User Name: unger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = F4 0B 7D 3F E9 E7 C9 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D43A97-721D-4EDD-82AD-8C31192AFA1E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{01775E0B-2DCD-463C-A30A-2731B1875B43}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0BA32B23-B262-47FC-83EA-8D1CC8B21B60}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{16373CF1-5F54-42BF-A44D-0DC8C24D0E07}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1B39638C-43F5-40CC-9E7D-BC8979459FA4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1FC31E27-C263-4D30-B2E1-4CCCAF2875AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25C71A15-32D0-42D4-98AC-84474EC77CA1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BB6A6A2-111E-4CC5-8024-5A270E47D3C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D3CCFDC-0A3E-404B-8F2B-DF33DE909513}" = lport=3390 | protocol=6 | dir=in | app=system |
"{40975802-6D3B-4744-888A-A47F331BA9E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{50BF99F6-C412-4651-AE4A-325EE845AE71}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{547B1FA3-286F-43EC-ADF5-4ECAD9A5A6F1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F262D4C-F1B2-4E82-9999-6266570BE475}" = lport=10244 | protocol=6 | dir=in | app=system |
"{62C4709B-9000-45CA-80E1-AC027FBD3645}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64F4C535-1F1A-42DD-B316-2D9A08CC517E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6659B060-D941-4853-966A-14F99F5B5527}" = rport=138 | protocol=17 | dir=out | app=system |
"{6D22AE46-EE69-4936-91AB-DB82AC78033D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F8CD8AD-4A8D-4996-B013-444B780832CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B61AF39-C1F8-473F-BA8C-326162FAE645}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7C009FC8-1DBC-4B39-B2E6-E912DF7982AC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D4B7872-C5C2-48C1-8430-713B95FFAE0D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{7DE9F854-1DB4-4AAC-A98E-DFDA74D218EA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7E69F14D-F9D7-4E43-8C33-60F3F219D871}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{86C2A77F-182C-43C5-AD8B-250E93834CA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{894852DA-14DD-4638-9C30-678A552B8F42}" = rport=139 | protocol=6 | dir=out | app=system |
"{89519CAD-9E85-4D85-992E-F0B0BD8852ED}" = rport=10244 | protocol=6 | dir=out | app=system |
"{8A285338-4187-4AB3-B3D8-CCB062CDB8A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8ED89C4A-0B1C-47D8-A1C7-9DCE12B5BA88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9B48DCEC-CF44-4109-BEF8-6DDBD672E715}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{9EC54BC1-FE9E-4C03-A9C3-572B895518F7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A6EF868D-85A1-4179-B25F-CA76C5F28D50}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A7E125DB-F32C-4709-9E1C-9FBBB3CDCB17}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABA40751-E399-4FB2-9937-09DD72BA4729}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{AE0FEEC5-9181-4B27-B0D7-A630AE7F2EB9}" = lport=445 | protocol=6 | dir=in | app=system |
"{AF42EEDA-249E-4FCA-9A49-6B71F344C9EB}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B692C7BC-6EE3-421B-BF27-254F4188BEEF}" = lport=3390 | protocol=6 | dir=in | app=system |
"{BB1DDF8E-6892-4921-8011-E12ADB6CD598}" = lport=138 | protocol=17 | dir=in | app=system |
"{BCC0A007-69DC-48E8-ABC2-43A3F3C9B712}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C3F68A1E-1A48-4DC1-8A15-D1722EB247E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C5B41F93-FD33-43E5-B39C-82C01E862277}" = rport=10244 | protocol=6 | dir=out | app=system |
"{C5C21F56-4EB4-4E16-82B1-FC621A379481}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C6D42DE6-32F9-4400-886F-4A1A5CA1B971}" = lport=10244 | protocol=6 | dir=in | app=system |
"{CA235389-817C-45E0-8F2A-AEE4CAC36BF6}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D7482332-D32D-4679-BA5E-2F088791C732}" = lport=137 | protocol=17 | dir=in | app=system |
"{D86FC96A-C1CE-41E4-85CE-E0655701400D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDB70667-6C2D-4293-8D27-862B6F5E5742}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E1855B60-360D-4767-9EFA-3CD2B210F9E3}" = rport=445 | protocol=6 | dir=out | app=system |
"{EB335C83-BD16-48AA-94F7-159F1792539B}" = lport=139 | protocol=6 | dir=in | app=system |
"{EBD5DF5F-12F6-4D4A-96E5-EE3E965D15E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{ECFEBBE2-D2EE-4B92-ABBF-198AF8686D52}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EDD82B53-E445-4754-8960-890C944FD15C}" = rport=137 | protocol=17 | dir=out | app=system |
"{F8FB2A74-B6C0-49CD-AAC2-54C7C86710D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F972EAF6-A252-4558-B863-A56D7018C8C6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04541C12-B3E2-4420-8E63-0D200B10AD6F}" = protocol=17 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{12522D66-6F3D-4BA2-84A9-EDE8D54B3C8E}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{147E0CE1-D068-4AA8-8408-1F7E5DD2E1B5}" = protocol=58 | dir=out | [email protected],-28546 |
"{1847EE7E-F248-435F-A4DE-01D84833DDAE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{188F9D66-D1F3-46DE-BB4A-01B20651AC0F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{19605383-8E26-480F-8025-72D03673C111}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{1A48760F-CCE8-4263-85F4-7988208E559A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B733A1F-CAE2-4EB8-99CB-288BA3AE8BC9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1CE72F83-A202-4925-B6F1-F703085E0E7A}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{1CF6BBF2-1C23-4835-9777-4E1D9BA57C4C}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{22A527A8-05CF-454C-9C3A-BCEA4F3F8905}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{296D646A-B7F9-48F9-A4E7-CF46241CA813}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B02E9FF-A64C-4142-9B8C-845A63B58C43}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe |
"{3122CF1E-9CF5-4380-84C8-9017D2BD6E10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3285ACAC-9724-4032-BDF0-780FE02381F5}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{32E19848-89DD-46E7-8FEF-C04D8CF7D4F5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{34E7C8EF-7C4B-4917-A5A0-F04A5B26CC76}" = dir=in | app=c:\users\unger\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{34F9D4C5-D286-4FA7-82CA-AFED5534B317}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A72918B-0937-4C91-AF1E-6D4BE5900459}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3AC1050C-9445-41A0-A8DB-D41A47B21C4F}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{3F3338B4-66AB-4B78-9989-11790FE3F8E6}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{3FF04B18-44DA-48DD-868C-3A0B2459CE7D}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{4A4FDCA4-C3F3-4241-82D8-95C9AA688E3D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4BA738A3-3B89-4D66-8F54-F8434501D8CB}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{4CD1F038-93C6-4EDE-BB91-46B7BED382D9}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4DCF3865-0F7A-45F1-959E-6953C573B63B}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{4EC6576C-1F4F-4A72-80BA-CA2467798F6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{548CB57D-48CB-4653-BDE4-F34039BB4B55}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{550B6E18-2812-453E-A2E2-B743623635C1}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{57793002-9022-42AF-ADC7-07BE4D90DD00}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5C2F1F86-FDA7-41D8-AE38-041A702EDAC5}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{5CCA6E77-3BBC-4227-B549-898A099B89D4}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{6358D3F8-90B2-47D2-B64B-98E493F19CBC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{67188B2E-6BFB-41D3-BA1A-A45BB9E1E8ED}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{6A39EB5E-FDBF-47F4-BF1A-0DB7EF6679EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6EFFF460-3CFD-4D70-89CD-9BFB6E120672}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{726A55C3-5839-43F0-BE64-199D5B6D574C}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{72F5811C-413C-4E2B-B147-18B5DDB02DC8}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{745509B7-CBEF-4419-B6B1-BF29D973DC17}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{75A5307C-9B76-4047-A70C-BC88063AA3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{7BB707EF-9BF4-4C6C-884D-3D5F0A047289}" = protocol=17 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{7F869A4A-D294-4ACF-9604-1136FA67C994}" = protocol=6 | dir=in | app=c:\program files (x86)\bf3 alpha trial web plugins\sonar\sonarhost.exe |
"{81265820-523A-4808-832B-5BDFDE88343B}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{853F5836-456D-4159-A9B6-87F73A6137AA}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{85ABEA5D-ED55-48FB-8C14-23309BF2A74C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{86C23D51-C6F2-4104-BDCC-DCD384B8EC6E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8DD49D6C-473B-4509-A099-1C0D2C008868}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{92586035-D7EC-42A1-B1F0-74D7B6F6C834}" = protocol=6 | dir=in | app=c:\program files (x86)\curse\curseclient.exe |
"{9485652A-59D5-432A-93E1-2A580F6EB316}" = protocol=17 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{97B9A458-0D50-48F9-BDBA-779CC7A8B940}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9975311E-552A-4D99-A78D-D83D7EC34DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{9E010EB2-39A7-40E5-8D91-C282E9B61E2A}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{9F9487A0-8A55-4177-8185-CF057E50C151}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{A210A113-5FEE-43AD-898D-ECB539694B4E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A39E7B60-A576-4B77-86FC-E3CEB381122F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AF2E22E7-BE0E-4822-97A1-5179A6552EBF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{B0122119-F42B-48CD-B456-8872646B1354}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{B0627835-65E8-4932-B28A-B2E5A0D06260}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B22EBC10-1F0B-4942-9FA3-9EEEA84115D2}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B673420E-D3D1-4823-94A8-F464ACDCCE38}" = protocol=58 | dir=in | [email protected],-28545 |
"{B706C4B8-AE4D-4FB9-B706-C0D56A8A4216}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{BCCA124E-5F8C-4FBB-B4C5-48C5EDBFA665}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BDE81048-93A7-465F-8E5A-5B5C0E2948DF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BE4A0A27-AF63-444A-90E6-B040181646B4}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{C34668E5-F797-4084-AEA7-AEE654F8D02D}" = protocol=1 | dir=out | [email protected],-28544 |
"{C4D01AE1-5FF2-4E42-95BD-E19FF668603E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6D39506-9F93-4E1A-B0F1-66F16A007888}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CF267C23-2C41-4EAE-9795-3D340533AE5E}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{CFCFAC56-8A10-4177-A69E-25D71C7733AF}" = protocol=6 | dir=out | app=system |
"{D0EEAE62-AA82-439B-AD92-E3C72AF1B801}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{D3C6E302-57EF-47C0-A55E-D6AB84FF91BE}" = protocol=1 | dir=in | [email protected],-28543 |
"{D4EDEBF1-F245-4DF4-8103-273A8781E195}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{D5CE3E1A-165F-4F3D-94CC-EC761CFBF41B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{DDCC38C8-960E-4B88-8F08-DB82C042E304}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2610D50-8152-4745-9A74-734E97339D79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E3823106-B592-4071-BFA4-C0FC0D829568}" = protocol=6 | dir=in | app=c:\program files (x86)\gamersfirst\apb reloaded\binaries\apb.exe |
"{E50B25AD-D96E-46A5-B479-538B26DF8F1B}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe |
"{E9A8BCCC-DF5A-470C-92B2-A22AC1B12328}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{FCAE548B-4C78-43CE-AF89-AB04F1797B45}" = protocol=6 | dir=in | app=c:\program files (x86)\stardock games\demigod demo\bin\demigod.exe |
"{FE01C695-3A15-4E9D-90B8-BF8B8A37FDF7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{1D6E6FD3-B6AF-4504-9C65-262135F6C25E}C:\program files (x86)\motorola media link\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe |
"TCP Query User{6FCDE30D-B01B-414E-A9CC-E26F2CB189CA}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{2CC72612-FF50-47B7-B636-5C749B55792F}C:\program files (x86)\motorola media link\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\mml.exe |
"UDP Query User{72178482-44E6-4503-9F71-4912B6967EFC}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{47F9B34A-9309-4696-B5C8-7816C0AA7E03}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{80AF4051-BBDC-3F38-BF0C-4D6EB0927781}" = Microsoft .NET Framework 4 Extended
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"{D40FCA0C-C08F-49F4-8D4D-0037ADC87156}" = Microsoft SQL Server System CLR Types (x64)
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DAD94A9F-F54B-4718-8BCB-0DACBD3C1CA1}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{DDD076BF-C5C3-468C-AA1B-F9A7E47446FE}" = Intel® Network Connections 13.1.33.0
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA0F68A4-CC52-D061-C239-CC54377E9B79}" = ccc-utility64
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.2.0.1319
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"Creative OA002" = Monitor Webcam Driver (1.01.02.0804)
"ffdshow_is1" = rev2546
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Ogg Codecs" = Ogg Codecs 0.81.15562
"PROSetDX" = Intel® Network Connections 13.1.33.0
"sp6" = Logitech SetPoint 6.32
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C69CD1-89D7-41DD-9A9A-3F495BA7E087}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{025E60CE-C77E-4449-AF20-ABC597BC7FCA}" = Aion
"{06A82E70-97F4-3BA9-65DB-692632659387}" = Catalyst Control Center InstallProxy
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08C7A49D-2B12-46F6-8B41-26D3B0D1C01F}" = Visual Studio C++ 9.0 Runtime
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DF30031-F15F-FD36-D9F8-EBC23B901894}" = Catalyst Control Center Graphics Light
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1A772F15-B3FE-381A-BD29-82A78096B720}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
"{1B7E8D22-F280-4A8F-84BF-39B0F37F6D5F}" = Microsoft SQL Server System CLR Types
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EAF9B69-2078-4A98-BC6A-CA40F6A8ECCE}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 23
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{301CC8D1-FE75-41ED-9B11-41F006110950}" = Garmin City Navigator North America NT 2010.10 Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31B2D73B-4311-4D95-A131-32FB2194D1CB}" = Microsoft UI Engine
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{325045C9-F040-3D98-892D-53D5E840266C}" = Google Talk Plugin
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3921564E-11A7-27AC-8D6F-D5FCA33DD083}" = Skins
"{3A09F880-BB02-490C-B2E7-7C09DD505B53}" = Microsoft SQL Server 2008 R2 Management Objects
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3E9016D4-5AD8-3A77-5A75-8C89C68992CD}" = Catalyst Control Center Graphics Previews Vista
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3EFD7413-B39A-4F86-A12D-7648C3E357F7}" = TaxCut Connecticut 2008
"{4221094E-82B8-43C4-94F4-A6760FC1842A}" = H&R Block Premium + Efile + State 2011
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.24
"{529A52D1-5521-436B-83AB-1322780DCDAD}" = H&R Block Premium + Efile + State 2010
"{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
"{56F59702-1BB9-4C1B-BB8A-FB5F84A90378}" = H&R Block New York 2009
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A80C75C-EB3A-4275-A6C4-2E20349DBF4C}" = H&R Block New York 2010
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{732B5CC4-72BB-4D98-8F91-FA7FE6B920D6}" = H&R Block Connecticut 2011
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90AACECD-1E42-4D22-ABAD-7FB9B67B262D}" = H&R Block Premium + Efile + State 2009
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9B683A28-2172-4CF1-B85D-41375E80652A}" = Acronis True Image WD Edition
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0284E02-8114-4D23-B7C7-C2C4FAD2C355}" = Dragon Saga
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6F13F58-5E31-42A5-8657-F8CCFDA00D61}" = H&R Block Connecticut 2010
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}" = Mumble 1.2.3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{B88A3C98-CB4D-E3C2-DE49-EDAF1DC55CC1}" = CCC Help English
"{B9C73F69-63B7-552D-72D8-3C22B6B1A3E7}" = Catalyst Control Center Graphics Full New
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{CFC1C90B-E9A4-F656-BCA2-2A71ECCBD8F5}" = Catalyst Control Center Graphics Full Existing
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D9DC70B6-BE13-41DD-9053-9E617E72D085}" = MOTOROLA MEDIA LINK
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E01A8BFE-96AB-FEA3-4A3B-EEF9849D1E24}" = Catalyst Control Center Graphics Previews Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85F1E5F-B2C3-427C-A7C8-E0F8430CBA68}" = Gateway
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F241EC95-C81A-466E-8006-6B0B364B07A0}" = PCMark Vantage
"{F30C2BC8-BB58-413F-B928-4F100AD1BE2B}" = H&R Block Connecticut 2009
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F569596C-049F-BF15-E0A9-B7605D9B181E}" = Catalyst Control Center Core Implementation
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"APB Reloaded" = APB Reloaded
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Burger Shop 2 1.00" = Burger Shop 2 1.00
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCH Small Firm Services (xulRunner)" = CCH Small Firm Services (xulRunner)
"Citrix ICA Web Client" = Citrix Presentation Server Web Client for Win32
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"conduitEngine" = Conduit Engine
"CurseClient" = Curse Client
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Dock" = Dell Dock
"Diablo III" = Diablo III
"Download Manager" = Download Manager 2.3.8
"DragonNest" = DragonNest
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESN Sonar" = ESN Sonar
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GamersFirst LIVE!" = GamersFirst LIVE!
"GFWL_{4D530942-9B89-4186-98B7-F51000000100}" = Project S
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"H&R Block Business 2009" = H&R Block Business 2009 (Remove Only)
"H&R Block Business 2010" = H&R Block Business 2010 (Remove Only)
"H&R Block Business 2011" = H&R Block Business 2011 (Remove Only)
"HaaliMkx" = Haali Media Splitter
"Impulse" = Impulse
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MoneyToolbox" = MSN Money Investment Toolbox
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"MyTomTom" = MyTomTom 3.1.0.530
"Ogg Codecs" = Ogg Codecs 0.81.15562
"Origin" = Origin
"Pdf995" = Pdf995
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"Quick Search Box" = Google Quick Search Box
"RayV" = DTVblizzcon
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.90
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 8.0
"StarCraft II" = StarCraft II
"TaxCut Business 2008" = TaxCut Business 2008 (Remove Only)
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Vindictus" = Vindictus
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"webmmf" = WebM Media Foundation Components
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
"Zuma's Revenge!1.0" = Zuma's Revenge!
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Move Media Player" = Move Media Player
"NCsoft-GuildWars" = Guild Wars
"Spotify" = Spotify
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >