I am running an old dell vista that is running extremely slowly. Recently, 3 days ago, the resources were being hogged by something. I found installmate exe in the running processes. I thought I uninstalled this and Malwarebytes quarantined registry changes from it at the time.
This morning after it's scheduled scan Malwarebytes found a ton of installmate files...my wife removed the files though malwarebytes, but also deleted the logs. The computer may be clean, but I am not sure.
so far I have run Malwarebytes and windows Security Essentials, removed quarantined files and run OTB to post the logs below.
1. Could someone please go through the OTB logs and advise me of any problems, please? Maybe we licked it, which would be great to know too.
2. I will of course provide any additional info or run whatever is needed to diagnose and fix the problem.
Thank you
D.
OTL logfile created on: 8/21/2013 9:09:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 33.92% Memory free
6.70 Gb Paging File | 3.82 Gb Available in Paging File | 57.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 929.44 Gb Total Space | 61.45 Gb Free Space | 6.61% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive G: | 2794.51 Gb Total Space | 2792.50 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 443.80 Gb Free Space | 31.76% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 611.53 Gb Free Space | 32.82% Space Free | Partition Type: NTFS
Drive L: | 596.17 Gb Total Space | 7.08 Gb Free Space | 1.19% Space Free | Partition Type: NTFS
Drive R: | 596.17 Gb Total Space | 138.51 Gb Free Space | 23.23% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/08/21 09:06:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/25 05:12:03 | 000,864,104 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012/07/25 05:11:50 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012/07/24 18:05:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/03/26 00:11:28 | 000,108,544 | ---- | M] (Montpellier-Informatique) -- C:\Program Files\Predator2\PredatorACE.exe
PRC - [2010/12/20 18:10:14 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2010/12/20 18:09:52 | 000,505,856 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/09/29 13:15:00 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/09/10 13:31:36 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
PRC - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
========== Modules (No Company Name) ==========
MOD - [2013/07/26 22:51:14 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll
MOD - [2013/07/24 17:49:46 | 000,396,240 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll
MOD - [2013/07/24 17:49:45 | 013,599,184 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
MOD - [2013/07/24 17:49:44 | 004,052,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
MOD - [2013/07/24 17:48:54 | 000,601,552 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\libglesv2.dll
MOD - [2013/07/24 17:48:53 | 000,123,344 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\libegl.dll
MOD - [2013/07/24 17:48:51 | 001,597,392 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll
MOD - [2010/03/21 11:19:50 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/07/13 20:50:04 | 000,325,120 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopy.dll
MOD - [2009/06/21 23:26:00 | 000,305,664 | ---- | M] () -- C:\Program Files\TeraCopy\TeraCopyExt.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Users\Owner\AppData\Local\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2013/08/16 22:14:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/24 18:05:00 | 001,258,856 | R--- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/03/26 00:11:28 | 000,108,544 | ---- | M] (Montpellier-Informatique) [Auto | Running] -- C:\Program Files\Predator2\PredatorACE.exe -- (PredatorACE)
SRV - [2011/03/16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [On_Demand | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/12 14:03:50 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)
SRV - [2010/01/25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/12/04 05:07:26 | 000,285,696 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2008/09/29 13:15:00 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/09/10 13:31:36 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/05/28 09:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/02/28 18:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Owner\AppData\Local\Temp\IQE4E94.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (az3031x0)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\lgandadb.sys -- (androidusb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2013/08/21 09:10:45 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/08/20 11:59:46 | 000,043,600 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ietlwkmc.sys -- (ietlwkmc)
DRV - [2013/06/08 23:50:45 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2013/06/08 23:50:45 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/07 13:37:06 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2013/03/07 13:36:54 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2013/02/09 20:20:39 | 008,944,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/07/03 11:56:00 | 000,025,856 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetadb.sys -- (andnetadb)
DRV - [2012/07/03 11:43:00 | 000,027,776 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetmodem.sys -- (ANDNetModem)
DRV - [2012/07/03 11:43:00 | 000,023,040 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandnetdiag.sys -- (AndNetDiag)
DRV - [2012/07/02 17:25:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012/04/09 17:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2012/04/05 22:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2012/04/05 22:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2012/04/05 22:21:10 | 009,334,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012/04/05 18:10:22 | 000,275,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/03/02 16:03:00 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2012/03/02 16:03:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2012/03/02 16:03:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)
DRV - [2011/12/09 15:35:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)
DRV - [2011/10/27 16:57:23 | 000,020,480 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2010/12/28 18:31:08 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010/08/12 15:14:40 | 000,230,736 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010/07/29 00:25:22 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/07/26 11:30:17 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/12/30 10:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/29 22:09:06 | 000,059,904 | ---- | M] (wj32) [Kernel | Disabled | Running] -- C:\Program Files\Process Hacker\kprocesshacker.sys -- (KProcessHacker)
DRV - [2009/11/10 04:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 04:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 04:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/09/30 07:31:46 | 000,103,440 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/11/14 03:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/11/12 17:02:46 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008/11/12 17:02:46 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/09/29 13:17:06 | 000,029,952 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)
DRV - [2008/09/10 13:28:48 | 000,036,896 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)
DRV - [2008/01/15 04:25:24 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/11/13 01:21:54 | 000,017,536 | ---- | M] (Anyka (Guangzhou) Software Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbanyka.sys -- (usbanyka)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/08/29 04:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007/08/29 04:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007/03/20 20:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/01/24 16:27:54 | 000,039,704 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rcblan.sys -- (RemoteControl-USBLAN)
DRV - [2006/12/28 06:50:26 | 000,016,000 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\9kdUSBXP.sys -- (SNL320XP)
DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/01/09 19:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\Ckldrv.sys -- (NetworkX)
DRV - [2005/05/03 08:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5C42B5B9-17ED-4537-8FE8-7363B216ECCA}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5C42B5B9-17ED-4537-8FE8-7363B216ECCA}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>;*.local
========== FireFox ==========
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: facepad%40lazyrussian.com:0.9.6
FF - prefs.js..extensions.enabledAddons: greasefire%40skrul.com:1.0.8
FF - prefs.js..extensions.enabledAddons: guiconfig%40slosd.net:1.2.2
FF - prefs.js..extensions.enabledAddons: handytag%40elitwork.com:2.2
FF - prefs.js..extensions.enabledAddons: MafiaaFire%40mafiaafire.com:0.9d
FF - prefs.js..extensions.enabledAddons: magnetiser%40hotsexgary.com:0.975
FF - prefs.js..extensions.enabledAddons: multilinks%40plugin:3.0.0.19
FF - prefs.js..extensions.enabledAddons: pl%40dictionaries.addons.mozilla.org:1.0.20110621
FF - prefs.js..extensions.enabledAddons: tagmarks%40felipc.com:1.0.1
FF - prefs.js..extensions.enabledAddons: tineye%40ideeinc.com:1.1
FF - prefs.js..extensions.enabledAddons: VacuumPlacesImproved%40lultimouomo-gmail.com:1.2
FF - prefs.js..extensions.enabledAddons: %7B37E4D8EA-8BDA-4831-8EA1-89053939A250%7D:3.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B987311C6-B504-4aa2-90BF-60CC49808D42%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7Bcd617372-6743-4ee4-bac4-fbf60f35719e%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BFDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3%7D:1.3.5
FF - prefs.js..extensions.enabledAddons: autopager%40mozilla.org:0.8.0.8
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B3d7eb24f-2740-49df-8937-200b1cc08f8a%7D:1.5.17
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.1.0
FF - prefs.js..extensions.enabledAddons: anttoolbar%40ant.com:2.4.7.8
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.2.1
FF - prefs.js..extensions.enabledAddons: %7B8b86149f-01fb-4842-9dd8-4d7eb02fd055%7D:0.26
FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.7
FF - prefs.js..extensions.enabledAddons: %7B19503e42-ca3c-4c27-b1e2-9cdb2170ee34%7D:1.5.5.5
FF - prefs.js..extensions.enabledAddons: foxyproxy-basic%40eric.h.jung:3.2.1
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90.1
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.7.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2009/06/12 15:35:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/16 22:13:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/16 22:13:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
[2010/01/08 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/01/08 09:27:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\[email protected]
[2013/08/16 22:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions
[2009/08/05 08:24:15 | 000,000,000 | ---D | M] (Options Menu) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{1a6907cb-d310-4d82-bded-c0dd31f8d9a2}
[2009/11/02 14:37:04 | 000,000,000 | ---D | M] (Objection) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{289F3A4A-F3FF-4173-B994-DBC887E9C468}
[2011/02/07 08:29:25 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/04/23 09:14:23 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2013/07/14 22:46:46 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/07/14 20:22:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(63)
[2010/02/15 23:09:42 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(89)
[2013/05/30 14:10:26 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010/04/17 09:53:08 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2010/06/30 23:49:58 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/06/17 15:19:59 | 000,000,000 | ---D | M] (Penn State Nittany Lions) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{a78f0ac6-753b-491b-9021-cd2aec3502d9}
[2009/06/10 22:57:05 | 000,000,000 | ---D | M] (HalloFF) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}
[2010/07/23 00:55:24 | 000,000,000 | ---D | M] ("Show my Password") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{cd617372-6743-4ee4-bac4-fbf60f35719e}
[2010/11/03 14:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}-trash
[2010/07/14 20:22:30 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(64)
[2010/06/30 23:49:58 | 000,000,000 | ---D | M] (Torbutton) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2013/06/02 08:18:46 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/03/10 21:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}-trash
[2009/09/14 20:42:14 | 000,000,000 | ---D | M] (IE View Lite) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{FDD8ECF0-451A-414D-8C8F-7B7F78B0ECD3}
[2012/09/21 17:38:36 | 000,000,000 | ---D | M] (adblockvideo) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/05/05 22:32:55 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/07/15 22:19:31 | 000,000,000 | ---D | M] (CheckPlaces) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\checkplaces@andyhalford(61).com
[2013/03/24 20:51:47 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/20 21:31:49 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/11/26 13:53:23 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/08/13 19:10:21 | 000,000,000 | ---D | M] (FlashLoader) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/07/06 23:17:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/12/21 23:53:40 | 000,000,000 | ---D | M] ("Handytag") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/07/21 13:46:01 | 000,000,000 | ---D | M] (Next Tab) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/07/14 20:22:29 | 000,000,000 | ---D | M] (Omnibar) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\omnibar@ajitk(62).com
[2011/06/29 07:01:47 | 000,000,000 | ---D | M] (Polski slownik poprawnej pisowni) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/02/15 23:09:42 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\support@lastpass(88).com
[2013/03/21 01:16:51 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/11/27 21:03:51 | 000,000,000 | ---D | M] (Tabberwocky) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2010/01/23 20:47:39 | 000,000,000 | ---D | M] (Tagmarks) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/02/21 22:53:53 | 000,000,000 | ---D | M] (TinEye Reverse Image Search) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/01/20 21:31:49 | 000,000,000 | ---D | M] (Vacuum Places Improved) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2009/05/11 07:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Sunbird\Profiles\uwu58twj.default\extensions
[2012/01/08 16:56:03 | 000,854,402 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/01/14 13:21:29 | 000,347,340 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/08/16 22:22:45 | 001,312,907 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/08/08 10:03:44 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/05/22 10:29:39 | 005,438,448 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/10/22 16:02:34 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/06/29 16:09:06 | 000,171,607 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/02/17 09:23:15 | 000,123,007 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2012/02/17 09:23:16 | 000,019,291 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2011/12/31 14:37:59 | 000,038,090 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/06/02 08:18:47 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/05/05 22:32:51 | 000,346,768 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/01/06 17:28:31 | 000,213,444 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\[email protected]
[2013/06/13 14:31:10 | 000,350,663 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
[2013/07/27 16:27:51 | 000,588,111 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}.xpi
[2013/08/16 22:22:40 | 000,534,203 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/10/18 08:48:37 | 001,494,925 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{BB359C50-BFC9-4f40-8302-3FE5A499A859}.xpi
[2013/08/01 00:42:11 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/01/23 12:49:05 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011/10/30 17:30:14 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013/04/23 09:14:23 | 000,765,412 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/04/13 21:11:49 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/08/06 15:45:16 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2009/06/10 22:57:05 | 000,828,588 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\extensions\{bbf8fc30-5280-11db-b0de-0800200c9a66}\chrome\tmp.xpi
[2009/08/20 16:58:43 | 000,001,625 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wvymb9q7.default\searchplugins\startpage-https.xml
[2013/08/16 22:13:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/16 22:14:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/03/02 06:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007/01/17 04:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2010/01/18 13:32:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2007/07/02 08:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2011/12/09 10:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
========== Chrome ==========
CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = https://duckduckgo.com?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://whatreallyhappened.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Enabled) = C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U15 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Translate = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Google Drive = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Bookmark Sentry = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdglbbcbmgnimogcmcdenggkpdmihlga\1.7.13_0\
CHR - Extension: DuckDuckGo for Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao\42.5.8_0\
CHR - Extension: Adblock Plus = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.4_0\
CHR - Extension: GroovesharkMenu = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfmokiidpofbgincdbjagbdkihkjfla\0.2.5_0\
CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Email this page (by Google) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeoemfhkdniadbojeencpkgmobndpai\1.2.5_0\
CHR - Extension: Add to Wunderlist = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmnddeddcgdllibmaodanoonljfdmooc\1.2.1_0\
CHR - Extension: Bookmarks Tagger = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpiecafonfminhngabegejbligdagjfc\1.1.2_0\
CHR - Extension: Gmail Offline = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\
CHR - Extension: Google Calendar = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Grooveshark Remote = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbpifhknilaflibiifjhhofddbbchmhh\1.6.14_0\
CHR - Extension: 8 tracks MP3 download link = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fggjnjallodaekhhkmmjkgecnahgnafc\0.1.4_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Ghost incognito = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gedeaafllmnkkgbinfnleblcglamgebg\1.0.3_0\
CHR - Extension: Click&Clean = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: FlashBlock = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.2_0\
CHR - Extension: Ads-free Grooveshark = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hafggjhmihflaeblhdhjpbdadcofgfaf\0.5.1_0\
CHR - Extension: LastPass = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.3_0\
CHR - Extension: Lingua.ly = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilcekgoelpgecpjnnoikhbleipnjdhf\13.2_0\
CHR - Extension: Secure Gmail by Streak = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jngdnjdobadbdemillgljnnbpomnfokn\1.4_0\
CHR - Extension: Evernote Web = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Linkclump = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj\2.7.2_0\
CHR - Extension: Download Master = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\3.0.1.2_0\
CHR - Extension: AdSweep = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\milkhonmecplandlkfbjplfbdenjlkmp\2.1.6_0\
CHR - Extension: Ghostery = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.2_0\
CHR - Extension: AutoPager Chrome = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.8.0.4_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0\
CHR - Extension: Docs PDF/PowerPoint Viewer (by Google) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn\3.10_0\
CHR - Extension: Click&Clean App = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0\
CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Privacyfix by Privacychoice = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni\4.1.2_0\
CHR - Extension: RSS Feed Reader = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\5.2.0_0\
O1 HOSTS File: ([2013/08/02 13:45:10 | 000,000,137 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 csmg.lgmobile.com
O1 - Hosts: 127.0.0.1 csmgdl.lgmobile.com
O1 - Hosts: 127.0.0.1 activation.cloud.techsmith.com
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (LastPass Vault) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
O4 - HKCU..\Run: [BackgroundSwitcher] C:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe (johnsadventures.com)
O4 - HKCU..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)
O4 - HKCU..\Run: [Wunderlist] C:\Program Files\Wunderlist2\Wunderlist.exe (6 Wunderkinder GmbH)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Clip Image - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O8 - Extra context menu item: lastpass - file://C:\Users\Owner\AppData\LocalLow\lastpass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Users\Owner\AppData\LocalLow\lastpass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPToolbar.dll (LastPass)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3591D13-9B5E-4723-A2DB-7C45784771D3}: NameServer = 208.201.224.11,208.201.224.33
O18 - Protocol\Handler\navnet {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files\NavNetApp\ComUtilities.dll (MH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\johnsadventures.com\Background Switcher\ActiveBackground.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/10 19:54:52 | 000,000,170 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/08/03 01:29:29 | 000,000,000 | ---D | M] - L:\Automatically Add to iTunes -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/08/20 12:04:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\kprologs
[2013/08/20 11:58:01 | 000,050,688 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbhelp2.dll
[2013/08/20 11:58:00 | 000,028,160 | ---- | C] (Neil Banfield) -- C:\Windows\System32\anim.dll
[2013/08/16 22:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/08/13 08:45:39 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2013/08/13 08:45:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
[2013/08/13 08:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Reason
[2013/08/09 15:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/08/08 22:03:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\boxcar children
[2013/08/07 17:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evan-Moor
[2013/08/07 17:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Evan-Moor
[2013/08/07 16:12:05 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/08/07 16:08:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\GooredFix Backups
[2013/08/03 21:50:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\dvdcss
[2013/08/02 13:19:05 | 000,000,000 | ---D | C] -- C:\shttps
[2013/08/02 13:19:05 | 000,000,000 | ---D | C] -- C:\RootFlash
[2013/08/02 13:19:04 | 000,000,000 | ---D | C] -- C:\RootLelus
[2013/08/02 12:59:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\dad's phone backup
[2013/07/27 23:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/01/30 11:56:25 | 010,965,504 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/21 09:15:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000UA.job
[2013/08/21 09:13:56 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/08/21 09:06:05 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2013/08/21 07:21:27 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 07:21:27 | 000,003,568 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 15:15:02 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1500155505-1741706647-2289308542-1000Core.job
[2013/08/20 14:05:36 | 000,004,706 | ---- | M] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/08/20 12:04:15 | 000,000,046 | ---- | M] () -- C:\Windows\System32\windows.ini
[2013/08/17 09:23:03 | 000,002,359 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2013/08/17 09:21:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/14 04:27:08 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Wunderlist.lnk
[2013/08/10 16:09:01 | 000,712,254 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/10 16:09:01 | 000,146,382 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/07 17:58:42 | 000,000,814 | ---- | M] () -- C:\Users\Public\Desktop\Portals.lnk
[2013/08/02 13:52:15 | 000,002,413 | ---- | M] () -- C:\Windows\System32\lgAxconfig.ini
[2013/08/02 13:33:14 | 000,000,000 | ---- | M] () -- C:\Users\Owner\CD
[2013/08/02 13:12:39 | 010,377,692 | ---- | M] () -- C:\RootJB_and_Flash_Guide_byCMahendra_AngryWolf80(31-Mar).zip
[2013/08/01 05:23:24 | 000,002,086 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/08/01 01:14:22 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/07/26 23:03:12 | 000,315,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/26 23:02:59 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/26 23:02:59 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/08/20 14:05:36 | 000,004,706 | ---- | C] () -- C:\Users\Owner\AppData\Local\recently-used.xbel
[2013/08/20 12:04:15 | 000,000,046 | ---- | C] () -- C:\Windows\System32\windows.ini
[2013/08/07 17:58:42 | 000,000,814 | ---- | C] () -- C:\Users\Public\Desktop\Portals.lnk
[2013/08/02 13:32:34 | 000,000,000 | ---- | C] () -- C:\Users\Owner\CD
[2013/08/02 13:07:06 | 010,377,692 | ---- | C] () -- C:\RootJB_and_Flash_Guide_byCMahendra_AngryWolf80(31-Mar).zip
[2013/05/21 09:15:23 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2013/05/21 09:15:23 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2013/05/21 09:15:23 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2013/05/21 09:15:18 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012/12/07 16:52:24 | 000,000,233 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/12/07 16:52:24 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/12/07 16:44:49 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2012/12/07 16:44:49 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/12/07 16:44:36 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2012/12/07 16:44:34 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2012/12/07 16:44:33 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADM10A.DAT
[2012/09/28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012/09/06 09:28:58 | 002,888,384 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012/09/06 09:28:56 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012/09/06 09:27:12 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012/07/28 13:16:21 | 000,000,106 | -H-- | C] () -- C:\Users\Owner\EnableUSBWrite.reg
[2012/07/25 08:14:42 | 000,429,416 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2012/05/05 16:16:21 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/01/20 22:17:01 | 000,191,727 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\gd.db
[2012/01/20 22:17:01 | 000,000,283 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\groovedown.settings
[2011/10/09 16:03:01 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2011/10/09 16:02:59 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2011/10/09 16:02:59 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2011/10/09 16:02:59 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2011/10/09 16:02:59 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/25 13:48:51 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/12 16:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/06/30 12:57:58 | 000,138,056 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\PnkBstrK.sys
[2010/05/09 21:47:11 | 000,000,600 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\winscp.rnd
[2009/11/22 15:01:00 | 000,000,090 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\default.pls
[2009/11/05 08:54:35 | 000,000,004 | -H-- | C] () -- C:\Users\Owner\AppData\Roaming\sgeaxael3kiitbyhsirgbnkdqbs5vr4
[2009/08/27 12:06:32 | 000,000,081 | -H-- | C] () -- C:\Users\Owner\notalonrecent
[2009/05/10 18:31:52 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009/05/09 12:05:38 | 000,001,024 | -H-- | C] () -- C:\Users\Owner\.rnd
[2009/05/06 20:48:55 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/04/24 20:30:41 | 000,245,248 | -H-- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/24 20:22:24 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/04/24 16:41:17 | 002,621,440 | -HS- | C] () -- C:\Users\Owner\ntuser.bak
========== ZeroAccess Check ==========
[2006/11/02 05:53:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012/03/04 22:07:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\.Tribler
[2010/03/06 17:31:27 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\1morebee
[2013/05/06 01:18:28 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\6Wunderkinder
[2009/07/14 19:26:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Aisle 5 Games, Inc
[2009/11/25 15:50:05 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Alawar
[2011/02/07 09:45:24 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Amazon
[2010/10/12 11:01:10 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Anarchy
[2009/08/05 18:25:21 | 000,000,000 | -H-D | M] -- C:\Users\Owner\AppData\Roaming\Any Video Converter Professional
[2010/10/29 18:44:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Artifex Mundi
[2009/06/11 14:27:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ashampoo
[2012/09/27 23:51:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Audacity
[2009/08/16 09:19:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Babylonia
[2012/09/28 00:02:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\backpocket.com
[2010/09/25 19:02:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Big Fish Games
[2009/08/25 15:13:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\blg
[2012/06/10 20:25:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BoneCraft
[2010/05/27 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Braintonik
[2013/01/25 11:08:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\calibre
[2009/05/09 11:01:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canneverbe_Limited
[2009/08/03 12:56:09 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CasualForge
[2010/04/20 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CD Art Display
[2013/02/20 13:35:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.livescribe.LivescribeConnect
[2012/08/19 16:12:31 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\com.ninjakiwi.BloonsTD5Deluxe
[2010/05/04 11:20:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ContentGuard
[2012/12/07 17:02:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ControlCenter4
[2009/12/03 20:40:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Curious Sense
[2010/04/25 19:33:40 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DiskSpaceFan
[2011/10/09 19:04:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DisneyInteractiveStudios
[2011/01/01 12:51:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DivoGames
[2010/07/17 19:05:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Downloaded Installations
[2009/05/19 11:41:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dreamsdwell Stories
[2012/11/23 18:04:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dropbox
[2012/10/02 12:30:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
[2009/11/05 11:29:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ElementalsTheMagicKey
[2010/01/17 09:58:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ERS G-Studio
[2009/09/11 11:51:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\EscapeFromParadise2
[2009/04/24 16:52:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ESET
[2013/08/07 17:58:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\evan-moor.app.air.iConnect
[2013/08/07 17:58:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\evan-moor.app.air.iConnect.7A6C9FC75A74FD42A1B64635F2403F839033BABE.1
[2009/07/02 13:41:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Faerie Solitaire
[2010/03/07 13:07:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Farm Mania 2
[2010/05/07 22:09:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FileZilla
[2013/08/08 23:28:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\foobar2000
[2009/08/06 22:58:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit
[2010/02/05 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2011/02/11 11:17:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Friday's games
[2009/09/18 21:03:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\funkitron
[2009/11/25 20:20:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Gamers Digital
[2009/10/13 11:17:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Games
[2009/10/23 16:58:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GamesCafe
[2011/10/09 14:10:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GetRightToGo
[2009/08/15 15:24:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GraveyardShift
[2012/02/12 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Groovedown
[2011/08/07 01:45:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\gtk-2.0
[2009/10/16 22:26:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\GTM_Bodie
[2010/01/12 19:41:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake
[2012/02/25 16:27:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hothead Games
[2009/05/27 20:34:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HuruBeachParty
[2009/07/04 14:45:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IronCode
[2009/10/22 07:39:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\iWin_generic
[2009/09/21 21:12:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\johnsadventures.com
[2009/06/07 14:26:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\KeePass
[2012/01/20 22:17:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\lang
[2009/12/15 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech
[2011/06/03 08:27:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Lionhead Studios
[2010/01/22 10:10:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Magic Academy 2
[2010/05/26 20:56:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MegaplexMadnessSummerBlockbuster
[2009/11/06 16:00:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Merscom
[2012/06/10 17:12:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MinMaxGames
[2013/07/29 01:42:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mipony
[2009/10/13 11:59:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Montpellier-Informatique
[2012/06/29 01:49:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mp3tag
[2010/08/07 20:53:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NavNet Solutions
[2013/04/14 00:38:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\NevoSoft Games
[2013/02/20 15:25:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nitro PDF
[2010/05/07 22:35:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Nvu
[2009/04/25 12:27:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2010/03/27 07:59:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Peace Craft
[2009/06/13 00:21:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Pi Eye Games
[2011/02/11 10:54:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2009/11/14 14:00:38 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Playrix Entertainment
[2010/01/10 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Process Hacker
[2011/03/23 22:14:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PunkBuster
[2012/06/01 21:24:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\redsn0w
[2009/07/16 21:47:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Reflexive JanesZOO
[2012/08/28 08:54:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RenPy
[2009/11/16 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIM Palm&PPC Upgrade Wizard
[2010/06/21 21:01:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\rockbox.org
[2010/10/23 01:15:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Sahmon Games
[2013/03/23 12:14:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Samsung
[2011/07/01 16:35:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SanDisk
[2010/01/08 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Songbird2
[2009/08/24 18:46:15 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Stellarium
[2009/08/10 19:11:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SystemRequirementsLab
[2013/07/20 10:10:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TechSmith
[2011/07/01 16:30:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Teleca
[2013/06/26 19:33:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TeraCopy
[2013/02/20 11:42:12 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Theta
[2012/04/21 17:18:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TrueCrypt
[2012/05/11 19:17:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TuneUpMedia
[2010/12/21 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Ubisoft
[2009/06/28 08:29:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\UClick
[2011/02/13 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Unity
[2010/01/09 10:33:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ValuSoft
[2010/01/01 18:34:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Virtual City
[2013/03/22 21:29:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Warner Bros. Interactive Entertainment
[2010/11/07 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\YoudaGames
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 490 bytes -> C:\Windows\System32\drivers\ietlwkmc.sys:changelist
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A966CC2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:C9B27A06
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:C8B8CEBD
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:751D6870
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:4B1CFD78
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:7631EA83
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:7EC01D6D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:6BFA43EB
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:99AC3203
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8DD20B4A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7ADCE5D2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1E86ADD2
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:151760F0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EA7D76BE
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EE7AAC75
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:8DD36B71
< End of report >
OTL Extras logfile created on: 8/21/2013 9:09:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19443)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.25 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 33.92% Memory free
6.70 Gb Paging File | 3.82 Gb Available in Paging File | 57.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 929.44 Gb Total Space | 61.45 Gb Free Space | 6.61% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 52.91% Space Free | Partition Type: NTFS
Drive G: | 2794.51 Gb Total Space | 2792.50 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
Drive H: | 1397.26 Gb Total Space | 443.80 Gb Free Space | 31.76% Space Free | Partition Type: NTFS
Drive J: | 1863.01 Gb Total Space | 611.53 Gb Free Space | 32.82% Space Free | Partition Type: NTFS
Drive L: | 596.17 Gb Total Space | 7.08 Gb Free Space | 1.19% Space Free | Partition Type: NTFS
Drive R: | 596.17 Gb Total Space | 138.51 Gb Free Space | 23.23% Space Free | Partition Type: NTFS
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Users\Owner\AppData\Roaming\update.exe" = C:\Users\Owner\AppData\Roaming\update.exe:*:Enabled:Windows Messanger
"C:\Windows\Temp\svchost.exe" = C:\Windows\Temp\svchost.exe:*:Enabled:Windows Messanger
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0141133C-DBD3-49DE-AF14-27F7056F5665}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0BE8C279-2262-49D2-B182-FBC5D3F398FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{186DA208-3FC9-4D7F-BEF8-5E004394E585}" = lport=5229 | protocol=6 | dir=in | name=ofl.kongregate.com |
"{2B7F31DF-7AA2-42FF-A004-E0B6435C2E2E}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{312F1540-3C29-4D8F-B018-CAA86FE64910}" = lport=139 | protocol=6 | dir=in | app=system |
"{38DDC1E8-B682-4E20-8B7C-4F842F826BC0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{3C8E870A-718B-48A1-A9CA-E8DFD4F2BBC2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{44888D63-7E38-49CE-88D7-B76D007E8EBC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4F5A2D10-17A4-4DE3-B79B-20D49EFD7A68}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{73137E69-51E9-4B4F-A70F-5C2A21860C83}" = rport=445 | protocol=6 | dir=out | app=system |
"{7633A5C4-EFDC-4B89-973C-2CAB13E81F9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8088EDAC-0DAC-4B55-8F4D-CE34FE48D9C7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8EB88A49-131C-4326-9D9F-3BCB1C7AC10D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{90C13A79-DD04-4D93-8685-5CD7E9834B81}" = lport=137 | protocol=17 | dir=in | app=system |
"{AEBADBBA-B15E-4068-9BF5-55A7D1E93624}" = lport=55555 | protocol=6 | dir=in | name=55555 |
"{B61B66FD-8058-4C82-8E84-84D5587A9CE9}" = rport=138 | protocol=17 | dir=out | app=system |
"{B933BA15-CDE3-487A-B52E-3BC0844D3BA8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{BF07D145-6B50-4031-9902-F1E80F85AAC9}" = rport=137 | protocol=17 | dir=out | app=system |
"{C2586994-DF2E-4EE3-9ED7-04F7A8CEBD23}" = lport=5222 | protocol=6 | dir=in | name=ofl.kongregate.com |
"{C57CF4C1-1876-4D02-8186-3698EDEB7F78}" = rport=139 | protocol=6 | dir=out | app=system |
"{CFAB4530-C4E5-4076-BCAA-ABEB149E641C}" = lport=138 | protocol=17 | dir=in | app=system |
"{D2C803CD-8832-4C3E-828E-07CB0111D6DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FBFB5159-E077-47F8-9465-4C594E110D0E}" = lport=445 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08E32EFC-CAC5-4C20-9680-E71E448AAC26}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{15F41148-6AEF-4BBB-B181-61F2A12669D5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{2AC8E352-DE46-4944-9B02-9793FBD13EF3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{2E4CE8E9-EAE9-4238-B2DF-789E0271DF0A}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\huludesktop\huludesktop.exe |
"{33C72291-6017-4D84-AEA0-C57E4DE94293}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{3A0D175A-CA1E-41C1-BFEF-7A6730408812}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\huludesktop\huludesktop.exe |
"{3AC27AF7-FCE4-465A-94A8-927A8ED0FD45}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{3B2FFA58-5373-407C-B2EB-CD6D9C6F7102}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40E98F20-C5C0-4A40-B0B9-4C90B6BC954B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{49EE2E5E-E8DD-45D3-9AD3-3EC47FBF358E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5D3DA8CC-618D-4B63-8E5F-CB13D5C8A19B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{63CC4B0A-23DF-43D8-80BE-87569FDC6157}" = protocol=6 | dir=out | app=system |
"{664B729F-63B3-4148-8678-ADCF6136FBEA}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{6AA966A9-9389-4130-B421-13B40DA459B3}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{6D461D66-5411-4A95-B54C-AC473C19CBE8}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"{6E94E13A-0714-4EEC-A03F-8870FEC049E6}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{80AB2B2D-94ED-482B-8E0E-3F0DBE5F2FEF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8F36B0FC-5710-4D63-B772-2EBAFE34B86A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{98E883B6-9CB8-4D71-B260-A11406F4C999}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AEC32E74-C75A-428D-B5C3-A699D66D5458}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{B3F92256-7EA6-4FCF-9107-CF5F65468B87}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B60787CB-D76F-45D4-989E-C7B64C5B2CC3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD2388F0-58B8-4D77-9C8F-CAE17EA1F9B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C8DDA32B-3B5B-486E-8B0D-24C7FF547FCC}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{CB82C991-18E4-4204-8E72-42294749AEAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CEA8E3D6-AE75-4C79-B992-9C7CA2B12D25}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{D2640EBF-CA3D-4DE1-913B-A7707CEE6AEE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D3767EA0-2E65-46D5-957B-51B1A3F4C7DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5788495-DD4C-4D8D-B7F7-55ADD8DF337A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF98EEA3-F92C-4C99-A91A-8D715C4C43E1}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{F28A19C3-3D61-4DC7-84D3-6DB2ECE894A6}" = protocol=6 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe |
"{F47E012F-2FD7-4744-811B-3980233002D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F9770A92-38AB-4D01-BDE3-21489227397C}" = protocol=17 | dir=in | app=c:\program files\brother\brmfl10f\faxrx.exe |
"{FBACDC45-FA11-4114-AC15-F020A71711B6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFD799E8-D6A0-46D2-9EEF-20A5BDB20BEF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0CAF72FC-8633-4E9C-8E64-31DE8BCB56E2}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{213D9489-CDDD-42EB-B914-6BC9358C6F56}C:\shttps\http.exe" = protocol=6 | dir=in | app=c:\shttps\http.exe |
"TCP Query User{2855AD34-988A-4EE9-93C5-02526FF8CFA7}C:\program files\sickbeard-win32-alpha-build481\sickbeard.exe" = protocol=6 | dir=in | app=c:\program files\sickbeard-win32-alpha-build481\sickbeard.exe |
"TCP Query User{329CDE16-80E5-4DA9-8379-F58FFAD03C9D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{3933A9BB-382E-4914-B7E9-998F26A5D10E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{3CC51547-544E-49A8-8DC3-874D0C6AD746}C:\program files\agb-gt\assassin's creed iii\ac3sp.exe" = protocol=6 | dir=in | app=c:\program files\agb-gt\assassin's creed iii\ac3sp.exe |
"TCP Query User{64D15E3F-6689-4116-BAFF-99AE1373D15B}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"TCP Query User{671E7D4B-70E0-4402-8BD4-C909DBC41AA4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{6B2314E5-3B46-43D4-98AD-B67EDC7C196F}C:\program files\sabnzbd\sabnzbd.exe" = protocol=6 | dir=in | app=c:\program files\sabnzbd\sabnzbd.exe |
"TCP Query User{724B6D24-5EAA-499F-9BC6-6BBA377A65D0}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{813B57D9-788A-4BF3-9D0C-DCD1DFACA4B1}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{82C086BF-1A60-411F-9EAF-76F8A4DB3305}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{9AF7E097-E363-4E52-9C1C-C36E60B37A1B}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{B19714D6-89FC-433B-8498-75C093362D17}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{BCC2DC13-8971-445A-897D-B21606332677}C:\program files\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=c:\program files\foobar2000\foobar2000.exe |
"TCP Query User{C9541028-1588-424B-99F3-FD7BD5164D77}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{C9F20188-3AFB-4BA4-BB95-16991F00C694}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{D0A76341-AF7A-444C-A446-D8E1AB76D264}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{E2139D64-F722-4E89-B11A-820E34BBFDB4}C:\program files\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=c:\program files\foobar2000\foobar2000.exe |
"TCP Query User{EA3995E1-AEEE-47C2-822D-010514E2ECC2}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{FECCE971-5BF1-4A03-A2E4-12A38E6E91F7}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{0F1F1444-D686-42F9-8F79-3D627D0D7DF1}C:\program files\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=c:\program files\foobar2000\foobar2000.exe |
"UDP Query User{144E775D-1A1D-4A95-B365-1222AC3D3F55}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{14EDEA6A-A3FC-4F34-8EFE-576F168552C6}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{166B5912-E986-4A98-BFF8-3179C85A019C}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{1C3A1447-F709-462F-AB5A-2EB2E85964A8}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{1C3B08D2-75B2-4E86-95F1-9B78E86BA20C}C:\program files\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=c:\program files\foobar2000\foobar2000.exe |
"UDP Query User{4547E83F-4F50-4BF6-A1D6-74BE0269F54C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{63635B4B-C94E-434F-8BC6-79F4735CE5F0}C:\shttps\http.exe" = protocol=17 | dir=in | app=c:\shttps\http.exe |
"UDP Query User{63858440-9276-4926-8C7E-0672631BC97B}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{8B84B6FB-455E-44B5-AEDD-8177433AB9C5}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{8F545038-3801-4DED-86B8-756E7A70DE35}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{951B81F5-A0E2-4CBB-B668-435C1B032741}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{A6711D45-0587-45A5-90E0-E64D62EA342E}C:\program files\sabnzbd\sabnzbd.exe" = protocol=17 | dir=in | app=c:\program files\sabnzbd\sabnzbd.exe |
"UDP Query User{A82E2251-CFE6-477C-95E1-9ACEE9D55DB1}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{B32C982E-8148-4C33-9620-2B930BC34BB3}C:\program files\agb-gt\assassin's creed iii\ac3sp.exe" = protocol=17 | dir=in | app=c:\program files\agb-gt\assassin's creed iii\ac3sp.exe |
"UDP Query User{BF85F1A6-D56E-4F21-B75F-D36F4568E216}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
"UDP Query User{C425E18F-5C89-41CA-B434-89500F64B3D6}C:\program files\sickbeard-win32-alpha-build481\sickbeard.exe" = protocol=17 | dir=in | app=c:\program files\sickbeard-win32-alpha-build481\sickbeard.exe |
"UDP Query User{C875DB6B-11BE-4528-A3AE-9A3E7DB23060}C:\users\owner\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{DCA3CCA8-070B-43A3-B65E-2550F15916E8}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{EE4B999C-A357-4FC5-BA4F-096BBB270778}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{F65C9F29-3520-446E-A60B-E15C99328D04}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{055C6D46-1EAE-49F7-BBB3-FDF6BF051136}" = FastPictureViewer WIC Codec Pack 1.30
"{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1" = MiniTool Partition Wizard Home Edition 7.8
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{117CE366-3EED-48C5-BF6A-E0F47A0E68A4}" = ShadowCopy
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a7465e1-6e88-41ce-82e0-2f2619f2df26}" = Wunderlist
"{1CA7ACD6-B21B-4240-AA05-4FC55F6E1033}" = Nero 8
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21ED66C3-695F-4C41-9BC8-3D84BF97339E}_is1" = Assassin's Creed III
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MYMOVIES)
"{2B1F8DD0-873D-4AC3-8400-766F255FE263}" = Camtasia Studio 8
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{31BA2DC1-AEA1-4FE5-95BE-5D0325C33CB4}" = Nitro PDF Reader
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java SE Development Kit 6 Update 21
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{376DA9DC-71B3-4AB7-A80C-8ED02A736172}" = Foxit Reader
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{39DB116F-E088-486F-B13C-8925ECE7A6E5}" = 3D Sound Back Beta0.1
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7360N
"{3AF144F9-849D-DEDA-BA4F-2EBA94A3CF10}" = ccc-utility
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F534669-6391-DB54-A396-6525C93D5541}" = Catalyst Control Center Graphics Previews Common
"{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" = Foxit PDF IFilter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5982f969-a067-4808-b164-2c50690d1b37}" = Wunderlist
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{605333A6-963F-480C-A358-1301CAA6CFF6}" = TES Construction Set
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 3.0.2
"{67F3E5DD-0A56-7560-58FF-AD82748CA40B}" = Catalyst Control Center Core Implementation
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1F0A1A-474C-4151-8534-5F61832D88CD}" = Comic Life
"{6BD1CEF5-9479-4540-804E-BD101756794D}" = Predator
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"{704E5C65-6E2C-B256-ECDB-17FFE89ADFD6}" = Catalyst Control Center Graphics Full Existing
"{709F27C3-B9A1-16D9-105D-B5918E03AA48}" = Livescribe Connect
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A437F7B-5F32-C7BA-6A08-AD574333A458}" = CCC Help English
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.2.0.0
"{8245C111-D83F-4C66-BBC6-2424F6116944}" = TES Construction Set
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842B5C79-5C3F-521B-C0B3-5EF038E4B4DA}" = Catalyst Control Center InstallProxy
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F2E0E7E-FF6F-243F-493C-C678FFF9CA08}" = ccc-utility
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{936460AE-5876-B81E-7535-7EE23A3BB308}" = Catalyst Control Center Graphics Light
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B305D90-348B-410A-8013-D6B773530A6C}" = calibre
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed® III v1.03
"{9E2F7730-15E7-66DC-2B26-F4DA0AE4E7EE}" = Catalyst Control Center Graphics Full New
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A6563D7C-F3AD-11E2-A4DB-984BE15F174E}" = Evernote v. 4.6.7
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 305.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 305.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 305.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B64BC516-2406-43AE-A21A-1E387A2343B1}" = Content Manager
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{B9E848B3-A64D-4005-8DA1-DC3981C902A8}_is1" = NavNet
"{BAF227A2-E214-49E3-9137-94A300EA85BA}" = iPhone Configuration Utility
"{BAFEB165-648B-42E9-AC3C-B6D2A535FC7C}" = Wunderlist
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C125A3D2-9C46-63D6-2CAF-4EC7777312AE}" = Evan-Moor Portals
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{D5068813-9F8D-9F7A-92C0-A3EECBA2D82B}" = AMD Catalyst Install Manager
"{D5193DED-6DEA-D4AE-BAB5-430A4189E0A8}" = Catalyst Control Center Graphics Previews Vista
"{DD3DAD13-289E-440E-A5D3-3EFB25305018}_is1" = John's Background Switcher 4.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = Catalyst Control Center
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F7E1CA14-B39D-452A-960B-39423DDDD933}" = DriveImage XML (Private Edition)
"{F8C7A1B9-CE14-468A-B55F-946D258792C2}" = Catalyst Control Center - Branding
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.16 beta
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
"AnyDVD" = AnyDVD
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Bloons TD 5 Deluxe_is1" = Bloons TD 5 Deluxe version 1.13
"burnatonce_is1" = burnatonce
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"CD Wave Editor_is1" = CD Wave Editor 1.98
"CDisplay_is1" = CDisplay 1.8
"CloneCD" = CloneCD
"com.livescribe.LivescribeConnect" = Livescribe Connect
"ConvertVid_is1" = Nuclear Coffee - ConvertVid
"Cool Edit Pro 2.0" = Cool Edit Pro 2.0
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8 Qt_is1" = DVDFab 8.2.1.3 (28/09/2012) Qt
"EOS USB WIA Driver" = EOS USB WIA Driver
"evan-moor.app.air.iConnect.7A6C9FC75A74FD42A1B64635F2403F839033BABE.1" = Evan-Moor Portals
"eXtreme Music Manager 1.0.2.1 Full Install!_is1" = eXtreme Music Manager 1.0.2.1 - Full Install!
"FileZilla Client" = FileZilla Client 3.3.2.1
"Finale 2010" = Finale 2010
"FLAC" = FLAC 1.2.1b (remove only)
"Flashtool" = Flashtool
"FLVCodec" = PlayFLV
"foobar2000" = foobar2000 v1.1.15
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"GIMP-2_is1" = GIMP 2.8.0
"Hypnosis1.0" = Hypnosis
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"IrfanView" = IrfanView (remove only)
"iSkysoft Video Converter Ultimate_is1" = iSkysoft Video Converter Ultimate(Build 2.3.2.2)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 9.9.0
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"lastpass" = LastPass(uninstall only)
"Livescribe Desktop 2.8.3" = Livescribe Desktop
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiPony" = MiPony 2.0.5
"mkwACT" = mkw Audio Compression Toolkit
"mkwMFCRTL" = mkw Runtime Libraries
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.50
"Mp3tagAudioIndexer" = Mp3tag Audio Indexer 1.05
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"NirSoft Wireless Network Watcher" = NirSoft Wireless Network Watcher
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Process_Hacker_is1" = Process Hacker 1.10
"Ringtone Maker" = Ringtone Maker
"SABnzbd" = SABnzbd 0.6.15
"SimpleDivX_is1" = SimpleDivX
"SopCast" = SopCast 3.5.0
"SP6" = Logitech SetPoint 6.0
"Spirit Board v2.0" = Spirit Board v2.0
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"Stellar Phoenix Windows Data Recovery_is1" = Stellar Phoenix Windows Data Recovery V3.0
"SystemRequirementsLab" = System Requirements Lab
"TEFView_is1" = TEFView 2.65
"TeraCopy_is1" = TeraCopy 2.1
"TrueCrypt" = TrueCrypt
"TVUPlayer" = TVUPlayer 2.5.3.1
"UnLock Root" = UnLock Root 3.1.1
"UnLock Root Pro" = UnLock Root Pro 3.41
"UPCShell" = LeapFrog Connect
"Veetle TV" = Veetle TV 0.9.18
"VLC Connection Utility_is1" = VLC Connection Utility 2.60
"VLC media player" = VLC media player 2.0.7
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"Google Chrome" = Google Chrome
"HuluDesktop" = Hulu Desktop
"MusicManager" = Music Manager
"Should I Remove It 1.0.4" = Should I Remove It
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 8/21/2013 3:13:05 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 00:13:05.622]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 3:20:11 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 00:20:11.081]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 4:16:33 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 01:16:33.825]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 4:21:40 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 01:21:40.583]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 4:24:44 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 01:24:44.663]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 5:07:02 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 02:07:02.591]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 9:29:39 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 06:29:39.698]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 10:10:57 AM | Computer Name = Owner-PC | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2013/08/21 07:10:57.114]: [00003296]: SendSKeySettingToDevice::
Snmp Load Error[0] To[192.168.11.21]
Error - 8/21/2013 11:07:26 AM | Computer Name = Owner-PC | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.75.0.1, time stamp 0x511f8eb2,
faulting module ntdll.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception
code 0xc0000005, fault offset 0x0004068a, process id 0x82c, application start time
0x01ce9e672a710890.
Error - 8/21/2013 12:07:13 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1010
Description =
Error - 8/21/2013 12:07:15 PM | Computer Name = Owner-PC | Source = Perflib | ID = 1008
Description =
[ Media Center Events ]
Error - 6/11/2009 8:18:00 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Error - 5/7/2010 5:31:50 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
[ System Events ]
Error - 8/21/2013 12:45:49 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:49 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
Error - 8/21/2013 12:45:50 PM | Computer Name = Owner-PC | Source = disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk3\DR3.
< End of report >