Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

rundll.exe after ransomware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

rundll.exe after ransomware

Unread postby MiakisMal » September 27th, 2012, 1:25 pm

Hi,

Recently I got hit by the 'Metropolitain Police' ransomware which I smacked with Malwarebytes, McAfee and Windows Defender but since I have has major slow downs, windows explorer crashes shortly after logging in and most of my notification area icons are removed. In my processes tab of task manager I get 4-5 Rundll.exe running during start up, this lowers to around 2-3 later on.

Any help would be appreciated, and, thanks in advance.

--- DDS ---

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Michael at 18:04:45 on 2012-09-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4031.2160 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Microsoft Security Essentials Prerelease *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Microsoft Security Essentials Prerelease *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\xampp\mysql\bin\mysqld.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\xampp\apache\bin\httpd.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\McAfee\MAT\McPvTray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.google.co.uk/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=EU01
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
mWinlogon: Userinit=userinit.exe,
uWindows: Load=C:\Users\Michael\LOCALS~1\Temp\mswouy.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - Virtual Storage Mount Notification
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [cacaoweb] "C:\Users\Michael\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [PlayNC Launcher]
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BBCIPL~1.LNK - C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Se&nd to OneNote - /105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.72.0.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A} : NameServer = 192.168.1.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\35B4957353130303 : NameServer = 192.168.1.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\35B4957353130303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\4514C4B44514C4B4D2336493141433 : NameServer = 192.168.1.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\4514C4B44514C4B4D2336493141433 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\C4F62727F6E602F46666963656 : NameServer = 192.168.1.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\C4F62727F6E602F46666963656 : DhcpNameServer = 212.139.132.41 212.139.132.42
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\C696E6B6379737 : NameServer = 192.168.1.1
TCP: Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}\C696E6B6379737 : DhcpNameServer = 212.139.132.41 212.139.132.42
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} -
STS: Virtual Storage Mount Notification: {5ff49fe8-b332-4cb9-b102-fb6951629e55} - Virtual Storage Mount Notification
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification
BHO-X64: Virtual Storage Mount Notification - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SSODL-X64: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - (value not set)
STS-X64: Virtual Storage Mount Notification: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Opera\program\plugins\npMegaPlugin.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Michael\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AiCharger;ASUS Charger Driver;C:\Windows\system32\DRIVERS\AiCharger.sys --> C:\Windows\system32\DRIVERS\AiCharger.sys [?]
R3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 hidkmdf;Microsoft HID Class Shim for KMDF;C:\Windows\system32\DRIVERS\hidkmdf.sys --> C:\Windows\system32\DRIVERS\hidkmdf.sys [?]
S3 ActionReplayDS;ActionReplayDS;C:\Windows\system32\Drivers\ActionReplayDS_x64.sys --> C:\Windows\system32\Drivers\ActionReplayDS_x64.sys [?]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\system32\drivers\HipShieldK.sys --> C:\Windows\system32\drivers\HipShieldK.sys [?]
.
=============== Created Last 30 ================
.
2012-09-27 05:44:08 -------- d-----w- C:\Users\Michael\AppData\Roaming\Malwarebytes
2012-09-27 05:43:41 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-27 05:43:38 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-27 05:43:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-09-27 05:30:12 -------- d-----w- C:\Users\Michael\AppData\Roaming\Omuhup
2012-09-27 05:30:12 -------- d-----w- C:\Users\Michael\AppData\Roaming\Mici
2012-09-27 05:30:12 -------- d-----w- C:\Users\Michael\AppData\Roaming\Awfoci
2012-09-26 22:02:49 -------- d-----w- C:\Program Files (x86)\McAfeeMOBK
2012-09-26 22:02:38 196440 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2012-09-26 22:02:32 66040 ----a-w- C:\Windows\System32\drivers\MOBK.sys
2012-09-26 22:02:27 73096 ----a-w- C:\Windows\System32\drivers\McPvDrv.sys
2012-09-26 22:02:27 -------- d-----w- C:\Program Files (x86)\McAfee Online Backup
2012-09-26 22:02:15 -------- d-----w- C:\Users\Michael\AppData\Local\McAfee Anti-Theft
2012-09-26 22:01:45 -------- d-----w- C:\Program Files (x86)\McAfee.com
2012-09-26 22:01:39 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-09-26 22:01:39 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2012-09-26 22:01:23 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-09-26 22:01:23 513456 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-09-26 22:01:23 300392 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-09-26 22:01:23 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-09-26 22:01:16 -------- d-----w- C:\Program Files\Common Files\McAfee
2012-09-26 22:01:07 -------- d-----w- C:\Program Files\McAfee.com
2012-09-26 22:01:06 -------- d-----w- C:\Program Files\McAfee
2012-09-26 22:00:53 -------- d-----w- C:\Program Files (x86)\McAfee
2012-09-26 21:48:40 177144 ----a-w- C:\Windows\System32\mfevtps.exe
2012-09-26 21:09:19 -------- d-----w- C:\Program Files (x86)\GridinSoft Trojan Killer
2012-09-26 20:54:10 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{06426C77-C16E-471F-8497-F46E35D572B8}\mpengine.dll
2012-09-26 20:49:34 -------- d-sh--w- C:\Users\Michael\AppData\Roaming\System
2012-09-26 20:49:23 -------- d-----w- C:\Users\Michael\AppData\Roaming\Yqazk
2012-09-26 20:49:23 -------- d-----w- C:\Users\Michael\AppData\Roaming\Rigyga
2012-09-26 20:49:23 -------- d-----w- C:\Users\Michael\AppData\Roaming\Dane
2012-09-26 06:14:09 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-09-26 06:06:36 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-22 18:10:14 -------- d-----w- C:\Users\Michael\AppData\Roaming\PFStaticIP
2012-09-22 18:09:47 -------- d-----w- C:\Program Files (x86)\PFStaticIP
2012-09-22 18:09:43 -------- d-----w- C:\Users\Michael\AppData\Local\APN
2012-09-20 18:28:14 -------- d-----w- C:\xampp
2012-09-20 18:03:42 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-09-18 19:05:51 -------- d-----w- C:\Users\Michael\AppData\Roaming\KompoZer
2012-09-16 17:58:03 -------- d-----w- C:\Program Files (x86)\StarCraft II
2012-09-16 15:22:54 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB127C39-2456-49CE-A4B0-0EFFF03EE6D9}\gapaengine.dll
2012-09-16 15:08:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-09-16 15:08:11 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-09-15 19:55:19 -------- d-----w- C:\Program Files (x86)\BBC iPlayer Desktop
2012-09-14 16:31:25 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3568BBDA-F739-4F10-AEA3-4C3184118E43}\mpengine.dll
2012-09-14 16:30:35 -------- d-----r- C:\Program Files (x86)\Skype
2012-09-12 05:52:22 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-09-12 05:52:22 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys
2012-09-12 05:52:20 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-09-12 05:52:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-09-12 05:52:19 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-12 05:52:19 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-12 05:52:19 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-08 09:52:21 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-04 16:31:14 14592 ----a-w- C:\Windows\System32\drivers\AiCharger.sys
2012-09-04 16:31:12 -------- d-----w- C:\Program Files (x86)\ASUS
2012-08-30 21:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
.
==================== Find3M ====================
.
2012-09-26 06:53:12 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-26 06:53:12 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-16 19:05:41 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-08-16 19:05:41 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-08-16 19:05:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-08-16 19:05:39 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-08-09 10:46:34 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-07-22 17:00:04 654944 ----a-w- C:\Windows\SysWow64\xsherlock.xem
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-17 13:52:38 335784 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-07-17 13:50:36 752672 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-07-17 13:48:34 169320 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2012-07-05 21:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-05 21:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
.
============= FINISH: 18:10:16.53 ===============


--- ATTACH ---

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 29/01/2010 20:40:26
System Uptime: 27/09/2012 17:26:48 (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | N/A | 2936/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 402 GiB total, 143.264 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
G: is FIXED (NTFS) - 50 GiB total, 34.43 GiB free.
H: is CDROM ()
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Director 11.5
Adobe Dreamweaver CS4
Adobe Dreamweaver CS5.5
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop Elements 7.0
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
ArcSoft WebCam Companion 3
ArcSoft WebCam Message Board
ASUS Ai Charger
µTorrent
Autodesk Backburner 2008.1
AutoHotkey 1.0.48.05
BBC iPlayer Desktop
beanfun! UK
C9
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Utilities Solution Menu
Cheat Engine 6.2
Click to Disc
Compatibility Pack for the 2007 Office system
Connect
CraftBukkit
Creation Kit
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Diablo III
DivX Setup
Eurobattle.net
Fable III
Game Fire
Google Chrome
Google Drive
Google Update Helper
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
Kalydo Player 4.06.04
kuler
Macro Recorder
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.65.0.1400
McAfee All Access – Total Protection
McAfee Online Backup
Media Gallery
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Touch Pack for Windows 7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.0
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Miro
Mozilla Firefox 15.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NCsoft Launcher
Nexon Game Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Overwolf
PDF Settings CS4
Photoshop Camera Raw
Picasa 3
Pixel Bender Toolkit
Portforward Static IP Address 1.0.47
Primo
PTFB Pro 4.3.0.0
QuickTime
Realtek High Definition Audio Driver
RegClean Pro
Runtime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Setting Utility Series
Shaun White Skateboarding
Shockwave
Skype™ 5.10
Sony Home Network Library
Sony Picture Utility
Soul Captor
Spotify
StarCraft II
Steam
Suite Shared Configuration CS4
System Requirements Lab
The Elder Scrolls V: Skyrim
Tradewinds Odyssey 1.00
Ubisoft Game Launcher
Uniblue DriverScanner
Uniblue PowerSuite
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Intelligent Network Service Manager
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Gate
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Personalization Manager
VAIO Power Management
VAIO Sample Contents
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
VLC Connection Utility 2.50
VU5x86
Vuze
Webzen Game Starter
Windows Internet Explorer Platform Preview
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Silverlight
XAMPP 1.8.0
.
==== Event Viewer Messages From Past Week ========
.
27/09/2012 17:27:31, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the file specified.
27/09/2012 17:27:31, Error: Service Control Manager [7000] - The Htsysm service failed to start due to the following error: The system cannot find the file specified.
27/09/2012 17:27:00, Error: Application Popup [56] - Driver RISD returned invalid ID for a child device (0001).
27/09/2012 06:32:41, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x80070002 Error description: The system cannot find the file specified. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.
27/09/2012 06:30:39, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
26/09/2012 23:08:59, Error: Service Control Manager [7034] - The McAfee Scanner service terminated unexpectedly. It has done this 1 time(s).
26/09/2012 23:08:59, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
23/09/2012 07:53:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.237.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
23/09/2012 07:53:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.237.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
23/09/2012 07:53:03, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.137.237.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8800.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
20/09/2012 18:41:47, Error: Application Popup [56] - Driver USB returned invalid ID for a child device (0).
20/09/2012 06:34:19, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.135.1568.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8704.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
.
==== End Of File ===========================
MiakisMal
Active Member
 
Posts: 6
Joined: September 27th, 2012, 1:06 pm
Advertisement
Register to Remove

Re: rundll.exe after ransomware

Unread postby askey127 » September 29th, 2012, 7:19 am

Hi MiakisMal
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P programs µTorrent and Vuze in the removal instructions below, so we are not wasting our time.
If you have used these, and your computer is infected, you can be fairly confident this is a principal reason.

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like µTorrent, Bittorrent, Azureus, Frostwire, Vuze, Shareaza, Bitlord.
Criminals have "planted" thousands upon thousands of infections in the "free" shared files.
Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

Stay away from Registry Boosters/Cleaners/Optimizers/Helpers. They are much more dangerous to your PC than helpful.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Vuze
Uniblue RegistryBooster
Uniblue SpeedUpMyPC
RegClean Pro
µTorrent

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-------------------------------------------------
Please download RogueKiller.exe and save it to your desktop.

Run RogueKiller
  • First, quit all running programs.
  • Start RogueKiller.exe. (Double click in XP, Right click and choose "Run as administrator" in Vista/Win7)
  • Note: If the program is blocked, do not hesitate to try several times.
    If it really does not work (it could happen), rename it to winlogon.exe or RogueKiller.com.
  • Wait until prescan has finished.
  • Click on the Scan button in the upper right. Wait for it to finish.
  • When the scan is complete, a file icon named RKreport.txt should appear on your desktop.
  • Please double click that file RKreport.txt and post its contents in your next Reply.
    (You can also open the report by clicking the Report button on the right).
  • When you exit RogueKiller, you may get a popup reporting "None of the Elements have been deleted. Do you want to quit?" Click "Yes".
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For WinXP, double click on the OTL icon to run it.
  • For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the logs RKreport.txt, CKFiles.txt, OTL.txt and Extras.txt.
Use separate replies for each log if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: rundll.exe after ransomware

Unread postby MiakisMal » September 30th, 2012, 1:12 pm

All bad stuff uninstalled. .txt docs follow.


RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Michael [Admin rights]
Mode : Scan -- Date : 09/30/2012 17:29:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : cacaoweb ("C:\Users\Michael\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-468394382-451526299-967517863-1000[...]\Run : cacaoweb ("C:\Users\Michael\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer) -> FOUND
[SHELL][SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Michael\LOCALS~1\Temp\mswouy.exe) -> FOUND
[SHELL][SUSP PATH] HKUS\S-1-5-21-468394382-451526299-967517863-1000[...]\Windows : Load (C:\Users\Michael\LOCALS~1\Temp\mswouy.exe) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet001\Services\X6va002 (\??\C:\Users\Michael\AppData\Local\Temp\0021209.tmp) -> FOUND
[Services][ROGUE ST] HKLM\[...]\ControlSet002\Services\X6va002 (\??\C:\Users\Michael\AppData\Local\Temp\0021209.tmp) -> FOUND
[TASK][SUSP PATH] {15482841-6964-4E03-9FF4-AD8BEF436123} : C:\Windows\system32\pcalua.exe -a C:\Users\Michael\Desktop\FF7\tm20decSetup.exe -d C:\Users\Michael\Desktop\FF7 -> FOUND
[TASK][SUSP PATH] {CAA0076C-4CDB-4D81-B6BE-480C27E4A605} : C:\Windows\system32\pcalua.exe -a C:\Users\Michael\Desktop\PFWalker.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-468394382-451526299-967517863-1000\$e4d97ec357becb3b0ca5175d8b51149b\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-468394382-451526299-967517863-1000\$e4d97ec357becb3b0ca5175d8b51149b\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-468394382-451526299-967517863-1000\$e4d97ec357becb3b0ca5175d8b51149b\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> G:\windows\system32\config\SOFTWARE
-> G:\Users\Default\NTUSER.DAT
-> G:\Users\Default User\NTUSER.DAT
-> G:\Users\Michael\NTUSER.DAT
-> G:\Documents and Settings\Default\NTUSER.DAT
-> G:\Documents and Settings\Default User\NTUSER.DAT
-> G:\Documents and Settings\Public\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 iphonesubmissions.apple.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AAJS-55A8B2 ATA Device +++++
--- User ---
[MBR] 0f29703f91054ae17442ad1b72216e1a
[BSP] 2ec5942afff1fb0da607f6ebea6662fd : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13858 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 28383232 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 28588032 | Size: 411779 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 871913472 | Size: 51200 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: Ricoh Memory Stick Disk Device +++++
--- User ---
[MBR] a39d62a2bff853690e3afef089eda0b3
[BSP] 2bcd3661e936fda2e20553fdd3985c27 : MBR Code unknown
Partition table:
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt
MiakisMal
Active Member
 
Posts: 6
Joined: September 27th, 2012, 1:06 pm

Re: rundll.exe after ransomware

Unread postby MiakisMal » September 30th, 2012, 1:13 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\adobe\adobe dreamweaver cs5.5\configuration\taglibraries\html\keygen.vtm
c:\users\michael\calibre library\agatha christie\the mirror crack'd from side to side (251)\metadata.opf
c:\users\michael\calibre library\agatha christie\the mirror crack'd from side to side (251)\the mirror crack'd from side to side - agatha christie.epub
c:\users\michael\calibre library\agatha christie\the mirror crack'd from side to side (251)\the mirror crack'd from side to side - agatha christie.mobi
c:\users\michael\calibre library\philip k. dick\the crack in space_ a novel (1312)\metadata.opf
c:\users\michael\calibre library\philip k. dick\the crack in space_ a novel (1312)\the crack in space_ a novel - philip k. dick.epub
c:\users\michael\calibre library\philip k. dick\the crack in space_ a novel (1312)\the crack in space_ a novel - philip k. dick.mobi
c:\users\michael\calibre library\writers of cracked dot com\you might be a zombie and other bad news (295)\metadata.opf
c:\users\michael\calibre library\writers of cracked dot com\you might be a zombie and other bad news (295)\you might be a zombie and other bad news - writers of cracked dot com.epub
c:\users\michael\calibre library\writers of cracked dot com\you might be a zombie and other bad news (295)\you might be a zombie and other bad news - writers of cracked dot com.mobi
scanner sequence 3.CG.11.RJAAEV
----- EOF -----
MiakisMal
Active Member
 
Posts: 6
Joined: September 27th, 2012, 1:06 pm

Re: rundll.exe after ransomware

Unread postby MiakisMal » September 30th, 2012, 1:13 pm

OTL logfile created on: 9/30/2012 5:50:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 43.22% Memory free
9.84 Gb Paging File | 6.94 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): C:\pagefile.sys 6046 6046D:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 402.13 Gb Total Space | 146.60 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
Drive D: | 468.19 Mb Total Space | 5.97 Mb Free Space | 1.27% Space Free | Partition Type: FAT
Drive G: | 50.00 Gb Total Space | 34.43 Gb Free Space | 68.86% Space Free | Partition Type: NTFS

Computer Name: MYACECOMPUTOR | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/30 17:48:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
PRC - [2012/09/26 07:07:37 | 001,807,280 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
PRC - [2012/09/08 10:52:21 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/06 15:51:54 | 015,668,432 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/06/29 14:59:30 | 008,180,224 | ---- | M] () -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2012/06/06 13:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2012/04/09 08:12:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/04/08 23:07:52 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2010/08/23 10:11:28 | 000,206,240 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2010/05/10 11:04:16 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe
PRC - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/08/18 17:02:14 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/07/28 00:58:40 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/07/28 00:58:38 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/07/28 00:58:38 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/07/28 00:58:38 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/07/28 00:58:36 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/07/23 18:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 18:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 23:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/21 17:09:06 | 000,078,184 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
PRC - [2009/06/26 22:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/12/08 23:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/30 17:14:54 | 000,571,392 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\pysqlite2._sqlite.pyd
MOD - [2012/09/30 17:14:54 | 000,263,168 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32com.shell.shell.pyd
MOD - [2012/09/30 17:14:54 | 000,096,256 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32api.pyd
MOD - [2012/09/30 17:14:54 | 000,086,016 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\_elementtree.pyd
MOD - [2012/09/30 17:14:54 | 000,070,656 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._html2.pyd
MOD - [2012/09/30 17:14:54 | 000,040,448 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\_socket.pyd
MOD - [2012/09/30 17:14:53 | 001,024,024 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\windows._cacheinvalidation.pyd
MOD - [2012/09/30 17:14:53 | 000,792,576 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._gdi_.pyd
MOD - [2012/09/30 17:14:53 | 000,731,136 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._misc_.pyd
MOD - [2012/09/30 17:14:53 | 000,354,304 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\pythoncom26.dll
MOD - [2012/09/30 17:14:53 | 000,110,592 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32security.pyd
MOD - [2012/09/30 17:14:53 | 000,073,728 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\_ctypes.pyd
MOD - [2012/09/30 17:14:53 | 000,011,776 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32crypt.pyd
MOD - [2012/09/30 17:14:52 | 001,169,408 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._core_.pyd
MOD - [2012/09/30 17:14:52 | 000,807,424 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._windows_.pyd
MOD - [2012/09/30 17:14:52 | 000,645,120 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\_ssl.pyd
MOD - [2012/09/30 17:14:52 | 000,311,808 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\_hashlib.pyd
MOD - [2012/09/30 17:14:52 | 000,121,856 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._wizard.pyd
MOD - [2012/09/30 17:14:52 | 000,111,104 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32file.pyd
MOD - [2012/09/30 17:14:52 | 000,036,352 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32process.pyd
MOD - [2012/09/30 17:14:52 | 000,022,528 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32pdh.pyd
MOD - [2012/09/30 17:14:51 | 001,056,256 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\wx._controls_.pyd
MOD - [2012/09/30 17:14:51 | 000,585,728 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\unicodedata.pyd
MOD - [2012/09/30 17:14:51 | 000,153,088 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\pyexpat.pyd
MOD - [2012/09/30 17:14:51 | 000,110,592 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\pywintypes26.dll
MOD - [2012/09/30 17:14:51 | 000,039,424 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32inet.pyd
MOD - [2012/09/30 17:14:51 | 000,017,920 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\win32event.pyd
MOD - [2012/09/30 17:14:51 | 000,011,776 | ---- | M] () -- C:\Users\Michael\AppData\Local\Temp\_MEI55922\select.pyd
MOD - [2012/09/26 07:07:37 | 009,813,424 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
MOD - [2012/09/08 10:52:20 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/04/08 23:07:20 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/06/10 03:52:36 | 000,495,616 | ---- | M] () -- C:\Program Files\Sony\VAIO Personalization Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/10 17:47:50 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/15 21:46:00 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/07/17 14:52:28 | 000,177,144 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/07/17 14:49:24 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/07/17 14:47:42 | 000,237,920 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/05/11 06:31:46 | 000,200,728 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/02/08 02:41:16 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/02/14 18:28:45 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009/08/13 07:11:54 | 000,522,240 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2009/07/16 17:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/26 22:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 22:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/18 02:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2012/09/26 07:53:12 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/08 10:52:20 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/29 18:50:13 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/22 18:00:04 | 000,654,944 | ---- | M] (Wellbia.com Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\xsherlock.xem -- (xsherlock)
SRV - [2012/07/15 18:52:08 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/29 14:59:30 | 008,180,224 | ---- | M] () [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012/06/06 13:30:30 | 000,022,016 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (apache2.4)
SRV - [2012/04/09 08:12:00 | 001,262,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/08 23:07:52 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/09/21 16:57:33 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/07 11:32:02 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/13 02:33:00 | 003,477,452 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009/07/28 00:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/28 00:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/28 00:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/28 00:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/28 00:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 18:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 18:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 18:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 23:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/12/08 23:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/14 16:26:40 | 000,073,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/09 11:46:34 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/07/17 14:55:40 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/07/17 14:52:38 | 000,335,784 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/07/17 14:51:16 | 000,106,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/07/17 14:50:36 | 000,752,672 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/07/17 14:49:36 | 000,513,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/07/17 14:48:54 | 000,300,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/07/17 14:48:34 | 000,169,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/05/27 23:29:14 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2012/05/27 23:27:27 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 22:31:08 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2011/09/16 15:10:50 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2011/09/16 15:10:24 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/05 23:59:34 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/05 23:59:34 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/05 23:59:34 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/05 23:59:34 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/05 23:59:34 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/03/05 23:07:43 | 000,025,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NW1950.sys -- (NW1950)
DRV:64bit: - [2011/03/05 23:07:42 | 000,014,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2011/01/18 14:47:48 | 000,004,608 | ---- | M] (JJS) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pspdisp_x64.sys -- (pspdisp)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/03 00:57:58 | 000,015,160 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jumi.sys -- (jumi)
DRV:64bit: - [2010/10/02 09:08:56 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2010/07/12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/07/08 13:40:06 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/07/08 13:40:05 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010/05/05 16:38:26 | 000,014,592 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\MOBK.sys -- (MOBKFilter)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/08/13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/31 21:10:18 | 000,091,648 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/07/31 21:08:57 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/06/11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/02/08 14:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ActionReplayDS_x64.sys -- (ActionReplayDS)
DRV - [2012/03/20 15:48:28 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\npptNT2.sys -- (NPPTNT2)
DRV - [2011/12/20 03:46:50 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 19:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=EU01
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\..\SearchScopes\{17525D47-9B14-4579-B7F8-DB5F07CF0A0D}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SVEA_enGB364GB364
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\..\SearchScopes\{B9206015-4500-4544-B0AC-B663DE103F58}: "URL" = http://rover.ebay.com/rover/1/710-42480 ... 4?satitle={searchTerms}
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\..\SearchScopes\{F941E5F8-A43A-4BC9-9C2B-70304E72E4FD}: "URL" = http://services.zinio.com/search?s={selection}&rf=sonyslices
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-468394382-451526299-967517863-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;


========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "google.com"
FF - prefs.js..browser.search.defaultenginename: "google.com"
FF - prefs.js..browser.search.order.1: "google.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: swiffout@grownsoftware.com:1.6.0.12
FF - prefs.js..extensions.enabledAddons: translator@zoli.bod:2.1.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {477c4c36-24eb-11da-94d4-00e08161165f}:2.7.6
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.0.1
FF - prefs.js..extensions.enabledItems: fastYoutubeDownloader@yevgenyandrov.net:1.1
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.4.5
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: firefox@meebo.com:1.1
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.134
FF - prefs.js..extensions.enabledItems: bejeweledblitz3cheat@thecybershadow.net:2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/08/29 11:59:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2009/08/29 11:59:52 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Webzen.com/NPGameWebStarter: C:\Program Files (x86)\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll File not found
FF - HKCU\Software\MozillaPlugins\@eximion.com/KalydoPlayer: C:\Users\Michael\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/18 22:33:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/09/27 06:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 10:52:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/27 22:53:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2012/09/26 23:02:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/08 10:52:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/05/27 22:53:05 | 000,000,000 | ---D | M]

[2010/01/30 02:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Extensions
[2012/08/24 20:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\extensions
[2012/08/20 18:48:10 | 000,000,000 | ---D | M] ("SwiffOut") -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\extensions\swiffout@grownsoftware.com
[2012/01/30 20:59:32 | 000,038,090 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\extensions\multilinks@plugin.xpi
[2012/07/21 15:16:08 | 000,056,403 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\extensions\translator@zoli.bod.xpi
[2012/07/25 20:29:31 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2010/12/06 01:55:58 | 000,002,424 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\8vlesy0r.default\searchplugins\askcom.xml
[2012/07/20 19:14:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 10:52:21 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/08 10:52:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/09/08 10:52:19 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\22.0.1229.91\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\22.0.1229.91\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\22.0.1229.91\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Exent\u00AE AOD Gecko Plugin (Enabled) = C:\Program Files (x86)\Free Ride Games\npExentCtl.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Michael\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Kalydo Player Plugin for Mozilla (Enabled) = C:\Users\Michael\AppData\Roaming\Kalydo\KalydoPlayer\bin\npkalydo.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: HelloFax - Free Online Faxing & Signing = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bocmleclimfnadgmcdgecijlblfcmfnm\1.1_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Webpage Screenshot = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\5.5.3_0\
CHR - Extension: Google Search = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Screen Capture (by Google) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpngackimfmofbokmjmljamhdncknpmg\5.0.4_0\
CHR - Extension: Cordy = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjbkahdllcckjbjijejpmcgkkjpnnfk\15_0\
CHR - Extension: VoucherFor.it = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkmekeohjhcjnkpikjalankkfppaggmh\1.0.10_0\
CHR - Extension: SiteAdvisor = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: Marvel Comics = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice\1.0.0.0_0\
CHR - Extension: Mystical Land Installer = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdkjcaifgmiepgkhohjooakknonejoc\1.0.0.10_0\
CHR - Extension: BARON UEDA (FR/LAMEMONGER?) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jepnnclcabggchgbkogkjilobomklihn\3_0\
CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.6_0\
CHR - Extension: Saga of Hero = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lknbomipeednfolohikpflfopogbfioo\1.0.7_0\
CHR - Extension: Word\u00B2 = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpibnckjjeaabeepofhfmmpjmnomohee\2.5_0\
CHR - Extension: LOVEFiLM | Watch movies & TV series online = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbkoecehgcgnkfomcgndgdhibakfiakj\2012.7.4.58315_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Deezer = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\npfkoakaabdallkcdbpkkhfilkkngakh\1.3.1_0\
CHR - Extension: Simple Get = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgnbkflnoffangkfbmlfkdlmikmoilkj\2.3_0\
CHR - Extension: Gmail = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: eBay Deals = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pllkgmcojhajjmojfoagiegoibjognlc\1.0.3_0\

O1 HOSTS File: ([2011/11/29 22:21:27 | 000,000,892 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 iphonesubmissions.apple.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [cacaoweb] C:\Users\Michael\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe (Sony Corporation)
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [PowerSuite] "C:\PROGRA~2\Uniblue\POWERS~1\launcher.exe" delay 20000 -m File not found
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1010..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-468394382-451526299-967517863-1010..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files (x86)\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
F3:64bit: - HKU\S-1-5-21-468394382-451526299-967517863-1000 WinNT: Load - (C:\Users\Michael\LOCALS~1\Temp\mswouy.exe) - File not found
F3 - HKU\S-1-5-21-468394382-451526299-967517863-1000 WinNT: Load - (C:\Users\Michael\LOCALS~1\Temp\mswouy.exe) - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res:///105 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - res:///105 File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-468394382-451526299-967517863-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-468394382-451526299-967517863-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-468394382-451526299-967517863-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-468394382-451526299-967517863-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.co ... 1.72.0.cab (SysInfo Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C093BDE7-6673-41E9-A202-6A8740C6357A}: NameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - Reg Error: Value error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/21 16:48:01 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/30 17:48:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/09/30 17:28:26 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\RK_Quarantine
[2012/09/27 18:03:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Michael\Desktop\dds.scr
[2012/09/27 06:44:08 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Malwarebytes
[2012/09/27 06:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/09/27 06:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/09/27 06:43:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/27 06:43:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/09/27 06:30:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Omuhup
[2012/09/27 06:30:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Mici
[2012/09/27 06:30:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Awfoci
[2012/09/26 23:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfeeMOBK
[2012/09/26 23:02:38 | 000,196,440 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
[2012/09/26 23:02:38 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2012/09/26 23:02:32 | 000,066,040 | ---- | C] (Mozy, Inc.) -- C:\Windows\SysNative\drivers\MOBK.sys
[2012/09/26 23:02:27 | 000,073,096 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2012/09/26 23:02:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Online Backup
[2012/09/26 23:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/09/26 23:02:15 | 000,000,000 | R-SD | C] -- C:\Users\Michael\Documents\McAfee Vaults
[2012/09/26 23:02:15 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\McAfee Anti-Theft
[2012/09/26 23:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee.com
[2012/09/26 23:01:39 | 000,010,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnk.sys
[2012/09/26 23:01:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\McAfee
[2012/09/26 23:01:23 | 000,513,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
[2012/09/26 23:01:23 | 000,300,392 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
[2012/09/26 23:01:23 | 000,106,112 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mferkdet.sys
[2012/09/26 23:01:23 | 000,069,672 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
[2012/09/26 23:01:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2012/09/26 23:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2012/09/26 23:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2012/09/26 23:00:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee
[2012/09/26 22:48:40 | 000,177,144 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
[2012/09/26 22:48:35 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/09/26 22:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/09/26 21:49:34 | 000,000,000 | -HSD | C] -- C:\Users\Michael\AppData\Roaming\System
[2012/09/26 21:49:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Yqazk
[2012/09/26 21:49:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Rigyga
[2012/09/26 21:49:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Dane
[2012/09/26 07:14:09 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/25 20:02:49 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Game Test
[2012/09/23 07:52:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/23 07:52:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/23 07:52:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/23 07:52:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/23 07:52:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/23 07:52:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/23 07:52:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/23 07:52:17 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/23 07:52:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/23 07:52:17 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/23 07:52:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/23 07:52:15 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/23 07:52:13 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/23 07:52:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/23 07:52:10 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\PFStaticIP
[2012/09/22 19:09:47 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portforward.com
[2012/09/22 19:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PFStaticIP
[2012/09/22 19:09:43 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\APN
[2012/09/20 19:35:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2012/09/20 19:34:00 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\phpMyAdmin-3.5.2.2-all-languages
[2012/09/20 19:28:14 | 000,000,000 | ---D | C] -- C:\xampp
[2012/09/20 19:03:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/09/19 17:13:07 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\xcel crap
[2012/09/19 11:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/09/18 20:10:05 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Test 1
[2012/09/18 20:05:51 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\KompoZer
[2012/09/18 20:05:32 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\KompoZer 0.7.10
[2012/09/18 19:07:12 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\images
[2012/09/16 21:47:23 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\Chris Moyles
[2012/09/16 19:19:06 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\StarCraft II
[2012/09/16 19:10:13 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/09/16 18:58:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/09/16 18:58:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2012/09/16 16:08:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/09/16 16:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/09/16 15:58:40 | 001,572,672 | ---- | C] (Gamania Inc.) -- C:\Users\Michael\Documents\_BFUninstall.exe
[2012/09/15 20:55:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2012/09/14 17:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/09/14 17:30:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/09/14 17:30:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/09/12 06:52:22 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2012/09/12 06:52:20 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/12 06:52:19 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012/09/12 06:52:19 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012/09/04 17:31:14 | 000,014,592 | ---- | C] (ASUSTek Computer Inc.) -- C:\Windows\SysNative\drivers\AiCharger.sys
[2012/09/04 17:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASUS
[2012/09/04 17:30:31 | 000,000,000 | ---D | C] -- C:\Users\Michael\Desktop\V1.00.06
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/30 17:53:07 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/30 17:48:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Desktop\OTL.exe
[2012/09/30 17:33:05 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/30 17:30:52 | 000,458,240 | ---- | M] () -- C:\Users\Michael\Desktop\CKScanner.exe
[2012/09/30 17:27:58 | 001,412,096 | ---- | M] () -- C:\Users\Michael\Desktop\RogueKiller.exe
[2012/09/30 17:21:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 17:21:16 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/30 17:19:22 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
[2012/09/30 17:16:28 | 000,792,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/30 17:14:39 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/30 17:11:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/30 17:11:20 | 3170,246,656 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/28 08:08:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-468394382-451526299-967517863-1000UA.job
[2012/09/28 07:25:51 | 000,673,300 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/28 07:25:51 | 000,129,294 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/27 21:08:16 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-468394382-451526299-967517863-1000Core.job
[2012/09/27 18:03:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Michael\Desktop\dds.scr
[2012/09/27 06:43:48 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/27 06:39:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/26 21:49:49 | 000,236,438 | -HS- | M] () -- C:\Users\Michael\AppData\Roaming\rt1.png
[2012/09/26 07:53:12 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/26 07:53:12 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/22 19:09:47 | 000,001,027 | ---- | M] () -- C:\Users\Michael\Desktop\Portforward Setup Static IP Address.lnk
[2012/09/20 19:35:40 | 000,000,606 | ---- | M] () -- C:\Users\Michael\Desktop\XAMPP Control Panel.lnk
[2012/09/19 16:06:51 | 000,001,085 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/09/19 11:39:40 | 000,001,708 | ---- | M] () -- C:\Users\Michael\Desktop\Google Drive.lnk
[2012/09/18 07:12:09 | 003,074,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/16 18:58:56 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/09/16 15:46:49 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/09/15 20:55:19 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2012/09/14 16:26:40 | 000,073,096 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\McPvDrv.sys
[2012/09/08 00:21:16 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\UpdateCheck.job
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/30 17:30:51 | 000,458,240 | ---- | C] () -- C:\Users\Michael\Desktop\CKScanner.exe
[2012/09/30 17:27:48 | 001,412,096 | ---- | C] () -- C:\Users\Michael\Desktop\RogueKiller.exe
[2012/09/27 06:43:48 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/26 23:04:02 | 000,001,828 | ---- | C] () -- C:\Users\Public\Desktop\McAfee All Access – Total Protection.lnk
[2012/09/26 21:49:48 | 000,236,438 | -HS- | C] () -- C:\Users\Michael\AppData\Roaming\rt1.png
[2012/09/26 07:07:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/22 19:09:47 | 000,001,027 | ---- | C] () -- C:\Users\Michael\Desktop\Portforward Setup Static IP Address.lnk
[2012/09/20 21:31:06 | 000,013,564 | ---- | C] () -- C:\Users\Michael\Desktop\news.sql
[2012/09/20 21:31:06 | 000,001,171 | ---- | C] () -- C:\Users\Michael\Desktop\users.sql
[2012/09/20 19:35:40 | 000,000,606 | ---- | C] () -- C:\Users\Michael\Desktop\XAMPP Control Panel.lnk
[2012/09/20 19:03:32 | 000,001,243 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012/09/20 19:00:12 | 000,001,375 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/09/20 19:00:01 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/09/20 18:59:49 | 000,001,274 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/09/20 18:59:15 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/09/20 18:58:42 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/09/16 18:58:04 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/09/16 16:08:31 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/09/16 16:08:23 | 000,002,183 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials Prerelease.lnk
[2012/09/15 20:55:47 | 000,001,085 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2012/09/15 20:55:19 | 000,000,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2012/09/15 20:55:19 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2012/07/27 23:23:07 | 000,000,000 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\ADF8F0174DAB4265999B9336FFF72A2D.dat
[2012/07/21 15:41:15 | 000,000,107 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\RSBot_Accounts.ini
[2012/07/21 12:47:56 | 000,000,032 | ---- | C] () -- C:\Users\Michael\jagex_cl_runescape_LIVE.dat
[2012/07/14 21:36:27 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2012/07/13 19:13:23 | 000,000,218 | ---- | C] () -- C:\Users\Michael\.recently-used.xbel
[2012/05/27 22:31:16 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/04/15 00:57:42 | 000,000,893 | ---- | C] () -- C:\Users\Michael\wxDownloadFast.ini
[2012/04/08 23:08:10 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/28 17:05:36 | 000,000,175 | ---- | C] () -- C:\Users\Michael\.jupload.properties
[2011/10/26 20:21:12 | 000,208,184 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/10/18 22:07:50 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/27 13:22:40 | 000,000,129 | ---- | C] () -- C:\Users\Michael\jagex_runescape_preferences2.dat
[2011/09/27 13:21:57 | 000,000,035 | ---- | C] () -- C:\Users\Michael\jagex_runescape_preferences.dat
[2011/09/19 22:04:19 | 000,274,432 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\chrtmp
[2011/06/23 13:08:08 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/06/07 21:37:03 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/05/06 17:43:28 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\1F27819550.sys
[2011/05/06 17:43:25 | 000,001,890 | ---- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/04/27 17:29:28 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/04/27 17:29:28 | 000,000,088 | RHS- | C] () -- C:\ProgramData\0427D39534.sys
[2011/02/16 17:01:14 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\HtsysmNT.sys
[2011/01/07 17:25:01 | 000,000,095 | ---- | C] () -- C:\Users\Michael\AppData\Local\fusioncache.dat
[2010/12/16 01:44:13 | 000,000,106 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\wklnhst.dat
[2010/11/29 18:42:09 | 000,007,613 | ---- | C] () -- C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
[2010/11/12 00:49:14 | 000,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2010/11/12 00:49:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2010/11/12 00:49:14 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2010/02/07 00:53:30 | 1041,039,357 | ---- | C] () -- C:\Program Files (x86)\ag_setup_1.0.3611.exe.sl

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-468394382-451526299-967517863-1000\$e4d97ec357becb3b0ca5175d8b51149b\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/01/31 19:47:23 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\.#
[2012/08/25 15:47:51 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.minecraft
[2012/01/31 21:27:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\.Nitrous
[2012/09/27 06:46:52 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\976861
[2011/11/03 22:35:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\asoftech
[2011/09/12 18:42:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Atari
[2010/09/23 09:24:02 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Audacity
[2010/09/21 16:58:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Autodesk
[2012/09/27 06:30:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Awfoci
[2012/07/19 23:43:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Azureus
[2011/04/28 09:38:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/12/21 14:46:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broken Rules
[2011/01/06 13:05:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Bump Technologies, Inc
[2011/02/06 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\cacaoweb
[2012/04/09 21:36:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\calibre
[2012/05/27 22:52:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon
[2012/01/31 20:07:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\com.w3i.FlipToast
[2011/12/21 13:11:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Crayon Physics Deluxe
[2012/09/26 21:49:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dane
[2011/03/29 18:36:43 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DarksporeData
[2011/09/12 18:35:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Dropbox
[2011/09/03 11:43:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DYA_NVURBDAHNPILDSNTI
[2012/01/28 18:04:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla
[2012/01/15 22:12:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FOG Downloader
[2010/12/31 00:35:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\GetRightToGo
[2012/07/13 18:10:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\gtk-2.0
[2012/08/05 16:40:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HackSlashLoot
[2011/06/14 20:06:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hi-Rez Studios
[2012/08/16 20:05:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hive Cluster
[2012/02/12 14:44:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\iMapBuilder
[2012/07/15 10:28:45 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Kalydo
[2012/09/18 20:05:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\KompoZer
[2011/03/15 14:01:38 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Leadertech
[2011/05/25 20:26:54 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Lionhead Studios
[2011/03/05 07:49:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient
[2010/03/25 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2012/07/27 23:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macro Recorder
[2012/09/27 06:30:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mici
[2011/02/18 00:43:48 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Minecrafter
[2010/05/06 03:00:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\MonkeyJam
[2011/12/21 12:34:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nicalis
[2012/09/27 06:30:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Omuhup
[2012/05/27 22:46:37 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OnLive App
[2010/03/24 15:52:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Opera
[2012/02/02 00:58:25 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Participatory Culture Foundation
[2012/07/13 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PCF-VLC
[2012/09/23 07:51:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PFStaticIP
[2010/11/12 00:57:12 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\PowerUp Software
[2011/10/17 20:37:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\pymclevel
[2011/12/28 01:23:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\redsn0w
[2011/09/12 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RIFT
[2012/09/26 21:49:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Rigyga
[2012/05/26 19:09:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\RotMG.Production
[2012/07/14 21:37:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\runic games
[2010/02/08 11:42:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Stardock
[2012/09/27 06:46:52 | 000,000,000 | -HSD | M] -- C:\Users\Michael\AppData\Roaming\System
[2012/09/30 17:26:32 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Systweak
[2012/07/27 23:23:07 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Technology Lighthouse
[2010/12/16 01:44:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Template
[2010/05/22 23:21:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TS3Client
[2012/07/22 13:47:33 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ubisoft
[2012/09/30 17:27:05 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Uniblue
[2011/01/08 01:26:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Unity
[2012/09/30 17:24:19 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\uTorrent
[2011/02/21 00:50:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wi-Fi Sync
[2012/03/04 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\WindSolutions
[2011/05/23 14:12:58 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\www.nerdoftheherd.com
[2012/09/26 21:49:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Yqazk
[2011/09/12 18:42:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ZumoDrive

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SBXNV9VVGV1BF1V4WG4H6PT4KGM8HTV4K6N636VFSVF7JB4VPJGF
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BFC41B39
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 128 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:BEB15613
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:6152D44C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D06A4C76

< End of report >
MiakisMal
Active Member
 
Posts: 6
Joined: September 27th, 2012, 1:06 pm

Re: rundll.exe after ransomware

Unread postby MiakisMal » September 30th, 2012, 1:16 pm

OTL Extras logfile created on: 9/30/2012 5:50:42 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.94 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 43.22% Memory free
9.84 Gb Paging File | 6.94 Gb Available in Paging File | 70.49% Paging File free
Paging file location(s): C:\pagefile.sys 6046 6046D:\pagef [Binary data over 200 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 402.13 Gb Total Space | 146.60 Gb Free Space | 36.46% Space Free | Partition Type: NTFS
Drive D: | 468.19 Mb Total Space | 5.97 Mb Free Space | 1.27% Space Free | Partition Type: FAT
Drive G: | 50.00 Gb Total Space | 34.43 Gb Free Space | 68.86% Space Free | Partition Type: NTFS

Computer Name: MYACECOMPUTOR | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0888EDAC-AD5A-47C9-800E-BE87793A038C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A0CFD71-3077-4916-BD15-EE0C35B26329}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{0AA5366C-7345-47B4-A56B-81A8BD78DB13}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{0AEEFB3E-8301-44AD-A4E8-866EE347FFEB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{11F09880-65E4-4BDA-A66B-BEE3FD1A4518}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D96E65E-CAB6-45FC-9616-F3CFCBDAF682}" = rport=139 | protocol=6 | dir=out | app=system |
"{2AE99985-F4DC-43BB-8E1B-E65D9BEE28B1}" = lport=138 | protocol=17 | dir=in | app=system |
"{2ECDEEB6-030D-4F01-A409-FCE6DC57AF70}" = lport=6938 | protocol=17 | dir=in | name=league of legends launcher |
"{2F992865-B7FE-43A8-B1E3-C65D8E602725}" = lport=49167 | protocol=6 | dir=in | name=akamai netsession interface |
"{306690A8-BA08-4E52-94C7-160730BDC5C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3321109E-33CA-4470-92CD-CAD69501673E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3769F2E5-77C1-42DE-A874-9D363C2C1411}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{39551669-0367-4A0C-A012-1123E53B0C0A}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{41637DDE-B8A0-4AF3-B371-645FF4B1DF54}" = lport=6938 | protocol=6 | dir=in | name=league of legends launcher |
"{4466B20F-8A2C-4806-B466-ED709D2057DB}" = rport=445 | protocol=6 | dir=out | app=system |
"{448C22B0-1CE1-4C54-8322-009FBF8D8BC0}" = rport=138 | protocol=17 | dir=out | app=system |
"{4B597AC1-286E-4C32-9627-4416F057D00A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F257B5A-424F-4D6A-9115-214F74A42894}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{593007C3-BF7A-4834-880A-2DFDE0F3A757}" = lport=5720 | protocol=6 | dir=in | name=jumi controller |
"{5EF4CBDD-C219-473E-8A5F-6E6563669002}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{740A84DB-5ED4-4F2D-81F3-421DD33B99B8}" = rport=12121 | protocol=6 | dir=out | name=ut |
"{774489C1-7C8C-4750-89FB-7C3BF9632500}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{77C618BC-5892-4EE0-B63A-2629F55AB0B1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C59BFE4-15D7-4A07-8C84-83646B9F954C}" = lport=137 | protocol=17 | dir=in | app=system |
"{81F841F9-FE0F-4C0B-814B-041E29082289}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{82A0F380-ED5D-4ECA-A2F0-723408D9EABD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8B51EB27-537E-4E71-9453-B58D54E1E911}" = lport=6939 | protocol=6 | dir=in | name=league of legends launcher |
"{9178FB51-8BD8-4FA9-8185-E653D9325ED7}" = lport=139 | protocol=6 | dir=in | app=system |
"{9B2D9D7C-B841-4D53-A796-59463C0413E8}" = lport=2869 | protocol=6 | dir=in | name=upnp tcp |
"{A02F912B-86C1-4F18-9DD9-E378F9C8332E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A17A0B8A-513E-4FDB-9F0E-BD5A50473E3A}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{B30785D6-B020-4479-BB1F-695415981C5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BD55E047-9C57-4270-A696-DE0A19BD1827}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher |
"{BDC142B8-6F1A-4820-B17B-50F245E6248A}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{C697A603-B6BB-4F8F-A907-A158AE7807C1}" = rport=12121 | protocol=17 | dir=out | name=ut(udp) |
"{C8471ACD-9994-4588-9871-734E099D2ADF}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher |
"{CBB4EEBA-6E47-4F3E-8AB1-05174A79AC28}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CE4A560E-9396-476C-A2EB-A277B300774D}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1B4145C-EC14-418C-9166-990AC0FA6EA3}" = lport=6939 | protocol=17 | dir=in | name=league of legends launcher |
"{D6DD40EC-0EED-41A1-BC0F-BF1263AF0FFE}" = lport=1900 | protocol=17 | dir=in | name=upnp udp |
"{DAF306B8-1C0D-4D0F-8D18-73337C09CBD2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DF41A958-8FAE-44DD-9F5A-A3135D24226C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DFE6C812-D9AF-4747-91F1-AEC90E4A8BAE}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{E4F715DF-91AE-4600-AA54-4F8998C2EB44}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E8A83709-6CFB-42A5-9649-B6B2AEDEFCBE}" = lport=5720 | protocol=17 | dir=in | name=jumi controller |
"{F40E694B-D6CC-49F7-B4B8-4280019E1016}" = rport=137 | protocol=17 | dir=out | app=system |
"{F51803E1-9208-4E06-BC6B-921028047C5B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F9990DF9-6BBB-41A9-AC0A-A7E7198255CA}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FBD665-BF29-4AA9-B17A-6FF1370B9B24}" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{01BE03A2-8010-4858-B93A-871B1304BDD9}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{05D5A46E-FE41-45CD-879D-08216950AE88}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{071E2FCB-A907-4686-88EC-5BBEA8D6D3A4}" = protocol=17 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{07A561C8-BDE9-4DA4-BA3B-3166E6916848}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0955E9C4-1A4A-46DC-9B6E-15547E091B54}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{0A0DE56B-3253-4FD6-B72C-D7818F8791B2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0F016EF8-CD11-46F6-87A3-1DBE253D5241}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{0F3BA8EE-B7A0-4C91-8CA7-A504AEE17911}" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"{129A35CB-436F-4E2F-9693-3445AF855B7B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{12B204FD-DEC4-419E-AFCD-2A4CA36DD910}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\launchpad.exe |
"{131DE73E-C637-4F79-9356-7E9BDBE899AF}" = protocol=17 | dir=in | app=c:\program files (x86)\blastshark\camon\blastshark.exe |
"{183B5B83-2E2A-4EE9-8083-6906CB99E767}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{193349AA-1565-4E3E-80CB-DAF5558165C2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1BE34676-4343-4B04-B61F-E202C5955E5A}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1C6C689A-8868-4830-B63E-98DB2A0A1DA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1DDAEFEE-BC5B-411F-9490-362AB9F33D4F}" = protocol=6 | dir=in | app=c:\league of legends\game\league of legends.exe |
"{1EE911D4-07CE-4FF1-9596-8217CCD9AA41}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{1FD29DCC-3C4F-4EF2-8CC5-670774D81D8A}" = dir=in | app=c:\program files (x86)\zecter\zumodrive\zumodrive.exe |
"{1FEF1DB1-39D8-4BED-8328-A6C2A83AA7C1}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{2090BBF5-C1D1-4324-9A3E-1B089D8F6C8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pandorasaga\steamintegrator.exe |
"{21527CD8-21C4-423B-A1A7-2D243E163F4A}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{21C29A21-F58C-4A29-95A4-A0FE89D385ED}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{23D064FA-A853-4315-8E24-C35389942FC7}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{27C3C06E-EA5F-4863-88E1-88A764191364}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{2938D96F-5051-4FE4-982B-2FAD1381AEB8}" = protocol=6 | dir=in | app=c:\program files (x86)\adblock pro\abpmain.exe |
"{2963B5AD-0494-4333-BF2A-11D3DCBC3590}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{2B2CC31D-475D-4F28-842B-09A562BAA4E5}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{2B796087-2D21-4429-9EE3-B2ACA44BF5A3}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{2BA7C62A-6AA3-4A17-B12C-4203403D9ED3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2E3C4A25-4E05-4A5B-BB37-7FB947A7F45B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2EFA5AF5-10C5-4159-8B0E-5E12B1096555}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"{2F9B7B19-F878-4002-9F0E-98F7D35A8C35}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{3363EAE0-26D5-40B3-87D0-67E2A8AE253F}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{346DA721-0AF0-4379-A3A9-5543E02C0F95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{3494DA25-D689-42BE-A72D-483831A5D713}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{393DDB02-84A3-4CA7-9338-FC2156C591D4}" = protocol=6 | dir=in | app=c:\program files (x86)\gamigo\black prophecy\bin\win32\blackprophecy.exe |
"{3ABC85B1-F7B2-4A54-9ACD-29503F3A7B56}" = protocol=17 | dir=in | app=c:\program files (x86)\gamigo\black prophecy\bin\win32\patcher.exe |
"{3AD06181-49A5-4FE5-9608-C45EF6571120}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{3B8234FE-B11F-499F-91B1-EFA198C0D57E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3CB29936-11AC-42D3-90BA-D8A5D3AE7FB2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{3CCBCD83-A5C2-4B43-B6A4-E37021F372FD}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{3D78A502-FA44-47B9-B181-D619CC4AE234}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{40A5F3CF-62C9-455E-B915-8525721F3A38}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4239E758-C26F-4FC7-8FF7-6600CB4BA593}" = protocol=6 | dir=in | app=c:\program files (x86)\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{42CEFA4A-7E4E-43DE-AA08-9ADFA53F5F62}" = protocol=6 | dir=in | app=c:\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe |
"{4333AEEC-FC18-498A-B236-FFB1A61CB64C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{45D2DD5A-08B0-4F46-9695-1FA90AEA6407}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe |
"{46165B05-49A9-40B5-B020-2C2A4AEF24D9}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{46916DFB-335C-4C1B-A683-6D94DDB529A5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{469BF020-D01A-49F2-AE17-9F859709519F}" = protocol=17 | dir=in | app=c:\program files (x86)\gamigo\black prophecy\bin\win32\launcher.exe |
"{48BDAAF8-A9E8-4435-8EE6-0E35F7EDF737}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{49074051-F115-457F-B106-E0A6C49E1878}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{499481F3-6B52-4308-8768-5FE113404406}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{4AD020BB-E970-44AE-87F0-09ECCE5F858D}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{4C61C056-59F4-4C9F-BA34-08E64FC30C33}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4DBC3D8C-4B72-4DCE-B714-3ACC4023A305}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"{50D94955-9A7F-4A83-A240-F7B37D3A8EB5}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{50EAF6BA-419F-4D13-B890-D8F33CDD59A6}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\frozen throne.exe |
"{5124FF9D-93EF-4534-B9B5-E4D5D4C4A96C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{54DA0BFC-4524-447A-829D-F6870EADA5A9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{596FA68D-8E24-4274-BB44-713BFD2179D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5B520AED-BD35-43E2-96A4-4300A9117E43}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C5B9845-0837-4CF6-94C4-00FD90BC1066}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D0868D5-08E9-4BBF-9095-5461E113A423}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\air\lolclient.exe |
"{5DB98F96-7741-4E9F-87A8-147C00F7D49E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{5F0C9DAF-5D1E-47E4-ADAE-FD494787AAD0}" = protocol=17 | dir=in | app=c:\league of legends\game\league of legends.exe |
"{61811B30-81E5-4C30-AC9C-42C752E2DD8A}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{65D2EDE3-BCA5-47C9-BB2E-2A4DD10CE633}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{67E7500B-5659-48D2-8E8C-E7D170F4AED5}" = dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{67EDDDEC-084B-453E-899B-80C1DE17E9DA}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{6A612E1A-B06A-4093-BD34-CF53D9EAF866}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{6B66EAFC-1874-406D-9382-E8EE659752E1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6C86E2C5-79A7-4D1A-A65C-9FF3FEDAC34D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{6D2A3E31-CFB8-43FC-ADD9-52A5DD337678}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe |
"{6E8F79F4-08F4-4D59-82CA-E8E4234B7B4B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{6ECA2F32-B386-4D87-8EC1-92B40303BA38}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6EFB5B1A-C6E2-4CAB-A263-7189F89F25F6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{707C0382-B497-4484-9041-5E4E0A16218D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{7173869E-FA98-4022-8D51-A15A3203DA59}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{726EDFE4-A34C-492E-A6B4-F74AF862F274}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7517D618-496F-43A6-820F-9011B2C7E037}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\euroloader.exe |
"{76EF82E2-D993-45B4-BDB9-BD48197258D3}" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{776AE6C4-989B-4912-9CD0-8514BD603E7C}" = protocol=6 | dir=in | app=c:\program files (x86)\gamigo\black prophecy\bin\win32\launcher.exe |
"{785EB405-DBBF-4860-994E-965531D1AD90}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{78BA55E9-B40E-4E07-8B2E-579F1119CF64}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |
"{790D7352-7926-46CB-847D-F3387D5DEE0E}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7947C99A-151E-4000-A2E6-BEA3D4FFB937}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{7A5630AA-E515-46DD-AA80-68462E7C39A7}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{7C51FA1F-3D23-46EB-A192-833F6CCD71FB}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{7D16BDAA-C570-44E2-9D90-1BB4707691E3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7E1A1036-9AE1-4CAC-B6E5-EE38546AA014}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7E2A2362-D2D4-4E5F-B2C7-B1D0DCAF3A50}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\frozen throne.exe |
"{7F3CF3C0-9D85-4BD7-BEDC-912C969352CF}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\3dsmax.exe |
"{8002E8B8-D659-427F-8BCC-6D69C51FD722}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{808BEE62-0E5D-4F7C-A6E1-E74EF51A71D6}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{833D84D5-B4DF-447A-A657-1652C7535AD1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{8373BE6E-A531-4D23-B294-7D39CD26543D}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{842CDAEC-1B67-46A7-8776-499C3D88DA63}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\3dsmax.exe |
"{85546938-78FC-436A-9330-337E52D9ED4D}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{876B1ADC-B3CB-4DD7-8DAD-D3141595E2AE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cogs\cogs.exe |
"{88FC3333-BF94-40F5-B05A-DC7A5D38C61C}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{8B22B773-32BE-4D12-820E-DCA1BB15BAE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\super meat boy\supermeatboy.exe |
"{8B35D409-CDF0-4E46-9FE0-62D1E83DF322}" = protocol=6 | dir=in | app=c:\program files (x86)\blastshark\camon\blastshark.exe |
"{8CD8ED34-3507-4404-B312-74084D5EBBB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spiral knights\java_vm\bin\javaw.exe |
"{8E586D91-4DBE-49E1-AC77-28E376CFF567}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{8F44819A-9396-431D-B7C6-D16B1F442897}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{90110D6D-CC90-4EDD-9069-E375BE1409A1}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\monitor.exe |
"{90C9DBF1-6763-4B8F-84FF-5D58F4AE9914}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{928B3D06-353C-42E7-A448-B6AA2D539A19}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{92B0F562-ACD6-4329-A62D-E1871C5E1E0F}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{939184DF-840B-4CE4-BE5A-66FDCF83FF63}" = dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
"{9751B8DD-F954-4824-8918-9065FA858709}" = protocol=17 | dir=in | app=c:\world of warcraft\wow-3.3.5.12340-x86-win-engb-bkgnd-downloader.exe |
"{988A2306-68AC-4CA7-890C-EDAF2193FBC8}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe |
"{9A6511C8-8F2D-4256-874F-34598001F568}" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\warcraft iii.exe |
"{9D099455-C4F4-4E43-99FE-4EE31606AD7F}" = protocol=6 | dir=in | app=c:\program files (x86)\gamigo\black prophecy\bin\win32\patcher.exe |
"{9D7C86E8-11A9-43D0-8576-6A9E45C5413C}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{9F2240FD-D5F8-4EE1-88CD-D3CD372EDC97}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A13439FD-DAEA-4593-AF94-AFD586A0A865}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\manager.exe |
"{A19949DD-B53E-473E-81A5-52BC1860F32B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{A232CD97-4ED3-458D-8A89-5D7A4C8A93AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A2D7FFC1-E8B0-4E3B-9E67-E6A4B72F5A1F}" = dir=out | app=c:\program files (x86)\zecter\zumodrive\zumodrive.exe |
"{A2DBABE7-EA05-454E-AC93-033141D5FF0C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{A46D113E-BD27-4952-9F6B-B138ED5E0A4C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{A4AC2EAA-BFC2-4BC4-90F7-C8980E369B73}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{A4BCA7D5-D41C-4C75-8080-B47FE2D3F748}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{A4CC3042-47B9-4B64-B28D-54EBB2C12EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\war3.exe |
"{A629D5F5-CD78-41A5-9363-18779E0AB31F}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{A8271481-C861-4D3D-97B5-372A8F1CB8F2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\world of battles\release\launcher.exe |
"{A85B3AF6-6382-4926-A796-F6F2C33CB3A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{AC05D329-77ED-4080-9FB8-15D2EF50E25E}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{B04F101F-DA48-40D5-AE63-45ACD0210A76}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |
"{B0681B1D-36B3-4728-B3C7-29DF83969609}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\pandorasaga\steamintegrator.exe |
"{B14F834D-5837-4B4D-9F21-818FB69FDD1D}" = protocol=6 | dir=in | app=c:\league of legends\air\lolclient.exe |
"{B277E298-E3C7-4B04-B187-4E66C8B13C20}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{B47CEF7E-D5BD-4F23-B787-10A6FC510A8E}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\mirror's edge\binaries\mirrorsedge.exe |
"{B5A40AED-F6A2-47ED-8C9E-173480F07EA4}" = protocol=6 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{B5CEE67C-A024-42E9-BE84-E0AC57B7BF2A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B7219C93-18AF-443E-A622-8EE059D41421}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{BA998B21-FB2D-4D08-A342-BBE29EC1D4F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BAA4D783-DCC8-4521-B83C-6B0A9709F4E1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BB5EA904-C363-42B8-B3DB-A3E1627C957D}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"{BE2E6E47-64F6-4124-9424-B140DC4DB503}" = protocol=17 | dir=in | app=c:\program files (x86)\gamigo\black prophecy\bin\win32\blackprophecy.exe |
"{BEB53728-98DA-4644-AA9B-C75E8F161863}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe |
"{BFC6C431-16BD-4BF0-8F52-372253C3829E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{BFE0CAE5-2424-4401-9443-59C4A3AC3317}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\crayon physics deluxe\launcher.exe |
"{C0A6696A-BA00-4D25-9A71-4BFF889E99B8}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{C2487C57-835F-40C8-AB1F-184CD6C712D6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C47FADAB-B581-46CD-9717-AEC8230580FC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C506EA27-C5A0-4FDE-978D-212C4E738BA4}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe |
"{C9BD78C4-05BE-4227-8599-41DC334312C2}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\euroloader.exe |
"{D08BCE07-000E-4B00-848D-99EC82268D07}" = dir=in | app=%programfiles% (x86)\vuze\azureus.exe |
"{D1473EDB-4A4B-4111-8047-B54EC7F5537A}" = protocol=6 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{D58A903D-1234-4237-89D4-9A4CE3BB5320}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\3ds max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe |
"{D5CC77A4-7CD2-4840-B99E-A108E28B1B26}" = protocol=17 | dir=in | app=c:\program files (x86)\autodesk\backburner\server.exe |
"{D7CE3922-FF1D-43D8-A435-3A7423F77BAA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{DA71E543-30C7-4BDA-82E9-78C2326104FF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe |
"{DB902E7F-27D5-4CAD-B621-AD95C03DE95C}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\launcher.exe |
"{DFE35E1F-D4F0-4F6B-918C-E2FC34D14F56}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{E0B84FC1-F359-4FA8-A0B3-17C70FC4AE1F}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\related designs\anno 1404\anno4.exe |
"{E1532886-CCE8-444A-B4AD-4A16EE3A3E7E}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe |
"{E1776F57-B0D8-41C4-A87A-42B7B9259661}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E202F89A-9DBC-48AE-9EE9-91CF625BD54F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E2496E6B-6D0E-4F7B-A4C5-776A264DB251}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E3E422F0-F165-4CC9-8F3E-C21196BFD647}" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe |
"{E4A80E0A-5AB9-4A66-B672-25B7EA60A82E}" = dir=in | app=%userprofile%\documents\vuze downloads\nero burning rom 10.5.10300 +serial [ut]\nero burning rom 10.5.10300 +serial [ut]\nero_burningrom10.5.10300_trial.exe |
"{E71BA8E2-DDF2-44A5-83AB-E57A0468C82E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe |
"{E7ABC7BB-CBBE-4014-A224-921528D85901}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe |
"{E9C72FDC-C0DE-4FBD-9EC2-CE17CEB00A81}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe |
"{EAF462CF-81B3-465A-8A6C-3768309A5413}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"{EBDBA011-43C2-4C2E-9793-0FD045EC8365}" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii reign of chaos & the frozen throne\warcraft iii.exe |
"{ECC124F5-0BB7-4508-BB6F-3EB96DB260C1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"{ECDBACA6-CF01-4E55-ADDB-E95E6EFAA543}" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"{EE7C1F4B-EFF5-4CB0-BC55-86C4857C21C3}" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"{F0F1D401-AFE8-443F-8309-B862EA129B60}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F24ADB9C-7C86-4518-BC02-CFAADDD2653E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F362A965-083C-4149-8F34-1D209FCAA0D1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{F44548C4-950E-46DC-A997-2CA40EEE8C9D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{F8947596-E533-4D54-8B73-BDB5CCB0B993}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F904FADD-C895-4000-89B1-945BF0ED0F1D}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{FB22490A-FA96-466D-8795-B49925185678}" = protocol=17 | dir=in | app=c:\league of legends\air\lolclient.exe |
"{FC3F32A9-A76C-4BC1-B7A1-F9ABDEF00227}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{FDF6FA1D-DB53-4CB9-9070-747BC02D3EDF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FE48C830-0BD0-42DF-896A-12A8EA9463B6}" = protocol=17 | dir=in | app=c:\program files (x86)\league of legends\game\league of legends.exe |
"{FFBC68BF-D94A-4DCC-9C77-0C1D390FC740}" = protocol=17 | dir=in | app=c:\program files (x86)\adblock pro\abpmain.exe |
"TCP Query User{02A42584-05E1-46CC-9B50-D94F8507F166}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{03D451AF-CDCC-4511-904B-94D6C1CD6A9D}C:\users\michael\desktop\hypergts\hypergts.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\hypergts\hypergts.exe |
"TCP Query User{05D8AE87-5F6F-428B-A344-62B1916E8B03}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{0836F30B-96A7-4458-B741-1276B08876B4}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{0C28EC37-9A5B-4EDC-972F-66E7285700AF}C:\users\michael\downloads\eligium_0_90_1_en.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\eligium_0_90_1_en.exe |
"TCP Query User{0ED301BE-1B59-425B-B9FA-CB1832A28ACC}C:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe |
"TCP Query User{13A01B14-CF3C-4D21-A5D3-33467B7DCC20}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{13D7E0A8-3D83-4C96-AA1F-8DFF5395944D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{1A77CDEE-BDDF-41A1-ACA2-51ABB4702760}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{1C2939E7-635D-46A8-87AF-11018843C7FC}C:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"TCP Query User{1D5E0DDE-3896-488B-99E1-1396F599883B}C:\program files (x86)\ncsoft\lineage ii\system\l2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\ncsoft\lineage ii\system\l2.bin |
"TCP Query User{251152D2-327A-4078-8C5D-7F5B6188168D}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{2726811B-8D94-4CD1-BCFF-3214E36EBB1E}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{296C9A7B-5C85-4892-9B62-FAED4FB6DD4C}C:\users\michael\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{2ED49388-E808-4E8E-B7BF-7A7AD1D620C6}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"TCP Query User{2FE9E78A-6A77-4BFC-898F-D327724A93E3}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"TCP Query User{34ABBB47-884C-4AF1-BF35-1E1B3FD05016}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{34F709F9-E6B7-476C-BF01-A3404385CE50}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{3AFB718F-BEF5-42F6-93AF-6E89DFC803E7}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{3FC6871E-7651-41A5-9BA1-F26DDB2576B1}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"TCP Query User{3FF9FAEB-582B-4907-9E94-121D0C2C19DE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{4354587D-3E05-401C-B349-C3377E5B089C}C:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{46F65C2B-1E7D-4AEC-801A-8C6EDDE65859}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{4C6AF779-C7AF-4F76-A36F-9E8BC5E4824D}C:\program files (x86)\beanfun!\brightshadow\brightshadow.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beanfun!\brightshadow\brightshadow.exe |
"TCP Query User{5117E9C7-3B10-451E-8DCD-BB9E7FBA7EFE}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"TCP Query User{51A3B362-377A-4AB2-8F69-45A0599D2A82}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{5913DACD-E8E3-48ED-A689-A0EC777B6117}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{59A5FE96-5F7E-4A0A-881B-3D7A6A37CACF}C:\program files (x86)\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"TCP Query User{5D45AF44-66C7-487C-9694-E73BBF58EEA6}C:\program files (x86)\participatory culture foundation\miro\miro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro.exe |
"TCP Query User{5F30985A-988A-4770-AC89-4F9C7325DA37}C:\users\michael\desktop\ghostone\ghost.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\ghostone\ghost.exe |
"TCP Query User{616BC0DE-D013-4260-90F2-02F86D6B3431}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"TCP Query User{6268F9D2-775D-4234-B345-EB4678CC1B55}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{64125D5C-3D45-4133-B0F7-B5C86287ABE8}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"TCP Query User{661AF210-5122-4902-BF15-DD8C7BC4B044}C:\program files (x86)\activision\rome - total war\rometw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\activision\rome - total war\rometw.exe |
"TCP Query User{6854F345-1EF0-4861-B93D-4BE5BF750AA5}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{6A7103AF-E4A1-4FF8-8297-4709F8DA0B7E}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"TCP Query User{6A8E3475-298D-48B5-ACBA-2E32D32A5339}C:\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe |
"TCP Query User{702ED378-61F2-48D0-B64E-4FD4236CCF73}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe |
"TCP Query User{71FFB5E8-9870-4F6D-A6F0-DCD1010059BF}C:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe |
"TCP Query User{73FEF4DA-257D-4212-AB71-4F14285DAA67}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"TCP Query User{78710B67-82CF-422A-A034-8689FC7618DD}C:\users\michael\downloads\soulcaptor_cb.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\soulcaptor_cb.exe |
"TCP Query User{79583490-990C-48E1-BD32-1AF3551DD38E}C:\users\michael\downloads\ts7ptak.p\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\ts7ptak.p\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe |
"TCP Query User{7CAC35F8-2CCA-4ED7-ADA1-DF013AA33CBE}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{800C7199-E1B3-44D4-B697-B436196C1FC3}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8521EBB7-176F-46E3-94CD-5AFA5BEB5E50}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"TCP Query User{87EE1188-F66A-4EA4-80CF-01033051BAC7}C:\users\michael\desktop\sni\shinygts.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\sni\shinygts.exe |
"TCP Query User{87FF8E2B-F2A7-4EAC-A767-617D2A353C5E}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"TCP Query User{88121D39-5752-4634-AEFB-2C83C4BF8864}C:\users\michael\downloads\tinyumbrella-5.00.12a.exe" = protocol=6 | dir=in | app=c:\users\michael\downloads\tinyumbrella-5.00.12a.exe |
"TCP Query User{8DAB7BBF-96E9-4202-A22D-6B064C38C4B7}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{92EED160-527D-438F-949B-351EE144A28F}C:\python27\python.exe" = protocol=6 | dir=in | app=c:\python27\python.exe |
"TCP Query User{945CDE8B-8054-4DCF-892D-0A450FE785A8}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"TCP Query User{94878127-C512-45EF-B723-41F57B880CA8}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{96FF1A31-13BD-493F-8726-69E31775F268}C:\program files (x86)\steam\steamapps\thepog1\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\thepog1\team fortress 2\hl2.exe |
"TCP Query User{995D15C6-5D88-4C9F-B2A6-2D2DBF628677}C:\program files (x86)\jumi\jumi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jumi\jumi.exe |
"TCP Query User{9C028E13-ECAC-4D0B-846C-93EC436BF9B6}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{A0A1EEE9-9170-421B-9AEB-13A71E9F0658}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe |
"TCP Query User{A0AB02EA-AD61-4BB1-96F2-A600E5FB909A}C:\users\michael\desktop\ghostone\gproxy.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\ghostone\gproxy.exe |
"TCP Query User{ABD586A2-7737-4860-9534-A4044BFD2B8D}C:\program files (x86)\beanfun!\soulcaptor\_sclauncher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\beanfun!\soulcaptor\_sclauncher.exe |
"TCP Query User{AC0E3025-A901-44F6-B205-D2FCBF84EEE4}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"TCP Query User{AE635E4A-A20D-4B22-98FC-E731547D96A6}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"TCP Query User{AEFFB4F9-0F4C-4A3E-BD88-037E76C76A2A}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{AF3708B4-6021-47CF-9F9B-14F20153A3D3}C:\users\michael\desktop\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\redsn0w_win_0.9.10b1\redsn0w.exe |
"TCP Query User{B0680209-0365-48E4-BAC5-142F6A3855D4}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"TCP Query User{B1099347-7346-49BD-B485-3DA9F31F79C0}C:\users\michael\desktop\new folder (2)\for.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\new folder (2)\for.exe |
"TCP Query User{B147B593-5027-4709-897E-CD6755B2668A}C:\users\michael\desktop\pflu.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\pflu.exe |
"TCP Query User{B2456280-F9C8-452D-B8EA-4E501A34AEC7}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{B3A728DC-071A-4D24-B277-40F9C38FB176}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{B61028C2-B424-44DA-8018-C77EC75F0172}C:\program files (x86)\participatory culture foundation\miro\miro.exe" = protocol=6 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro.exe |
"TCP Query User{B7DBC32F-90A5-4F69-886B-26FE719CCAA3}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{C1FF8527-2C5A-471D-A517-8C4FE3A1BAC4}C:\users\michael\appdata\roaming\kalydo\kalydoplayer\bin\kalydoloader.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\kalydo\kalydoplayer\bin\kalydoloader.exe |
"TCP Query User{C4351872-CD6D-4912-B84B-852804B08238}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{C60DDAF3-AA49-400D-A2FE-C13432D8049F}C:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe |
"TCP Query User{C7986E7C-8458-4B50-890C-D912B7144473}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{D0CCC1E5-0F7B-4F23-AFA2-503B0EA9A3E6}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{D5B23677-B280-40EC-AACA-7C9B8F159664}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{DB1CDCF7-0111-4DC1-8A22-E2BCEB0FA497}C:\users\michael\appdata\local\temp\rar$ex00.067\pkmsendportcheck.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\local\temp\rar$ex00.067\pkmsendportcheck.exe |
"TCP Query User{DB8ED765-889F-49D3-9041-EF016958AB3B}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"TCP Query User{DBF7ADC2-94BF-4585-96A4-165C0C973E18}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"TCP Query User{E3C8EF99-D5F0-4B69-A13D-D6D2284110E1}C:\users\michael\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\wuala\wuala.exe |
"TCP Query User{E56D70F4-D97F-401D-8B03-EC7AC94E273F}C:\users\michael\desktop\ghostone\ghostone.exe" = protocol=6 | dir=in | app=c:\users\michael\desktop\ghostone\ghostone.exe |
"TCP Query User{E85D8000-C9E9-4906-B54E-11B64A05072B}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
"TCP Query User{ED1B04A4-41F8-4654-982A-C60513F62921}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"TCP Query User{F138370A-EE61-45B2-AD00-B157E5BFB889}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"TCP Query User{F28B8320-2C36-463A-B386-8C54BB2F8562}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe |
"TCP Query User{F7B303EB-5A13-4FF6-89CC-9DA6020C1752}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{FEED8292-6C7D-40A0-8527-B82DDA8B21EE}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"UDP Query User{02CB6BD0-2410-4680-8EA6-CA4470332895}C:\users\michael\desktop\ghostone\ghost.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\ghostone\ghost.exe |
"UDP Query User{0527B51D-DE2B-4EC1-9453-A60E90D46C95}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{05E28088-3653-4B2A-9269-9D45A09C3770}C:\program files (x86)\ccp\eve\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ccp\eve\bin\exefile.exe |
"UDP Query User{06E54D35-B94D-4733-9300-54B3385B571F}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{077B23F0-7F41-46E7-824C-3A7033125346}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{0B138CB9-43F7-4FE9-AABB-1F3E518D1979}C:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hi-rez studios\games\global agenda live\binaries\globalagenda.exe |
"UDP Query User{13B843B4-E5ED-4F11-A37E-2A9FDCA3FD2B}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe |
"UDP Query User{164333EC-4B48-40AF-8A00-F454073E8246}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{184EDA47-24CC-4B6D-90D1-0122F84A9C87}C:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\the lord of the rings online\lotroclient.exe |
"UDP Query User{1A2FBEE4-EAB6-4383-AD1E-0032653FB827}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{1BA82F8D-2CDF-4F6F-AA21-9C1190318A96}C:\program files (x86)\jumi\jumi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jumi\jumi.exe |
"UDP Query User{1BCEA68B-AF24-4DC1-B25A-752DDC938883}C:\users\michael\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\wuala\wuala.exe |
"UDP Query User{1CCC5CA3-7DD5-410D-B5DE-4094B425E5FD}C:\program files (x86)\participatory culture foundation\miro\miro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro.exe |
"UDP Query User{21767429-501B-482B-8D7E-E0D9F291A01E}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"UDP Query User{2452A900-3C6C-4E9F-A57B-2339BAB5A288}C:\program files (x86)\wi-fi sync\wifisync.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wi-fi sync\wifisync.exe |
"UDP Query User{298842FD-6066-45CD-B2A8-573D0571C503}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe |
"UDP Query User{2A8A5107-2D30-4F91-9EFC-499DA2B91463}C:\program files (x86)\participatory culture foundation\miro\miro.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro.exe |
"UDP Query User{2B5B2BDF-6FFA-4082-A490-3C8CD5CDB1B1}C:\users\michael\downloads\soulcaptor_cb.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\soulcaptor_cb.exe |
"UDP Query User{2BEC29F9-02E9-4F4E-87DB-5206BE75B052}C:\users\michael\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\akamai\netsession_win.exe |
"UDP Query User{2DD216C7-DD8B-4173-A7DA-E8B427BAB5B2}C:\program files (x86)\beanfun!\soulcaptor\_sclauncher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beanfun!\soulcaptor\_sclauncher.exe |
"UDP Query User{2F74E8E6-DC55-4D40-A5CF-33EDC22057A1}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{2FBD93CB-A6E0-4F7D-ADFB-B84CC8618F67}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{30B5CB46-7D31-473B-9C2D-9357438621AD}C:\users\michael\downloads\eligium_0_90_1_en.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\eligium_0_90_1_en.exe |
"UDP Query User{30E28E6B-07CF-4D5F-9C31-CD6F1E3E88FE}C:\users\michael\appdata\roaming\kalydo\kalydoplayer\bin\kalydoloader.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\kalydo\kalydoplayer\bin\kalydoloader.exe |
"UDP Query User{3100CE7C-1440-437C-BD39-F2DED400ED56}C:\program files (x86)\steam\steamapps\thepog1\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\thepog1\team fortress 2\hl2.exe |
"UDP Query User{3137E275-75BF-42A4-8F53-480B8410861A}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{31B49B0D-C28B-4761-8B78-FA18F52999B5}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"UDP Query User{3206853D-FAC9-4361-945F-CA95B144B5AA}C:\users\michael\downloads\tinyumbrella-5.00.12a.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\tinyumbrella-5.00.12a.exe |
"UDP Query User{32D524B5-2E53-4379-899E-CB8A787FEF62}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{3356F8EA-D79D-4ABC-A5AE-9DE095FD615E}C:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders demo\binaries\win32\dundefgame.exe |
"UDP Query User{40805269-059B-4C18-B66D-45A4D9E8F2B7}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{42FF61E9-9CBE-495D-9D0A-321896B0A1C3}C:\program files (x86)\starcraft ii\versions\base22612\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base22612\sc2.exe |
"UDP Query User{444B8740-5DB9-4A0D-B44A-DED0D873EFA0}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{451F9DB9-72D9-4E6F-B1CC-48A1ECAA5317}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{49716BDD-7B8A-40D9-9CDC-140DAA260667}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{4C1E7569-2065-4B4F-85D0-032E3C7BD6C0}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe |
"UDP Query User{58BE1C76-8603-446E-A055-9C918EED6B87}C:\program files (x86)\beanfun!\brightshadow\brightshadow.exe" = protocol=17 | dir=in | app=c:\program files (x86)\beanfun!\brightshadow\brightshadow.exe |
"UDP Query User{59F293B9-FB26-4C06-A6E5-AAE169751D72}C:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{5A447B6D-0FD0-4BCE-B7B2-5B85E6CEBC1F}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe |
"UDP Query User{5CFD1172-967A-45F0-A60C-99A66C101DDE}C:\program files (x86)\activision\rome - total war\rometw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\activision\rome - total war\rometw.exe |
"UDP Query User{602A30F1-2929-45C3-A223-3E96EF5C62DA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{605BD0DE-F58A-4F9B-9B53-41B34A9B1F37}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{6119622D-8B27-4832-AA1D-5AAAECFD6239}C:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{6AC39B88-6266-463D-A93A-B01960C51464}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{6BC1F4F9-3432-491C-BF79-AD65FF3ED11D}C:\users\michael\desktop\new folder (2)\for.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\new folder (2)\for.exe |
"UDP Query User{6D61DEB8-95D5-44C5-95CE-351985BDAA4C}C:\nexon\vindictus eu\en-eu\vindictus.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\vindictus.exe |
"UDP Query User{7157B61C-59CA-4EBE-9796-FD9B768A335E}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{76400655-CBDA-4D15-8B11-6491ABC50D9F}C:\users\michael\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7DA55222-D609-4B92-B07E-BBDAAD101D1F}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{82138146-67B2-4F60-90AC-38D1B9CA5715}C:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\batman arkham city\binaries\win32\batmanac.exe |
"UDP Query User{8B8B20F8-0B82-4002-810C-2009592FFC3F}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{910A8106-C90F-4DD8-B2F3-5268014E4F88}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{93508FA4-E9D0-4739-86BC-07A08F475D95}C:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\star trek online\star trek online\live\gameclient.exe |
"UDP Query User{988D936D-576A-45E5-A9AC-594480A3876B}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{9E6BA570-53BE-4596-8D53-A09A5CA94C04}C:\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe |
"UDP Query User{A6D77031-20D0-47B5-8845-FB8759737EAC}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{AC48B23C-C238-49C2-9154-CE6E75CB88D9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{B15C2279-76DE-4EA5-9DE6-C8BB49B200C8}C:\users\michael\desktop\hypergts\hypergts.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\hypergts\hypergts.exe |
"UDP Query User{B3EAE90D-61C3-40D9-A4FE-72F18BE4FC92}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{B69A7304-D847-4CCF-9A24-99155192E8CA}C:\users\michael\appdata\local\temp\rar$ex00.067\pkmsendportcheck.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\temp\rar$ex00.067\pkmsendportcheck.exe |
"UDP Query User{C2B5FBE0-624B-4C85-95A5-98DC392731BD}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{C405745C-9049-467D-BB7B-44EA41AEB35E}C:\program files (x86)\ncsoft\lineage ii\system\l2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\ncsoft\lineage ii\system\l2.bin |
"UDP Query User{C8275951-09B6-47DB-8012-86CB97C179A4}C:\users\michael\desktop\ghostone\ghostone.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\ghostone\ghostone.exe |
"UDP Query User{C93E2ED4-6817-423F-BED4-987334F3FC60}C:\python27\python.exe" = protocol=17 | dir=in | app=c:\python27\python.exe |
"UDP Query User{CF25A694-67E7-4D5A-BB83-51C93861DA09}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{D4B9B750-F52E-4C94-B41D-D752D4DBF783}C:\users\michael\desktop\sni\shinygts.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\sni\shinygts.exe |
"UDP Query User{D4EBBFD6-85A2-43C7-B036-E3A1E66494DE}C:\users\michael\desktop\pflu.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\pflu.exe |
"UDP Query User{D505167A-D09B-42B1-AA28-31266CB6A8BC}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{D7EAEF50-4F86-4B46-8553-F7E0104CB19B}C:\users\michael\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\michael\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{DC29C755-C88F-4EEC-B4D1-57AE9BA085E2}C:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe |
"UDP Query User{DD49830C-D3C4-4CED-A1FB-B92762CABED0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{DE506E63-F732-4E5D-BF4B-695BC5DBBDB1}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{E3CFB5D1-A556-4579-93F2-982698F0F4C7}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe |
"UDP Query User{E3F5869E-6A56-4FA4-A04C-AF8CE4BAD95E}C:\users\michael\desktop\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{E58D8175-9092-4CD7-BD16-1838C8E816FD}C:\program files (x86)\starcraft ii\versions\base23260\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base23260\sc2.exe |
"UDP Query User{E8AC62BB-6683-4238-BB61-32ABA3C83F20}C:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"UDP Query User{E9B02474-3CDB-46F1-B329-2AA1E94CFFD9}C:\users\michael\desktop\ghostone\gproxy.exe" = protocol=17 | dir=in | app=c:\users\michael\desktop\ghostone\gproxy.exe |
"UDP Query User{E9D3AD3F-DDE8-49F3-A1D8-EBBBF3581145}C:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\graboid\graboidvideo\3.05\graboidclient.exe |
"UDP Query User{ECD576E6-2462-46B5-A287-935C204E163F}C:\program files (x86)\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files (x86)\emule\emule.exe |
"UDP Query User{EF899DB8-5F00-4657-A0EB-BA24EFFDF999}C:\users\michael\downloads\ts7ptak.p\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=c:\users\michael\downloads\ts7ptak.p\the settlers 7 - paths to a kingdom\data\base\_dbg\bin\release\settlers7r.exe |
"UDP Query User{F1685C58-03AF-4C70-B691-29DAA9856820}C:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\participatory culture foundation\miro\miro_downloader.exe |
"UDP Query User{F49EABF0-5520-428B-BAA2-49DE4D8379BC}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{F5027714-FEA1-48A1-BCE3-DE387C431E63}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"UDP Query User{F6A82D52-253A-4C83-BF1C-3D5E5BAA5F92}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{F8603DC8-CF2A-4CDD-B008-3AEB8D70378E}C:\program files (x86)\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"UDP Query User{FE06F402-47C0-48FE-BC13-22201211AD6F}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

Continued on next post:
MiakisMal
Active Member
 
Posts: 6
Joined: September 27th, 2012, 1:06 pm

Re: rundll.exe after ransomware

Unread postby MiakisMal » September 30th, 2012, 1:17 pm

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java(TM) 6 Update 31 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 301.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 301.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.8.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"HECI" = Intel(R) Management Engine Interface
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials Prerelease
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) Network Connections Drivers
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A5F02E5-1A52-4F85-892C-A35227641C75}" = VAIO Content Metadata Intelligent Analyzing Manager
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E77269E-DC0F-46DC-946C-8E95CB1455AC}" = Media Gallery
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{173F2B02-2AAA-414F-A2D8-44870BB98F7A}" = Shaun White Skateboarding
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BE51320-174A-44EC-8041-50E35E091283}" = VAIO Content Metadata Intelligent Analyzing Manager
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{30349EFD-29C6-471B-B720-10D805B2D9F3}" = NCsoft Launcher
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B1168DE-1F8C-471C-AC49-0CA52F096170}" = VAIO Content Metadata Intelligent Network Service Manager
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{44EF9917-8C1B-43D0-9A1F-D5DE5F363795}" = Adobe Setup
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-CE35-42BD-B377-831000018301}" = Fable III
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{5511C07D-A83C-45AD-92B6-42DF99729A3C}" = Adobe Photoshop Elements 7.0
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57AABF73-E17F-4212-A103-13A9794F0869}" = VAIO Content Metadata XML Interface Library
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5F2D882B-A663-4EB5-9851-48CC6C75FD2D}" = VAIO Content Metadata Intelligent Network Service Manager
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6ACF0A95-340A-46D6-B1AC-F22CDB51F475}" = ArcSoft WebCam Message Board
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7301BACA-AF0C-4A05-B1AC-F8A1D3DA8139}" = Windows Internet Explorer Platform Preview
"{7395DD51-0D1A-47A7-9993-742073ECF4CE}" = VAIO Content Metadata Manager Settings
"{76EA46DB-14BD-43CB-92CD-F25CE66D5279}" = calibre
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A512C74-7780-43A1-93DA-29C23D0DF374}" = VAIO Content Metadata XML Interface Library
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E8DE539-B044-48B3-BC76-4F0A089ABE2F}" = VAIO Content Metadata Intelligent Analyzing Manager
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{860E3C5D-BE36-49FE-BCFA-1A09B90D6F49}" = VAIO Content Metadata Manager Settings
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{887868A2-D6DE-3255-AA92-AA0B5A59B874}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{949419DF-F4AF-4693-B60A-522B24F233C6}" = VAIO Content Metadata XML Interface Library
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{950FE13D-337A-4B4C-BD30-E95EC93484A3}" = Overwolf
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{991E1259-7F98-4CBA-BC77-98C5435CB0F3}" = Soul Captor
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D912275-85FD-45F6-9AF3-388A0F8AADB2}" = VAIO Content Metadata Intelligent Network Service Manager
"{9E39EA0D-38CD-4739-9E28-DEA4A1155522}" = Sony Home Network Library
"{A568DFBD-4A04-484E-86BB-165AA6C53E2B}" = VAIO Content Monitoring Settings
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C646C3D7-3013-4A78-A0A5-746320F94D77}" = Game Fire
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6A0DD73-6EF2-9A8D-6F60-4F338F922B37}" = BBC iPlayer Desktop
"{D8AE7D4E-BA8B-4F7B-BF50-8D2F090034F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EACCC042-848D-4166-9D97-B13D1D108722}" = Google Drive
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F62FA646-0693-43D2-9B48-E58B8635FB55}" = Adobe Director 11.5
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBBF5D9C-1989-4933-AE4E-19EE368385B4}" = VAIO Entertainment Platform
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_46f17ca4f5daa9524ac09ba8d50e980" = Adobe Director 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AFE37E47-37E7-435a-A665-729806B98AEF_is1" = PTFB Pro 4.3.0.0
"AutoHotkey" = AutoHotkey 1.0.48.05
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"C9(Continent of the Ninth Seal)_is1" = C9
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CraftBukkit" = CraftBukkit
"Diablo III" = Diablo III
"DivX Setup" = DivX Setup
"Eurobattle.net1.24b" = Eurobattle.net
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"MFU Module" =
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Miro" = Miro
"Mozilla Firefox 15.0.1 (x86 en-US)" = Mozilla Firefox 15.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee All Access – Total Protection
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Portforward Static IP Address" = Portforward Static IP Address 1.0.47
"Shockwave" = Shockwave
"StarCraft II" = StarCraft II
"Steam App 202480" = Creation Kit
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Tradewinds Odyssey 1.00" = Tradewinds Odyssey 1.00
"VAIO Help and Support" =
"VLC Connection Utility_is1" = VLC Connection Utility 2.50
"WinLiveSuite" = Windows Live Essentials
"xampp" = XAMPP 1.8.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-468394382-451526299-967517863-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a7a433177cfa3a6" = Macro Recorder
"beanfun!" = beanfun! UK
"Google Chrome" = Google Chrome
"KalydoPlayer" = Kalydo Player 4.06.04
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/27/2012 12:30:33 PM | Computer Name = MyAceComputor | Source = VSS | ID = 8194
Description =

Error - 9/27/2012 12:39:48 PM | Computer Name = MyAceComputor | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1430 Start
Time: 01cd9ccda94b4dfe Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: d9699019-08c1-11e2-9ebd-002643f9ce95

Error - 9/27/2012 5:42:13 PM | Computer Name = MyAceComputor | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/27/2012 5:46:11 PM | Computer Name = MyAceComputor | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Windows cannot load classes registry file. DETAIL - The system cannot
find the file specified.

Error - 9/27/2012 5:46:24 PM | Computer Name = MyAceComputor | Source = VSS | ID = 8194
Description =

Error - 9/27/2012 5:51:03 PM | Computer Name = MyAceComputor | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1168 Start
Time: 01cd9cf8e9fddd2a Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: 43a99a78-08ed-11e2-b9da-002643f9ce95

Error - 9/28/2012 2:19:44 AM | Computer Name = MyAceComputor | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/28/2012 2:22:02 AM | Computer Name = MyAceComputor | Source = VSS | ID = 8194
Description =

Error - 9/30/2012 12:12:12 PM | Computer Name = MyAceComputor | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/30/2012 12:14:56 PM | Computer Name = MyAceComputor | Source = Application Error | ID = 1000
Description = Faulting application name: VcmINSMgr.exe, version: 3.5.0.6260, time
stamp: 0x4a4462de Faulting module name: MSVCR80.dll, version: 8.0.50727.6195, time
stamp: 0x4dcddbf3 Exception code: 0x40000015 Fault offset: 0x000046b4 Faulting process
id: 0xcb4 Faulting application start time: 0x01cd9f265237cdb1 Faulting application
path: C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Report
Id: f8d98c58-0b19-11e2-a78e-002643f9ce95

Error - 9/30/2012 12:15:42 PM | Computer Name = MyAceComputor | Source = VSS | ID = 8194
Description =

[ Media Center Events ]
Error - 9/24/2010 4:56:22 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:56:22 - Error connecting to the internet. 21:56:22 - Unable
to contact server..

Error - 9/24/2010 4:56:34 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:56:27 - Error connecting to the internet. 21:56:27 - Unable
to contact server..
Error - 9/25/2010 9:48:21 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 02:48:21 - Error connecting to the internet. 02:48:21 - Unable
to contact server..

Error - 9/25/2010 9:48:31 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 02:48:26 - Error connecting to the internet. 02:48:26 - Unable
to contact server..

Error - 9/26/2010 4:45:04 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:45:04 - Error connecting to the internet. 21:45:04 - Unable
to contact server..

Error - 9/26/2010 4:45:13 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:45:09 - Error connecting to the internet. 21:45:09 - Unable
to contact server..

Error - 9/27/2010 4:43:35 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:43:34 - Error connecting to the internet. 21:43:34 - Unable
to contact server..

Error - 9/27/2010 4:43:56 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:43:40 - Error connecting to the internet. 21:43:40 - Unable
to contact server..

Error - 9/28/2010 4:10:28 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:10:28 - Error connecting to the internet. 21:10:28 - Unable
to contact server..

Error - 9/28/2010 4:10:39 PM | Computer Name = MyAceComputor | Source = MCUpdate | ID = 0
Description = 21:10:33 - Error connecting to the internet. 21:10:33 - Unable
to contact server..

[ System Events ]
Error - 9/27/2012 5:46:14 PM | Computer Name = MyAceComputor | Source = Service Control Manager | ID = 7005
Description = The LoadUserProfile call failed with the following error: %%2

Error - 9/28/2012 2:18:45 AM | Computer Name = MyAceComputor | Source = Application Popup | ID = 262200
Description = Driver RISD returned invalid ID for a child device (0001).

Error - 9/28/2012 2:19:10 AM | Computer Name = MyAceComputor | Source = Service Control Manager | ID = 7000
Description = The Htsysm service failed to start due to the following error: %%2

Error - 9/28/2012 2:19:10 AM | Computer Name = MyAceComputor | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%2

Error - 9/30/2012 12:11:24 PM | Computer Name = MyAceComputor | Source = Application Popup | ID = 262200
Description = Driver RISD returned invalid ID for a child device (0001).

Error - 9/30/2012 12:11:44 PM | Computer Name = MyAceComputor | Source = Service Control Manager | ID = 7000
Description = The Htsysm service failed to start due to the following error: %%2

Error - 9/30/2012 12:11:44 PM | Computer Name = MyAceComputor | Source = Service Control Manager | ID = 7000
Description = The LogMeIn Kernel Information Provider service failed to start due
to the following error: %%2

Error - 9/30/2012 12:14:41 PM | Computer Name = MyAceComputor | Source = DCOM | ID = 10016
Description =

Error - 9/30/2012 12:15:17 PM | Computer Name = MyAceComputor | Source = Service Control Manager | ID = 7034
Description = The VAIO Content Metadata Intelligent Network Service Manager service
terminated unexpectedly. It has done this 1 time(s).

Error - 9/30/2012 12:16:47 PM | Computer Name = MyAceComputor | Source = DCOM | ID = 10010
Description =


< End of report >
MiakisMal
Active Member
 
Posts: 6
Joined: September 27th, 2012, 1:06 pm

Re: rundll.exe after ransomware

Unread postby askey127 » September 30th, 2012, 1:39 pm

You have a Zero Access Trojan.

This service is provided to you, without charge, by people who volunteer their own time to help.
There is an implied trust that you will respect that donated time, and provide all the information possible to bring the dialog to a successful conclusion.
If false information is provided, that trust is violated, and we will not provide any further help.

This thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware