Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware repeatedly changing my proxy server

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware repeatedly changing my proxy server

Unread postby mal-an » September 14th, 2013, 3:02 pm

Hi. I was having android phone problems and downloaded Android Injector to my laptop (probably not from the original site). Now Chrome and IE proxies are reset and greyed to prevent me changing them. No websites load. "Unable to connect to the proxy server" Firefox does allow me to change the proxy settings, but when I close it, they are reset by whatever is altering the others too. Please help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.21.2
Run by Alan at 11:50:43 on 2013-09-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1193 [GMT -7:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\EscSvc64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\System32\alg.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Alan\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Users\Alan\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\Users\Alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\windows\system32\wuauclt.exe
C:\windows\splwow64.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate10042012
uDefault_Page_URL = hxxp://samsung.msn.com
mStart Page = hxxp://samsung.msn.com
uProxyOverride = localhost;127.0.0.1;*.local;<local>
uURLSearchHooks: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Alan\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [MusicManager] "C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Facebook Update] "C:\Users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [FlashGet 3] "C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" -minimize
uRun: [823EADEA75B0A1548DF70B57581868B7B9A1F293._service_run] "C:\Users\Alan\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Spotify] "C:\Users\Alan\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe
StartupFolder: C:\Users\Alan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IMAGEB~1.LNK - C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm
IE: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm
IE: LastPass - C:\Program Files (x86)\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Program Files (x86)\LastPass\context.html?cmd=fillforms
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2A13DD5D-ACA6-4414-973F-9A6392DD1B95} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{426C2543-89C8-4372-B79E-3158476DC50E} : DHCPNameServer = 50.201.157.130
TCP: Interfaces\{482468A8-7738-4D9A-93F2-B6AC42BEE3A9} : DHCPNameServer = 64.13.115.12 75.94.255.12
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\261627E61636C656 : DHCPNameServer = 68.29.1.7 68.29.9.7
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\3616A657E6 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}\458656F4574786F6573756D27657563747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.33.1
TCP: Interfaces\{EF6CCC96-6BBB-48BB-A5EC-908A4FF3B9A2} : DHCPNameServer = 10.33.16.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: LastPass Browser Helper Object: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\
FF - prefs.js: browser.search.selectedEngine - XFINITY
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/0/?shva=1#inbox
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-09-09 14:55; {D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}; C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5
============= SERVICES / DRIVERS ===============
.
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-09-13 10:32:37 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FF14134-5636-450D-8AE9-7AFFC502E79C}\offreg.dll
2013-09-13 10:26:04 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7FF14134-5636-450D-8AE9-7AFFC502E79C}\mpengine.dll
2013-09-11 16:21:22 -------- d-----w- C:\MGtools
2013-09-11 16:10:32 -------- d-----w- C:\ProgramData\HitmanPro
2013-09-10 21:52:24 -------- d-----w- C:\Users\Alan\AppData\Roaming\Malwarebytes
2013-09-10 21:52:07 -------- d-----w- C:\ProgramData\Malwarebytes
2013-09-10 21:52:04 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-09-10 21:52:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-10 16:11:15 20616088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-09-10 16:11:12 92056 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-09-10 16:11:11 272792 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2013-09-10 16:11:11 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-09-10 16:11:06 869656 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2013-09-10 16:09:54 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-09-10 16:09:47 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-09-10 16:09:42 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-09-10 16:09:33 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-09-09 21:58:42 -------- d-----w- C:\Users\Alan\AppData\Local\Bundled software uninstaller
2013-09-09 21:56:52 -------- d-----w- C:\Program Files (x86)\privoxy
2013-09-09 21:55:38 -------- d-----w- C:\Program Files (x86)\Web Protect
2013-09-09 21:55:32 -------- d-----w- C:\Users\Alan\AppData\Local\FilesFrog Update Checker
2013-09-08 20:36:27 -------- d-----w- C:\Users\Alan\AppData\Local\Spotify
2013-09-08 20:34:55 -------- d-----w- C:\Users\Alan\AppData\Roaming\Spotify
.
==================== Find3M ====================
.
2013-09-13 13:37:21 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-13 13:37:20 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-30 07:48:10 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-08-30 07:48:10 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-08-30 07:48:10 204880 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-08-30 07:48:10 1030952 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-08-30 07:48:09 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- C:\windows\avastSS.scr
2013-08-07 11:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe
.
============= FINISH: 11:52:49.41 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/17/2011 7:33:06 AM
System Uptime: 9/11/2013 1:38:41 AM (82 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 305E4A/305E4A
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | P0 | 896/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 57 GiB total, 5.045 GiB free.
D: is FIXED (NTFS) - 70 GiB total, 0.572 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (FAT32) - 15 GiB total, 0.001 GiB free.
I: is FIXED (NTFS) - 3 GiB total, 0.626 GiB free.
J: is FIXED (NTFS) - 83 GiB total, 1.337 GiB free.
K: is FIXED (NTFS) - 54 GiB total, 0.554 GiB free.
L: is FIXED (FAT32) - 17 GiB total, 3.793 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110A-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000111F-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000111F-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000001
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110B-0000-1000-8000-00805F9B34FB}_LOCALMFG&0045\7&73C0705&0&C884470E3ACD_C00000001
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000110C-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000110C-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{0000112F-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{0000112F-0000-1000-8000-00805F9B34FB}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\7&73C0705&0&28CFDAA29FEF_C00000000
Service:
.
==== System Restore Points ===================
.
RP583: 9/14/2013 3:00:27 AM - Windows Update
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
7-Zip 9.22beta
ABBYY FineReader 9.0 Sprint
Active@ ISO Burner
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Agatha Christie - Death on the Nile
Amazon Kindle
Amazon Send to Kindle
AMD APP SDK Runtime
AMD VISION Engine Control Center
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 5
Atheros Client Installation Program
ATI Catalyst Install Manager
avast! Free Antivirus
„Windows Live Essentials“
„Windows Live Mail“
„Windows Live Messenger“
„Windows Live“ fotogalerija
Bejeweled 2 Deluxe
Bluetooth Win7 Suite (64)
Bonjour
Build-a-lot
Bulkr
Bullzip PDF Printer 4.0.0.463
Bundled software uninstaller
Canon PowerShot SX260 HS and SX240 HS Camera User Guide
Canon Utilities CameraWindow DC 8
Canon Utilities ImageBrowser EX
Canon Utilities PhotoStitch
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Chuzzle Deluxe
CollageIt 1.9.0
CyberLink Media Suite
CyberLink Media+ Player10
CyberLink MediaShow
CyberLink PowerDirector
CyberLink YouCam
D3DX10
Defraggler
Digital Editions Converter
Diner Dash 2 Restaurant Rescue
Download Navigator
Dropbox
Easy File Share
Easy Migration
Easy Settings
Easy Support Center 1.0
Epson Connect Printer Setup
EPSON Connect version 1.0
Epson Customer Participation
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WF-3540 Series Printer Uninstall
EpsonNet Print
ETDWare PS/2-X64 10.0.7.3_WHQL
Facebook Video Calling 1.2.0.287
Farm Frenzy
FilesFrog Update Checker
FlashGet3.7
Flickr Uploadr 3.2.1
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
GIMP 2.6.11
Google Chrome
Google Drive
Google Talk Plugin
Google Update Helper
GPL Ghostscript Lite 9.04
Insaniquarium Deluxe
Internet TV for Windows Media Center
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
Java(TM) 6 Update 29 (64-bit)
Java(TM) SE Development Kit 6 Update 29 (64-bit)
JavaFX 2.1.1
JDownloader 0.9
JDownloader Packages
Jing
John Deere Drive Green
Junk Mail filter update
LastPass (uninstall only)
LG SP USB Driver
LG USB WML Modem Driver
LG Verizon United Driver
LibreOffice 3.4
LibreOffice 3.4 Help Pack (English)
Malwarebytes Anti-Malware version 1.75.0.1300
Media Player Codec Pack 4.1.4
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 9.0.1 (x86 en-US)
Mp3tag v2.52
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
Nikon Message Center 2
Nikon Movie Editor
Norton Security Scan
NoteTab Light 6 (Remove only)
OpenVPN 2.2.1
PeerBlock 1.1 (r518)
Peggle
Penguins!
Photo Story 3 for Windows
Photobie -- photo editing software from Photobie Design
Picture Control Utility
Plants vs. Zombies
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Golfer
Pošta Windows Live
Python 2.7.2
Python 3.2.2 (64-bit)
QuickTime
Raccolta foto di Windows Live
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Ringtone Maker
S?????? f?t???af??? t?? Windows Live
Samsung Recovery Solution 5
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Skype™ 6.6
Software Launcher
SpeedFan (remove only)
Spotify
Tomahawk
TunnelBear 1.0.32
UFRaw 0.19.2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update Manager for SweetPacks 1.1
User Guide
ViewNX 2
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.6
Vuze
Web Protect for Windows
WildTangent Games
WildTangent ORB Game Console
Windows Live
Windows Live ??
Windows Live ?? ???
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Foto-galerija
Windows Live fotoattelu galerija
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Pošta
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven peruspaketti
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Windows Media Player Firefox Plugin
WinSCP 4.3.6
YouTube Downloader 3.5
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
9/9/2013 9:48:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s).
9/9/2013 9:45:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s).
9/9/2013 9:45:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s).
9/9/2013 9:44:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s).
9/9/2013 9:43:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s).
9/9/2013 9:39:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s).
9/9/2013 9:37:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s).
9/9/2013 9:37:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s).
9/9/2013 9:36:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s).
9/9/2013 9:36:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s).
9/9/2013 9:35:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s).
9/9/2013 9:35:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s).
9/9/2013 9:25:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s).
9/9/2013 8:53:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s).
9/9/2013 8:42:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s).
9/9/2013 7:42:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s).
9/9/2013 6:42:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s).
9/9/2013 6:03:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s).
9/9/2013 5:03:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s).
9/9/2013 4:03:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s).
9/9/2013 3:03:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s).
9/9/2013 3:03:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s).
9/9/2013 11:27:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 79 time(s).
9/9/2013 10:45:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 78 time(s).
9/8/2013 9:48:43 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 545 time(s).
9/8/2013 9:45:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 544 time(s).
9/8/2013 9:43:35 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 543 time(s).
9/8/2013 9:41:51 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 542 time(s).
9/8/2013 9:41:37 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 541 time(s).
9/8/2013 9:39:46 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 540 time(s).
9/8/2013 9:39:03 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 539 time(s).
9/8/2013 9:16:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 538 time(s).
9/8/2013 8:16:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 537 time(s).
9/8/2013 7:16:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 536 time(s).
9/8/2013 6:16:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 535 time(s).
9/8/2013 5:42:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 534 time(s).
9/8/2013 5:16:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 533 time(s).
9/8/2013 4:16:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 532 time(s).
9/8/2013 3:16:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 531 time(s).
9/8/2013 3:04:46 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Windows 7 for x64-based Systems (KB2799494).
9/8/2013 3:02:44 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 530 time(s).
9/8/2013 2:16:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 529 time(s).
9/8/2013 12:54:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 559 time(s).
9/8/2013 12:52:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 558 time(s).
9/8/2013 12:52:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 557 time(s).
9/8/2013 12:48:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 556 time(s).
9/8/2013 12:48:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 555 time(s).
9/8/2013 12:47:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 554 time(s).
9/8/2013 12:47:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 553 time(s).
9/8/2013 12:46:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 552 time(s).
9/8/2013 12:45:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 551 time(s).
9/8/2013 12:39:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 550 time(s).
9/8/2013 12:38:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 549 time(s).
9/8/2013 10:46:34 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 548 time(s).
9/8/2013 10:45:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 547 time(s).
9/8/2013 10:38:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 546 time(s).
9/8/2013 1:43:24 PM, Error: Service Control Manager [7038] - The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/8/2013 1:43:24 PM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not start due to a logon failure.
9/8/2013 1:42:51 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 528 time(s).
9/8/2013 1:42:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
9/8/2013 1:42:27 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 527 time(s).
9/8/2013 1:42:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 526 time(s).
9/8/2013 1:42:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 525 time(s).
9/8/2013 1:41:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 573 time(s).
9/8/2013 1:38:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 572 time(s).
9/8/2013 1:35:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 571 time(s).
9/8/2013 1:34:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 570 time(s).
9/8/2013 1:34:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 569 time(s).
9/8/2013 1:31:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 568 time(s).
9/8/2013 1:30:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 567 time(s).
9/8/2013 1:28:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 566 time(s).
9/8/2013 1:28:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 565 time(s).
9/8/2013 1:26:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 564 time(s).
9/8/2013 1:19:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 563 time(s).
9/8/2013 1:19:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 562 time(s).
9/8/2013 1:19:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 561 time(s).
9/8/2013 1:16:14 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 524 time(s).
9/8/2013 1:16:00 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 523 time(s).
9/8/2013 1:15:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 522 time(s).
9/8/2013 1:14:51 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 521 time(s).
9/8/2013 1:14:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 520 time(s).
9/8/2013 1:13:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 519 time(s).
9/8/2013 1:13:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 518 time(s).
9/8/2013 1:12:58 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 517 time(s).
9/8/2013 1:12:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 516 time(s).
9/8/2013 1:11:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 515 time(s).
9/8/2013 1:11:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 514 time(s).
9/8/2013 1:10:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 513 time(s).
9/8/2013 1:10:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 512 time(s).
9/8/2013 1:09:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 511 time(s).
9/8/2013 1:09:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 510 time(s).
9/8/2013 1:08:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 509 time(s).
9/8/2013 1:08:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 508 time(s).
9/8/2013 1:07:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 507 time(s).
9/8/2013 1:07:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 506 time(s).
9/8/2013 1:06:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 505 time(s).
9/8/2013 1:06:23 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 504 time(s).
9/8/2013 1:00:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 560 time(s).
9/14/2013 8:44:27 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s).
9/14/2013 12:44:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s).
9/14/2013 11:51:19 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s).
9/14/2013 11:51:19 AM, Error: Service Control Manager [7023] - The Windows Search service terminated with the following error: Transaction support within the specified resource manager is not started or was shut down due to an error.
9/14/2013 11:47:35 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
9/14/2013 11:37:56 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 1203.
9/13/2013 8:44:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s).
9/13/2013 7:29:15 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/13/2013 4:44:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s).
9/13/2013 12:44:22 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s).
9/13/2013 10:34:16 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s).
9/12/2013 8:49:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).
9/12/2013 8:44:06 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).
9/12/2013 6:57:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).
9/12/2013 6:30:18 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).
9/12/2013 6:07:24 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).
9/12/2013 6:07:15 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).
9/12/2013 5:20:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).
9/12/2013 4:44:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s).
9/12/2013 4:20:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).
9/12/2013 3:20:11 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).
9/12/2013 2:20:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).
9/12/2013 12:20:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).
9/12/2013 12:05:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s).
9/12/2013 12:05:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s).
9/12/2013 11:35:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s).
9/12/2013 11:34:41 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s).
9/12/2013 11:34:27 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s).
9/12/2013 11:34:09 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).
9/12/2013 11:33:55 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).
9/12/2013 11:03:42 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).
9/12/2013 1:20:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).
9/12/2013 1:11:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s).
9/12/2013 1:05:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s).
9/11/2013 9:32:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
9/11/2013 9:26:10 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
9/11/2013 9:24:36 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
9/11/2013 9:21:11 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
9/11/2013 9:21:02 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
9/11/2013 9:20:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).
9/11/2013 9:10:21 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
9/11/2013 8:20:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).
9/11/2013 7:20:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).
9/11/2013 7:09:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).
9/11/2013 7:09:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).
9/11/2013 6:20:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).
9/11/2013 6:19:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).
9/11/2013 6:05:03 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
9/11/2013 4:44:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
9/11/2013 4:43:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
9/11/2013 11:38:12 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
9/11/2013 11:20:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).
9/11/2013 10:20:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).
9/10/2013 6:12:54 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
9/10/2013 6:04:39 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
9/10/2013 5:27:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 85 time(s).
9/10/2013 4:27:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 84 time(s).
9/10/2013 3:27:51 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 83 time(s).
9/10/2013 2:27:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 82 time(s).
9/10/2013 12:27:50 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 80 time(s).
9/10/2013 10:57:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
9/10/2013 10:57:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
9/10/2013 10:56:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
9/10/2013 10:56:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
9/10/2013 10:09:07 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/10/2013 10:05:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
9/10/2013 10:05:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
9/10/2013 10:04:49 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/10/2013 10:04:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/10/2013 1:27:49 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 81 time(s).
.
==== End Of File ===========================
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm
Advertisement
Register to Remove

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 16th, 2013, 5:43 am

Hi,
Checking your logs now, be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 16th, 2013, 5:52 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


Click Start > Control Panel > Uninstall a program.
Uninstall the following if present.
Adobe Reader X (10.1.7)
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java(TM) 6 Update 29 (64-bit)
Java(TM) SE Development Kit 6 Update 29 (64-bit)
Norton Security Scan
Vuze


Next.

Image Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.
Next.

Please download OTL by Old Timer and save it to your Desktop.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Logs/Information to Post in your Next Reply

  • JRT.txt.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 16th, 2013, 4:28 pm

Hi Cypher, Thanks for this info. I will do these tasks and post logs this evening.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 17th, 2013, 5:27 am

No problem, post the requested logs when ready.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 17th, 2013, 9:03 pm

Thanks so much!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Home Premium x64
Ran by Alan on Tue 09/17/2013 at 4:57:20.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-334125316-4088546140-4129291110-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\filesfrog update checker
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ea8fa6be-29be-4af2-9352-841f83215eb0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3106777
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Users\Alan\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Alan\appdata\local\filesfrog update checker"
Successfully deleted: [Folder] "C:\Users\Alan\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\sweetim"
Successfully deleted: [Folder] "C:\Users\Alan\AppData\Roaming\microsoft\windows\start menu\programs\filesfrog update checker"
Successfully deleted: [Empty Folder] C:\Users\Alan\appdata\local\{196B4BB6-80C0-4E91-B918-FE079EB53B3C}
Successfully deleted: [Empty Folder] C:\Users\Alan\appdata\local\{5A6A682B-C469-4F59-9418-1EB522C32430}
Successfully deleted: [Empty Folder] C:\Users\Alan\appdata\local\{90968B9A-D20A-4A83-A270-D3123C5DDE72}
Successfully deleted: [Empty Folder] C:\Users\Alan\appdata\local\{CC3E4776-F2F7-4E7B-AF51-24D9600DDE01}
Successfully deleted: [Empty Folder] C:\Users\Alan\appdata\local\{E90390EA-9A96-4321-AF21-1A0352EA863E}
Successfully deleted: [Empty Folder] C:\Users\Alan\appdata\local\{EAB47722-D518-4BEA-983B-4DABD53D6821}



~~~ FireFox

Successfully deleted: [File] C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\2wc7zx72.default\user.js
Successfully deleted: [File] C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\2wc7zx72.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\2wc7zx72.default\searchplugins\sweetim.xml
Successfully deleted: [Folder] C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\2wc7zx72.default\sweetpackstoolbardata
Successfully deleted the following from C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\2wc7zx72.default\prefs.js

user_pref("sweetim.toolbar.RevertDialog.enable", "false");
user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
user_pref("sweetim.toolbar.Visibility.enable", "true");
user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
user_pref("sweetim.toolbar.cargo", "3.1010000.10025");
user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.enable", "true");
user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
user_pref("sweetim.toolbar.dialogs.0.height", "335");
user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.dialogs.0.width", "761");
user_pref("sweetim.toolbar.dialogs.1.enable", "true");
user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
user_pref("sweetim.toolbar.dialogs.1.height", "300");
user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
user_pref("sweetim.toolbar.dialogs.1.width", "500");
user_pref("sweetim.toolbar.dialogs.2.enable", "true");
user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
user_pref("sweetim.toolbar.dialogs.2.height", "150");
user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
user_pref("sweetim.toolbar.dialogs.2.width", "530");
user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube
user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
user_pref("sweetim.toolbar.mode.debug", "false");
user_pref("sweetim.toolbar.newtab.created", "false");
user_pref("sweetim.toolbar.newtab.enable", "true");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.0.enable", "false");
user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
user_pref("sweetim.toolbar.scripts.1.enable", "false");
user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
user_pref("sweetim.toolbar.scripts.2.callback", "");
user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
user_pref("sweetim.toolbar.scripts.2.enable", "false");
user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://sear
user_pref("sweetim.toolbar.search.history.capacity", "10");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
user_pref("sweetim.toolbar.simapp_id", "{B19689FA-4DDD-11E2-9599-E81132E4109B}");
user_pref("sweetim.toolbar.version", "1.9.0.0");
Emptied folder: C:\Users\Alan\AppData\Roaming\mozilla\firefox\profiles\2wc7zx72.default\minidumps [15 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Alan\appdata\local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 09/17/2013 at 5:14:05.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 17th, 2013, 9:05 pm

OTL logfile created on: 9/17/2013 5:23:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 38.47% Memory free
7.22 Gb Paging File | 3.74 Gb Available in Paging File | 51.74% Paging File free
Paging file location(s): c:\pagefile.sys 1120 8100j:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.92 Gb Total Space | 3.25 Gb Free Space | 5.70% Space Free | Partition Type: NTFS
Drive D: | 69.85 Gb Total Space | 0.57 Gb Free Space | 0.82% Space Free | Partition Type: NTFS
Drive G: | 14.93 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32
Drive I: | 3.37 Gb Total Space | 0.63 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive J: | 82.54 Gb Total Space | 1.34 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive K: | 53.75 Gb Total Space | 0.55 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive L: | 16.60 Gb Total Space | 1.25 Gb Free Space | 7.55% Space Free | Partition Type: FAT32

Computer Name: AL-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/17 05:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
PRC - [2013/09/08 13:36:24 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/09/08 00:38:04 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/09/07 19:39:18 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/08/30 00:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/08/26 23:48:26 | 000,064,008 | ---- | M] (Google) -- C:\Users\Alan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/08/16 09:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
PRC - [2013/06/27 16:11:08 | 020,097,696 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013/04/23 16:40:56 | 007,331,840 | ---- | M] (Google Inc.) -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/02/29 17:47:30 | 000,502,912 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2012/01/26 18:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/09/08 04:04:50 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
PRC - [2011/09/06 01:36:42 | 002,275,408 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
PRC - [2011/09/06 01:35:54 | 001,087,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
PRC - [2011/08/18 21:36:46 | 000,784,976 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
PRC - [2011/08/17 00:19:18 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011/06/24 01:52:30 | 004,403,280 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
PRC - [2010/11/20 20:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/09/19 20:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe
PRC - [2010/08/27 11:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/15 15:17:39 | 000,805,888 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._gdi_.pyd
MOD - [2013/09/15 15:17:39 | 000,557,056 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\pysqlite2._sqlite.pyd
MOD - [2013/09/15 15:17:39 | 000,504,832 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\windows._cacheinvalidation.pyd
MOD - [2013/09/15 15:17:39 | 000,320,512 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32com.shell.shell.pyd
MOD - [2013/09/15 15:17:39 | 000,128,512 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\_elementtree.pyd
MOD - [2013/09/15 15:17:39 | 000,098,816 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32api.pyd
MOD - [2013/09/15 15:17:39 | 000,087,040 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\_ctypes.pyd
MOD - [2013/09/15 15:17:39 | 000,070,656 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._html2.pyd
MOD - [2013/09/15 15:17:39 | 000,044,032 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\_socket.pyd
MOD - [2013/09/15 15:17:39 | 000,026,624 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\_multiprocessing.pyd
MOD - [2013/09/15 15:17:39 | 000,022,528 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32ts.pyd
MOD - [2013/09/15 15:17:39 | 000,017,408 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32profile.pyd
MOD - [2013/09/15 15:17:39 | 000,011,264 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32crypt.pyd
MOD - [2013/09/15 15:17:38 | 001,175,040 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._core_.pyd
MOD - [2013/09/15 15:17:38 | 001,153,024 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\_ssl.pyd
MOD - [2013/09/15 15:17:38 | 001,062,400 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._controls_.pyd
MOD - [2013/09/15 15:17:38 | 000,811,008 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._windows_.pyd
MOD - [2013/09/15 15:17:38 | 000,735,232 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._misc_.pyd
MOD - [2013/09/15 15:17:38 | 000,711,680 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\_hashlib.pyd
MOD - [2013/09/15 15:17:38 | 000,686,080 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\unicodedata.pyd
MOD - [2013/09/15 15:17:38 | 000,364,544 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\pythoncom27.dll
MOD - [2013/09/15 15:17:38 | 000,127,488 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\pyexpat.pyd
MOD - [2013/09/15 15:17:38 | 000,122,368 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\wx._wizard.pyd
MOD - [2013/09/15 15:17:38 | 000,119,808 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32file.pyd
MOD - [2013/09/15 15:17:38 | 000,110,080 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\PyWinTypes27.dll
MOD - [2013/09/15 15:17:38 | 000,108,544 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32security.pyd
MOD - [2013/09/15 15:17:38 | 000,038,912 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32inet.pyd
MOD - [2013/09/15 15:17:38 | 000,035,840 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32process.pyd
MOD - [2013/09/15 15:17:38 | 000,025,600 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32pdh.pyd
MOD - [2013/09/15 15:17:38 | 000,018,432 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\win32event.pyd
MOD - [2013/09/15 15:17:38 | 000,010,240 | ---- | M] () -- C:\Users\Alan\AppData\Local\Temp\_MEI2642\select.pyd
MOD - [2013/09/02 13:35:56 | 000,410,576 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 13:35:55 | 013,599,184 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 13:35:54 | 004,053,456 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 13:35:04 | 000,709,584 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 13:35:03 | 000,099,792 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 13:35:01 | 001,604,560 | ---- | M] () -- C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/16 09:14:28 | 000,415,060 | ---- | M] () -- C:\Program Files (x86)\privoxy\privoxy.exe
MOD - [2013/06/15 21:23:54 | 000,105,501 | ---- | M] () -- C:\Program Files (x86)\privoxy\cyggcc_s-1.dll
MOD - [2013/05/09 14:21:56 | 000,074,269 | ---- | M] () -- C:\Program Files (x86)\privoxy\cygz.dll
MOD - [2013/04/23 16:29:56 | 000,231,936 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/04/23 16:29:46 | 000,344,064 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/04/23 16:29:28 | 000,253,440 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/04/23 16:28:22 | 000,117,248 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/02/27 12:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/02/27 12:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/02/27 12:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/02/27 12:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/02/27 12:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/02/18 10:35:14 | 013,199,360 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/29 19:56:36 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
MOD - [2013/01/29 19:45:00 | 000,112,128 | ---- | M] () -- C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2013/01/09 07:45:10 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ba58d64562391191a22ad0133512ed6f\System.Runtime.Remoting.ni.dll
MOD - [2013/01/09 04:21:49 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/09 04:21:40 | 001,667,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/09 04:21:37 | 009,094,656 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/09 04:21:28 | 014,412,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2011/02/16 09:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
MOD - [2010/05/07 07:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
MOD - [2006/08/11 20:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/30 00:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/10 15:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 01:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2011/07/14 15:24:04 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/09/13 06:37:23 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/10 09:11:42 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2011/07/15 18:16:16 | 000,146,592 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011/07/15 18:10:34 | 000,091,296 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2011/07/01 02:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 00:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 00:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/20 14:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 14:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/07/09 19:48:18 | 000,041,704 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2012/03/26 14:45:14 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/12 12:01:00 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetadb.sys -- (vzandnetadb)
DRV:64bit: - [2012/03/12 11:55:00 | 000,094,208 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetndis64.sys -- (vzandnetndis)
DRV:64bit: - [2012/03/12 11:54:00 | 000,036,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetmdm64.sys -- (vzandnetmodem)
DRV:64bit: - [2012/03/12 11:54:00 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetdiag64.sys -- (vzandnetdiag)
DRV:64bit: - [2012/03/12 11:54:00 | 000,028,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgvzandnetgps64.sys -- (vzandnetgps)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 01:32:22 | 002,797,056 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/10/17 11:05:46 | 000,382,848 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/10/17 11:03:20 | 000,060,416 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/09/08 04:04:52 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2011/08/31 11:02:36 | 000,197,416 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/08/17 13:44:46 | 000,053,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/17 00:19:38 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2011/07/15 18:13:34 | 000,289,440 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011/07/15 18:13:18 | 000,283,296 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011/07/15 18:13:12 | 000,059,040 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011/07/15 18:13:08 | 000,166,048 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011/07/15 18:13:02 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011/07/15 18:12:58 | 000,029,344 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011/07/15 18:12:52 | 000,109,216 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011/07/15 18:12:46 | 000,259,744 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011/07/14 15:53:30 | 009,263,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/14 14:48:24 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/16 23:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/11 03:55:24 | 000,007,680 | ---- | M] (Phoenix Technologies Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SGDrv64.sys -- (SGDrv)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/03/04 11:46:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/23 00:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 20:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 22:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/11/06 22:24:34 | 000,024,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2010/04/29 06:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/10/28 19:00:01 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate10042012
IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{FE63A0FA-FEB8-46C6-93F8-60A41E267BCD}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;*.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "XFINITY"
FF - prefs.js..browser.search.selectedEngine: "XFINITY"
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/u/0/?shva=1#inbox"
FF - prefs.js..extensions.enabledAddons: %7BBAEC7B80-9A31-47b2-A68B-DCAC8DF48E87%7D:0.9.2
FF - prefs.js..extensions.enabledAddons: %7BEEE6C361-6118-11DC-9C72-001320C79847%7D:1.9.0.0
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.20
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7BD1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D%7D:5.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/20 16:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/09/09 10:42:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/20 16:10:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/10 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/07/25 20:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/09/10 09:09:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/04/04 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions
[2012/04/04 18:45:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2013/09/17 05:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions
[2013/09/10 14:36:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/09/09 14:55:50 | 000,000,000 | ---D | M] (WebProtect) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{D1FDB339-6AA1-4DB6-89A5-1DDFFA0C3E7D}
[2012/12/17 05:07:26 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\fdm_ffext@freedownloadmanager.org
[2013/04/24 09:25:05 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\support@lastpass.com
[2012/03/16 19:09:03 | 000,003,196 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{BAEC7B80-9A31-47b2-A68B-DCAC8DF48E87}.xpi
[2013/09/10 08:18:42 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/24 10:15:19 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/09/10 14:36:43 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\Alan\AppData\Roaming\Mozilla\Firefox\Profiles\2wc7zx72.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/09/10 09:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/10 09:11:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\ALAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2WC7ZX72.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/02/28 13:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: NPLastPass (Enabled) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.15_0\nplastpass.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Alan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Alan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Alan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\3.0.1_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.8_0\
CHR - Extension: Unbaby.me = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\8_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\.mustache
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: LastPass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_1\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: News Ticker Remover for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.5_0\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_1\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Scratchpad = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.12_0\
CHR - Extension: Downloaders = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Grass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0\
CHR - Extension: Web Protect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbgbccgamhpifmegidngofcbelmfgbf\5.0_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Google Reader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\
CHR - Extension: Google Translate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: StoryWorth = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\agdhhdpmmbpkhoikpefaippnpdoffnbm\1.0.1_0\
CHR - Extension: Send using Gmail\u2122 (no button) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0\
CHR - Extension: Angry Birds = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: HootSuite Hootlet = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgfdlplhmndoonmofmflcbiohgbkifn\3.0.1_0\
CHR - Extension: YourVersion = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjlnglfgdcgddnefohbngmffcmcgpeci\2.1_0\
CHR - Extension: YouTube = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook Me-Gusta Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\caampdmalollkcdgdiilgpimcbfjfmoe\1.55_0\
CHR - Extension: Adblock Plus = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.5.5_0\
CHR - Extension: Send to Kindle for Google Chrome\u2122 = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea\1.0.1.56_0\
CHR - Extension: Facebook Ticker Killer = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cldlgamhccbdjcieljdijepmkphadnfo\1.1_0\
CHR - Extension: Google Search = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.8_0\
CHR - Extension: Unbaby.me = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkigkllnlkoblfbgfnfngfcnhmndonjm\8_0\
CHR - Extension: NYTimes = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecmphppfkcfflgglcokcbdkofpfegoel\1.2.4_0\
CHR - Extension: Session Buddy = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Google Calendar = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Facebook Disconnect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: PanicButton = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm\0.14.2.2_0\
CHR - Extension: Classic for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdodpcdalagnkbkojidmmcehlnhniad\0.0.2.1_0\
CHR - Extension: PicMonkey = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: HTTPS Everywhere = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp\2013.8.17_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\
CHR - Extension: Attachments.me for Gmail, Dropbox, Box, Drive = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdgofjdapkmlgpgjfielacjckplcdjjk\1.8.4_0\.mustache
CHR - Extension: avast! Online Security = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: LastPass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.5.4_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.15_0\
CHR - Extension: bitly | \u2665 your bitmarks = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\2.0.89_1\
CHR - Extension: Ganesha 3D = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iakhfadcdngfdeblckhigglokbpnmdpg\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: News Ticker Remover for Facebook = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\inbogeebjloglncnccgemjfedfhobfak\1.5_0\
CHR - Extension: Start! = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\iniabgbbmccaomaocmhcfioahgipigbh\1.0.12_0\
CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_1\
CHR - Extension: Google +1 Button = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.2.0.329_0\
CHR - Extension: Diigo Web = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf\1.1.1_0\
CHR - Extension: Scratchpad = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjebfhglflhjjjiceimfkgicifkhjlnm\4.0_0\
CHR - Extension: Until AM Web App = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.204_0\
CHR - Extension: StayFocusd = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.3.12_0\
CHR - Extension: Downloaders = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfjamigppmepikjlacjdpgjaiojdjhoj\1.4.4.4_0\
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\crossrider
CHR - Extension: Chat Undetected = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llmfehnfojojfamjjijjciopbjimcffa\1.23.67_0\
CHR - Extension: Session Manager = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Ghostery = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.0.0_0\
CHR - Extension: Grass = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiboiefncpfjihjdedpaoammipkilla\1.0_0\
CHR - Extension: Favorite Doodle = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.24_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: GIFPAL = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch\1.2_0\
CHR - Extension: Diigo Web Collector - Capture and Annotate = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\oojbgadfejifecebmdnhhkbhdjaphole\2.2.7_0\
CHR - Extension: Web Protect = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbbgbccgamhpifmegidngofcbelmfgbf\5.0_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\
CHR - Extension: Psykopaint = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0\.bak
CHR - Extension: Send from Gmail (by Google) = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Google Reader = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Radio stations from Mexico = C:\Users\Alan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pppjmiknhknlecepmnjfhppdloebkhlp\1.2_0\

O1 HOSTS File: ([2013/09/10 14:47:35 | 000,000,741 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Alan\AppData\Roaming\FlashGetBHO\FlashGetBHO.dll (Trend Media Group)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [Privoxy] C:\Program Files (x86)\privoxy\starthelp.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Alan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [FlashGet 3] C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe (Trend Media Corporation Limited)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Users\Alan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [Spotify] C:\Users\Alan\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Alan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8:64bit: - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8:64bit: - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()
O8:64bit: - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8:64bit: - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O8 - Extra context menu item: Download all links by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm ()
O8 - Extra context menu item: Download all videos by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetallflvurl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm ()
O8 - Extra context menu item: Download current video by FlashGet3 - C:\Program Files (x86)\FlashGet Network\FlashGet 3\BHO\fdgetflvurl.htm ()
O8 - Extra context menu item: LastPass - file://C:\Program Files (x86)\LastPass\context.html?cmd=lastpass File not found
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Program Files (x86)\LastPass\context.html?cmd=fillforms File not found
O9:64bit: - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9:64bit: - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll (LastPass)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A13DD5D-ACA6-4414-973F-9A6392DD1B95}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{426C2543-89C8-4372-B79E-3158476DC50E}: DhcpNameServer = 50.201.157.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{482468A8-7738-4D9A-93F2-B6AC42BEE3A9}: DhcpNameServer = 64.13.115.12 75.94.255.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84484666-946B-4DF1-AD6D-CCA81266BB4E}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF6CCC96-6BBB-48BB-A5EC-908A4FF3B9A2}: DhcpNameServer = 10.33.16.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - I:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/18 18:28:58 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2007/01/24 00:36:24 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O33 - MountPoints2\{65409abe-7250-11e1-9ef4-e81132e4109b}\Shell - "" = AutoRun
O33 - MountPoints2\{65409abe-7250-11e1-9ef4-e81132e4109b}\Shell\AutoRun\command - "" = F:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/17 05:22:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/09/17 04:57:02 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/09/17 04:48:40 | 001,029,675 | ---- | C] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2013/09/14 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\europe_photos_dannys_computer
[2013/09/14 11:39:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2013/09/11 09:21:22 | 000,000,000 | ---D | C] -- C:\MGtools
[2013/09/11 09:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/09/11 09:09:26 | 009,879,648 | ---- | C] (SurfRight B.V.) -- C:\Users\Alan\Desktop\HitmanPro_x64.exe
[2013/09/11 09:06:54 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\tdsskiller.exe
[2013/09/10 14:52:24 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Malwarebytes
[2013/09/10 14:52:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 14:52:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/10 14:52:04 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/09/10 14:52:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/10 14:33:57 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\RK_Quarantine
[2013/09/10 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/10 09:09:22 | 000,000,000 | R--D | C] -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/09/09 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Bundled software uninstaller
[2013/09/09 14:56:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\privoxy
[2013/09/09 14:55:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Web Protect
[2013/09/09 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\Alan\Desktop\LG Esteem
[2013/09/08 13:36:27 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Local\Spotify
[2013/09/08 13:34:55 | 000,000,000 | ---D | C] -- C:\Users\Alan\AppData\Roaming\Spotify
[2013/09/07 21:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/09/07 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

========== Files - Modified Within 30 Days ==========

[2013/09/17 05:27:02 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/17 05:22:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alan\Desktop\OTL.exe
[2013/09/17 04:48:53 | 001,029,675 | ---- | M] (Thisisu) -- C:\Users\Alan\Desktop\JRT (1).exe
[2013/09/17 04:37:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/09/17 03:24:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000UA.job
[2013/09/16 20:08:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/09/16 18:24:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-334125316-4088546140-4129291110-1000Core.job
[2013/09/15 15:26:16 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/15 15:26:16 | 000,021,200 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/15 15:19:17 | 000,000,204 | ---- | M] () -- C:\windows\SysWow64\secustat.dat
[2013/09/15 15:16:28 | 3736,920,064 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/14 15:02:38 | 000,002,688 | ---- | M] () -- C:\Users\Alan\.recently-used.xbel
[2013/09/14 11:40:01 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Alan\Desktop\dds.scr
[2013/09/13 10:42:43 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/09/13 10:42:43 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/09/13 10:42:43 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/09/13 06:37:21 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/09/13 06:37:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/12 11:33:19 | 000,000,056 | ---- | M] () -- C:\Users\Alan\Desktop\ProxySettings.bat
[2013/09/12 11:31:42 | 000,000,252 | ---- | M] () -- C:\Users\Alan\Desktop\proxysettings.reg
[2013/09/11 11:48:33 | 000,281,382 | ---- | M] () -- C:\MGlogs.zip
[2013/09/11 09:20:46 | 001,990,472 | ---- | M] () -- C:\Users\Alan\Desktop\MGtools.exe
[2013/09/11 09:09:46 | 009,879,648 | ---- | M] (SurfRight B.V.) -- C:\Users\Alan\Desktop\HitmanPro_x64.exe
[2013/09/11 09:06:57 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Alan\Desktop\tdsskiller.exe
[2013/09/10 14:52:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/10 06:07:18 | 000,312,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/09/09 18:01:08 | 000,572,808 | ---- | M] () -- C:\Users\Alan\Desktop\skypee.PNG
[2013/09/09 10:42:50 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2013/09/08 13:36:26 | 000,001,801 | ---- | M] () -- C:\Users\Alan\Desktop\Spotify.lnk
[2013/09/08 01:42:27 | 000,002,360 | ---- | M] () -- C:\Users\Alan\Desktop\Google Chrome.lnk
[2013/09/07 21:02:17 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/07 19:56:05 | 000,000,370 | ---- | M] () -- C:\windows\tasks\ReclaimerResumeInstall_Alan.job
[2013/09/07 19:53:07 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/09/07 19:49:57 | 000,000,175 | ---- | M] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/08/30 00:48:10 | 001,030,952 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/08/30 00:48:10 | 000,378,944 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/08/30 00:48:10 | 000,204,880 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/08/30 00:48:10 | 000,072,016 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2013/08/30 00:48:10 | 000,065,336 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2013/08/30 00:48:10 | 000,064,288 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2013/08/30 00:48:09 | 000,080,816 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/08/30 00:48:09 | 000,033,400 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2013/08/30 00:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/08/30 00:47:14 | 000,287,840 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe

========== Files Created - No Company Name ==========

[2013/09/14 15:02:38 | 000,002,688 | ---- | C] () -- C:\Users\Alan\.recently-used.xbel
[2013/09/12 11:33:19 | 000,000,056 | ---- | C] () -- C:\Users\Alan\Desktop\ProxySettings.bat
[2013/09/12 11:31:42 | 000,000,252 | ---- | C] () -- C:\Users\Alan\Desktop\proxysettings.reg
[2013/09/11 11:39:23 | 000,281,382 | ---- | C] () -- C:\MGlogs.zip
[2013/09/11 09:20:44 | 001,990,472 | ---- | C] () -- C:\Users\Alan\Desktop\MGtools.exe
[2013/09/10 14:52:09 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 17:58:00 | 000,572,808 | ---- | C] () -- C:\Users\Alan\Desktop\skypee.PNG
[2013/09/08 13:36:26 | 000,001,801 | ---- | C] () -- C:\Users\Alan\Desktop\Spotify.lnk
[2013/09/08 13:36:26 | 000,001,787 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/09/07 21:02:17 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/09/07 19:52:47 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ceac3e7fdd155c.job
[2013/09/07 19:50:02 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys.sum
[2013/09/07 19:50:01 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSnx.sys.sum
[2013/09/07 19:49:59 | 000,000,175 | ---- | C] () -- C:\windows\SysNative\drivers\aswSP.sys.sum
[2013/01/29 21:18:29 | 000,000,045 | ---- | C] () -- C:\windows\WF-3540.ini
[2012/12/24 18:36:08 | 000,000,204 | ---- | C] () -- C:\windows\SysWow64\secustat.dat
[2012/12/24 07:22:32 | 000,000,025 | ---- | C] () -- C:\windows\emcore.INI
[2012/09/30 14:49:40 | 000,000,258 | RHS- | C] () -- C:\Users\Alan\ntuser.pol
[2012/08/16 18:35:55 | 000,000,238 | ---- | C] () -- C:\windows\SysWow64\initparams.ini
[2012/03/03 09:29:00 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave_back.xml
[2012/01/23 22:31:06 | 000,003,584 | ---- | C] () -- C:\Users\Alan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/15 06:07:38 | 000,039,880 | ---- | C] () -- C:\windows\SysWow64\dischandler.exe
[2012/01/12 19:56:59 | 000,015,850 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\UserTile.png
[2012/01/09 13:00:48 | 004,346,880 | ---- | C] () -- C:\windows\SysWow64\ffmpeg.dll
[2012/01/08 14:49:20 | 000,197,719 | ---- | C] () -- C:\Users\Alan\.DLMSave.xml
[2012/01/08 14:49:10 | 000,001,238 | ---- | C] () -- C:\Users\Alan\.Setting.ini
[2012/01/07 15:22:00 | 000,172,032 | ---- | C] () -- C:\windows\SysWow64\libbluray.dll
[2012/01/07 15:21:50 | 006,366,094 | ---- | C] () -- C:\windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 15:21:50 | 001,007,151 | ---- | C] () -- C:\windows\SysWow64\avformat-lav-53.dll
[2012/01/07 15:21:50 | 000,354,979 | ---- | C] () -- C:\windows\SysWow64\swscale-lav-2.dll
[2012/01/07 15:21:50 | 000,203,306 | ---- | C] () -- C:\windows\SysWow64\avutil-lav-51.dll
[2012/01/07 15:21:50 | 000,138,727 | ---- | C] () -- C:\windows\SysWow64\avfilter-lav-2.dll
[2012/01/03 13:27:09 | 000,000,600 | ---- | C] () -- C:\Users\Alan\AppData\Roaming\winscp.rnd
[2011/12/25 12:21:05 | 000,000,268 | RH-- | C] () -- C:\ProgramData\libiconv
[2011/12/25 12:21:05 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\grep
[2011/12/25 12:21:05 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2011/12/25 12:21:05 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Sync
[2011/12/25 12:20:35 | 000,000,268 | RH-- | C] () -- C:\ProgramData\manual
[2011/12/25 12:20:35 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\howto
[2011/12/25 12:20:35 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/12/25 12:20:35 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Applause and Laugher
[2011/12/25 12:20:34 | 000,000,268 | RH-- | C] () -- C:\ProgramData\laserjet
[2011/12/25 12:20:34 | 000,000,268 | RH-- | C] () -- C:\Users\Alan\AppData\Roaming\filter
[2011/12/25 12:20:34 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/25 12:20:34 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Analog Pad
[2011/12/20 13:00:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/12/20 11:50:04 | 000,079,360 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2011/12/20 11:49:56 | 000,099,328 | ---- | C] () -- C:\windows\SysWow64\ff_wmv9.dll
[2011/12/20 11:49:54 | 000,158,720 | ---- | C] () -- C:\windows\SysWow64\ff_unrar.dll
[2011/12/20 11:49:54 | 000,146,944 | ---- | C] () -- C:\windows\SysWow64\ff_libmad.dll
[2011/12/20 11:49:52 | 001,525,248 | ---- | C] () -- C:\windows\SysWow64\ff_samplerate.dll
[2011/12/20 11:49:52 | 000,212,480 | ---- | C] () -- C:\windows\SysWow64\ff_libdts.dll
[2011/12/20 11:49:52 | 000,115,200 | ---- | C] () -- C:\windows\SysWow64\ff_liba52.dll
[2011/12/20 11:49:50 | 000,328,704 | ---- | C] () -- C:\windows\SysWow64\ff_libfaad2.dll
[2011/12/20 11:49:50 | 000,260,608 | ---- | C] () -- C:\windows\SysWow64\TomsMoComp_ff.dll
[2011/12/20 11:49:50 | 000,137,728 | ---- | C] () -- C:\windows\SysWow64\libmpeg2_ff.dll
[2011/12/07 12:32:24 | 000,216,064 | ---- | C] ( ) -- C:\windows\SysWow64\Lagarith.dll
[2011/09/28 18:12:06 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2011/09/28 17:32:23 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/28 17:18:50 | 000,001,156 | ---- | C] () -- C:\windows\HotFixList.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report >
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 17th, 2013, 9:06 pm

OTL Extras logfile created on: 9/17/2013 5:23:55 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alan\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 38.47% Memory free
7.22 Gb Paging File | 3.74 Gb Available in Paging File | 51.74% Paging File free
Paging file location(s): c:\pagefile.sys 1120 8100j:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 56.92 Gb Total Space | 3.25 Gb Free Space | 5.70% Space Free | Partition Type: NTFS
Drive D: | 69.85 Gb Total Space | 0.57 Gb Free Space | 0.82% Space Free | Partition Type: NTFS
Drive G: | 14.93 Gb Total Space | 0.00 Gb Free Space | 0.01% Space Free | Partition Type: FAT32
Drive I: | 3.37 Gb Total Space | 0.63 Gb Free Space | 18.56% Space Free | Partition Type: NTFS
Drive J: | 82.54 Gb Total Space | 1.34 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive K: | 53.75 Gb Total Space | 0.55 Gb Free Space | 1.03% Space Free | Partition Type: NTFS
Drive L: | 16.60 Gb Total Space | 1.25 Gb Free Space | 7.55% Space Free | Partition Type: FAT32

Computer Name: AL-LAPTOP | User Name: Alan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files (x86)\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D05069-35F5-4901-9F72-8EF4399FCB76}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{18876EE3-C1EA-4F37-82B5-1A975695A252}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1B88680C-2DEC-4408-8A55-F3F677CAD708}" = rport=2869 | protocol=6 | dir=out | app=system |
"{1F04DBCE-CC74-4B26-BF11-450FFFD430AD}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{20E0CAC6-D76B-4F6D-8514-F56DDBFE0E45}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{2F5224AD-9EE6-4F67-AB24-604D3D555EA8}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2FB6A931-6E47-4CAE-AAAE-75D89670E778}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{3738C96A-5B58-4E8E-8985-568AD3F0C47B}" = rport=139 | protocol=6 | dir=out | app=system |
"{44AE6D36-DE3F-4848-82A9-F27B7672DB5F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{473959C9-B19A-41B9-A295-30BDF5BC88AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F008263-2279-4594-852C-1E9AC922862C}" = rport=138 | protocol=17 | dir=out | app=system |
"{5C5290F8-98C1-414E-BE8B-6FC74DF0F0E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DCA38DE-B426-4794-B852-E0067C84A9A2}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{63299628-D5D1-45D0-9ECB-908745A47E2E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{66C45931-B8EF-496A-AF8A-BC84F9567878}" = lport=445 | protocol=6 | dir=in | app=system |
"{70854572-A2F9-43B4-95D4-04DC6979181C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7EEC7B82-4A89-40BF-B3F2-89DD52BBFF6B}" = lport=138 | protocol=17 | dir=in | app=system |
"{80DD1E41-B0B0-45E4-ABB9-EF29BB4EC165}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80DDA2EA-D266-46F9-AE51-4168605DB30F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{867C641B-E98C-4DD6-AFEC-A9381A22E51C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86BDAAB9-AEE0-4269-BEC2-C70232AAFEB6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{8825C59A-1921-4FBE-915E-173F0278AD26}" = lport=2869 | protocol=6 | dir=in | app=system |
"{897BF595-831C-4AB6-8481-EA54637A26A1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A120A53-DF20-4D5B-A12B-6364B75E2848}" = lport=139 | protocol=6 | dir=in | app=system |
"{8D749315-E704-4476-AF05-7AEE3ABB07C2}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{926BD8E3-C450-410A-B88C-5A66D615AC84}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{939C5F1C-C637-43E0-813C-AB592617CC86}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{98EC0068-CBD8-4F0C-9E0B-B6415287D91C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{997C4315-4A1A-408C-8A04-64F99A83FCBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{9A244EBD-982B-4A24-B26E-A1A7A82965EE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5AA10A8-F627-4B9B-9B61-95F2727C5010}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A78E3F4F-0A40-4AC3-B46F-BEF0A17E66F1}" = rport=445 | protocol=6 | dir=out | app=system |
"{AA65AE9C-EA52-4B7A-ADD5-8288B001EA75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AB40E143-AFCC-46A0-9E46-1BA45AAD74FC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B05EC7D6-2108-4E04-B220-0DBE4F906C3B}" = lport=137 | protocol=17 | dir=in | app=system |
"{B188D4C4-5142-4F51-848C-AEF39FF11D71}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6FB6A36-1ADA-4712-B37B-381D2C6243A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BDA094D3-DF22-4D13-8493-921184AD260D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC448D4A-7849-4FCF-AF50-9E939800942B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CCCB12E1-B45F-45EE-964E-BCD487A06337}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D94A78A2-D640-4F1B-BC7F-654D3F30D229}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DDDD554D-D6A4-4BFA-9B99-1EB8E12E74FC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8D2B320-1851-4677-AC37-0AD227AAF0D5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F0D44153-3198-4D77-AD60-6E08E18CCEA1}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{F2925449-EE3D-484A-9E9E-4CE8040A8E88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F2D5F182-CFFA-473A-A753-F0823F48E97F}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{F6D8677A-D545-417E-9CAC-E365F5CD8EBB}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E5EB326-4B52-4306-BDDA-6CF7CE407423}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{104987C2-A907-41A0-BF26-39E49982A6C4}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{13772ED5-2357-4916-B180-F4CA5A84FF01}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{1611B67E-BFAC-4630-88D5-E61A6B750B8E}" = dir=in | app=c:\users\alan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{18DCD5CB-80D6-49F8-81B9-533245D4713C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{1CF51A75-365F-4DFA-9EEC-5B6E06D9CB92}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1DF6D89F-B23C-4E77-82AB-4BEAC492BFF8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1F05426F-F8E4-4223-856A-E80AE6A4B2BE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{21DECD02-71E8-40A2-BA6A-67D0BC265146}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe |
"{33A9BFC3-F5F4-4B2B-8516-2D92A3CCA590}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{37921920-D8E8-42C8-A6FA-8AFFAB363C22}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38D0A24D-E500-4062-A5D5-690745FD870F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B791CF5-3617-4ED1-B04C-E0C287216CDD}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4497F6CB-4C30-43F7-830D-15D116AEC8B5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{46B4B867-8840-450E-A30E-C1864918A08A}" = protocol=6 | dir=out | app=system |
"{499EEC2F-DE87-4C88-87D9-2E4A7C2FB44C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A148F5E-25DF-4A43-A17B-B859795CBC3C}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4D8D5E6A-44B2-43DD-B6F5-D11FBAFD2990}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{5020DAEE-C287-4043-877C-620EF861E506}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5449F791-C34B-47A3-B00E-9BEE971C82C4}" = protocol=17 | dir=in | app=c:\users\alan\appdata\local\google\chrome\application\chrome.exe |
"{5C36E0BC-B703-4DC3-9BFF-0D710F518DA5}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5DC4CC0A-1A78-4DA1-A9D2-30591F81E164}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{60544FE1-97C4-4A79-BA2F-6BFCBB29E56F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{622A4EE2-48B1-43BF-A06F-F6FE649A279E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{66ED8A60-F6C7-47E8-8BDA-3CA9F7E5BCDF}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{68C505C4-3049-4CCA-A06A-1F7B1A139F20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6C823BC5-1F40-4E29-BA8D-7359536A11D1}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6FD5B600-1CE9-48D9-8237-390D4E2782E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6FD858F3-F39A-4D57-8655-B4B18D3D467C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{717F0186-3625-4C11-AEFA-03A2942A24B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{719B7003-D9AC-49D3-A812-53DDA8A0B914}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe |
"{736B2357-5BE0-45DA-9127-1AB319BB120D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7BF3DB9A-C952-4707-B669-3904AAC9305E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7C055A3B-8667-477A-B305-D3C2ECA12C24}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{81548E14-56A8-4372-9574-6E4F2A676894}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{81662B34-DE7C-4B3A-93F0-3BD7B06B06DF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{83D1D5C2-08CA-41B7-8D5E-33124F37C07C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{86F49D66-64DD-4ABF-9251-D8920AF0C863}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{8B00EFB5-BD1D-45D7-8E20-1385F914016A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{94E0628A-F283-4E81-83BA-1B2D8C1EDB5C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{95FEFF45-00BE-43CE-B6CE-BE293A42A1B4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{96E499C0-D6A1-4A59-9CE7-4234295998BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9C5577F3-85EE-4C04-88C9-69372F0BB658}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A785E34B-0C0B-40B3-8315-3521D681128F}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{AB9B8237-BA1A-47CB-BD0F-3C1922D83F08}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify.exe |
"{ABD7F0E8-3B87-4323-87AF-984E42C38095}" = protocol=58 | dir=in | app=system |
"{AF67B098-B0E1-4AFB-B72F-7079463DDA74}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{AFED30A2-FC95-4CB4-A13A-69EDF7EBF6EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7ED3BFF-CD56-4C48-B267-0ABA0C7F5C69}" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify.exe |
"{B9A9C3A0-9523-4837-87AB-0CEE3B62CAD6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C6D28A06-B831-43C7-9CC9-D15E2EFEC714}" = protocol=17 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D0ACE91A-CFEC-4ACD-9D1A-67AB49143C23}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{D6305295-AD7A-4349-940D-48DBD6B51E0A}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{DB74E041-2E3F-4F1D-9A1B-94B0B63A2823}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify.exe |
"{DB87DC6A-77AA-4FC8-ADF2-B37A6D861665}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE3BC64E-6BD7-4B29-A1B5-BB882920B912}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E11E0434-4F93-4F26-85A6-CBC2EAC7A153}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe |
"{E153C1D2-5DD9-4428-82FB-F8E766853B9F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E21326BF-233E-49EA-9941-6E094F44D73D}" = protocol=17 | dir=in | app=c:\users\alan\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E247687B-25BA-48E4-BB7A-2FDCD06ACEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{E399E8B2-8155-4097-AAB6-05E10C88826A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E4520EEA-04EB-4F69-BBA5-5849D0B27B6B}" = protocol=6 | dir=out | app=system |
"{E6D79889-136D-4D5A-8610-C6E9AE5FCD50}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{E96E7175-C5CC-4E9F-93B4-BFBF7CCB8A8A}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe |
"{F0D36A26-2FFC-498F-B109-7B7B395871A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F40C0436-A137-4578-9D71-221BFD24BD86}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe |
"{F72DDF8F-5DAE-4EA0-8D16-CECB3A6CEAEE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7B57EE1-8F43-4E00-A58D-8F93F6796C65}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{FC400869-216D-4F3E-B680-A2504363A694}" = protocol=6 | dir=in | app=c:\users\alan\appdata\local\google\chrome\application\chrome.exe |
"{FE703831-D4FB-4FC1-9C7D-88F86DCFDDF8}" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\spotify\spotify.exe |
"TCP Query User{06858CEA-DF15-4064-99CC-C8DAD1C9B279}C:\program files (x86)\free download manager\fdmwi.exe" = protocol=6 | dir=in | app=c:\program files (x86)\free download manager\fdmwi.exe |
"TCP Query User{143A40C2-60D9-42FF-906C-B5B7380991DD}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2B85C057-13AB-471C-B539-956335F875F1}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{426AEA92-16A3-4E5F-B5A7-79EDD5B6597C}C:\program files (x86)\tomahawk\tomahawk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tomahawk\tomahawk.exe |
"TCP Query User{45D4644A-B42B-421F-94B7-C006AD950350}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{A298C4A7-B7BD-4671-8B35-0192833F71DF}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{B7CCA160-CAA7-403F-A718-316D43071CE9}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{C604372E-F0B3-4C52-8C8C-04494B3109C3}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"TCP Query User{E35A4EE9-0C21-4CA7-81DF-26F8EDF70016}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E74C312F-E711-4B29-A409-C5D30B370999}C:\program files (x86)\photobie\photobie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\photobie\photobie.exe |
"TCP Query User{ECF207CA-B8D1-4FF1-AED9-29474F606636}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"TCP Query User{ED3388AF-4822-4D38-BB12-FB3DC09DB182}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{F863BA91-2066-4465-AA3C-1E345AA47E1B}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{050C09AB-DA6E-4BF3-A5FA-8AC9ACEE07DB}C:\program files (x86)\tomahawk\tomahawk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tomahawk\tomahawk.exe |
"UDP Query User{1136373D-41E2-4BEE-93BE-6F58135A65B4}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{325ACBCE-97F8-47F1-A56D-B5E2A2AC25B6}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{3462117D-163C-40D9-A8C0-6B74273A196F}C:\program files (x86)\flashget network\flashget 3\flashget3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\flashget network\flashget 3\flashget3.exe |
"UDP Query User{6017AB3B-BEB2-410B-BD47-77D9035AD130}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{6237C107-2161-49E5-975C-06FF6AF2F1C4}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{838F6EAB-B560-4BF9-A011-416DA90D5BC8}C:\program files (x86)\free download manager\fdmwi.exe" = protocol=17 | dir=in | app=c:\program files (x86)\free download manager\fdmwi.exe |
"UDP Query User{B755C31D-C263-4A30-9CCD-7DD821D32BA6}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{C54F67FD-99AA-4ED0-96EC-7303FB7D1EAE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C7EB3087-863D-46C5-9732-AC18BCA45CC6}C:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\alan\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{D3FD785D-4DEC-4758-A147-9E9F0FF410B0}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{DAA63801-EF63-4953-AE92-982768912073}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{EB79B65E-A6B6-4679-ACA3-450E8B82DAA8}C:\program files (x86)\photobie\photobie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\photobie\photobie.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFe}" = Python 3.2.2 (64-bit)
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A50B8D6-E90A-724A-2FC0-6E5674022CFB}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC8E1CA9-AADA-A13B-5838-657440400A3D}" = ccc-utility64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 4.0.0.463
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Elantech" = ETDWare PS/2-X64 10.0.7.3_WHQL
"EPSON WF-3540 Series" = EPSON WF-3540 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E1BB4B4-00FF-45B1-914B-AB8D8B9862B3}" = Windows Live UX Platform Language Pack
"{0E1D9D4F-B377-2210-BD05-0E7BE30D303B}" = CCC Help Italian
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F6A576E-C6E3-437E-B389-262EBC86B09A}" = Windows Live UX Platform Language Pack
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.5
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FEE19BC-6F0C-42E4-82FF-FB597F6141DF}" = Windows Live Essentials
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{22FB113C-A78B-480E-9A59-73BD65A3E3DD}" = Bulkr
"{2329E182-DFC8-4C1E-AF2C-758F25347F69}" = „Windows Live Essentials“
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{262E7632-72F9-4CBE-9461-937F24106EF2}" = Windows Live Essentials
"{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28B2947F-FC0B-4450-80E3-6DF698E824A6}" = Windows Liven peruspaketti
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2AD738DC-FC24-4342-A2DA-BB6DCCF6B048}" = Jing
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2CFA7720-C652-AF18-1F83-AC6023A83915}" = Catalyst Control Center Localization All
"{2E295B5B-1AD4-4d36-97C2-A316084722CF}" = Python 2.7.2
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EC1A568-212C-6642-AA8D-2DA30F372179}" = CCC Help Chinese Traditional
"{2FCFF8C4-5FD6-2B89-9810-9846DE42627A}" = CCC Help Spanish
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3123396C-3EFE-4DCB-8033-F5D182D6597D}" = Windows Live Essentials
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33E7FB04-26EC-6127-1908-DC24AFC66466}" = CCC Help Swedish
"{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{3783839C-AD95-691C-8A49-1732348C69F3}" = CCC Help French
"{38EF9E37-2192-C791-99B3-A6E8C6BAFE33}" = CCC Help Danish
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C63F944-803E-49A7-B3A2-B8AB3313E883}" = Windows Live UX Platform Language Pack
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3D4F3F4C-E364-4E46-BFB1-A00BF9777422}" = Windows Live UX Platform Language Pack
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FD0036E-236A-4EDD-894D-4374BEE64464}" = Windows Live UX Platform Language Pack
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43164A3F-5573-15F3-8CD8-11E3B9AA1079}" = CCC Help English
"{43581DF7-93E6-BD34-26B6-3DC723B29DC1}" = CCC Help Russian
"{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44A3A561-AE74-472D-A51C-43F4C9E7B5E5}" = Windows Live 软件包
"{44F72193-F59C-4303-BAE8-E3E4BC1C122C}" = Epson Event Manager
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{476C5E21-9418-4A76-80A3-0C6A470AC637}" = Windows Live Essentials
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{49F068F2-4323-417B-AFC8-1E43F479D46C}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
"{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{533A6791-FD82-0307-FFA7-28F07ED0C0B1}" = CCC Help German
"{537B16E0-A39F-47CB-9C1E-50978862B108}" = Windows Live UX Platform Language Pack
"{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
"{56232E3D-7EA9-45E0-A371-26CD80510AF7}" = Windows Live UX Platform Language Pack
"{5917D694-AFC3-46BF-8CAB-0DABAF9D6FCB}" = Windows Live UX Platform Language Pack
"{5A30E103-9FA6-4A23-A107-E1F5F174BB62}" = Windows Live Temel Parçalar
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}" = Nikon Movie Editor
"{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D6D7C60-FE76-43E7-A135-8B0CD15914C7}" = Windows Live UX Platform Language Pack
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{6124515F-2B97-8FCA-04A1-D11996AB9BF9}" = CCC Help Thai
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{627E9BA7-5B02-E517-96DD-FAE65E332746}" = CCC Help Greek
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{685EE156-6B74-4F0D-BF87-9A15AAA1D9A3}" = Windows Live 필수 패키지
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6B77DDC6-93A8-4730-887E-C8F46728358F}" = Catalyst Control Center - Branding
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{715F9B21-2817-402A-9BF0-BDA764D21F09}" = Windows Live Essentials
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7511A7C8-56E9-92F0-5186-5D575EA9B772}" = CCC Help Norwegian
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
"{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{797DC296-ADC5-4A08-8CBC-AEB0D6F4B249}" = Windows Live Essentials
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7E9A63B3-8572-4A4B-9F87-3C2A873BBC55}" = Windows Live UX Platform Language Pack
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{802E137D-DA8F-47CC-AC21-6DD075CD948C}" = Windows Live UX Platform Language Pack
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{81CF4226-47C1-418C-8718-1B3ED2C37878}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
"{841C89AF-5DE3-3814-7F17-D4196B0DE094}" = AMD VISION Engine Control Center
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{857BC375-BCFB-474E-9BD9-7EBB18EC55E0}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{88809C3E-8C92-4454-AEB7-B26166E3D6CD}" = Windows Live UX Platform Language Pack
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95BB7324-77D3-4BF3-8CF6-29F0857AC175}" = Easy File Share
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{9869099A-6A44-4590-9430-BF7AC74EBCC6}" = Windows Live UX Platform Language Pack
"{99AA6730-54CD-4B9E-B05B-0A5196743923}" = Windows Live UX Platform Language Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B4D3AFE-8679-4704-AA4C-BAB0E41870EF}" = Windows Live Essentials
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A17B9856-40CF-4BEA-BB65-ADB8154A83DC}" = LG Verizon United Driver
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A37F2060-813A-4325-9456-272B10EE75EF}" = Windows Live Essentials
"{A3D995FA-C9A0-4E7D-B430-3F7A6731B4D5}" = Windows Live UX Platform Language Pack
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A510054A-5D1A-7E41-41D9-B98CE7C32B5D}" = CCC Help Portuguese
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E73DE5-E5FD-4923-9D88-E09ECD1F3545}" = Podstawowe programy Windows Live
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96A855B-89F7-40D4-A57E-580DFD4235B3}" = Windows Live UX Platform Language Pack
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AD86049C-3D9C-43E1-BE73-643F57D83D50}" = Easy Migration
"{ADE1F206-1365-4B14-9A24-4B1A7DD58BAC}" = Windows Live UX Platform Language Pack
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE6910CD-EBA3-857F-7C55-F474A185B08A}" = CCC Help Polish
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B249C226-0A76-96AE-8F02-A1D6B10D9908}" = CCC Help Chinese Standard
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B41085FB-3F5B-2FA4-444D-8FFF81CD3887}" = CCC Help Japanese
"{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B66CFC88-6729-4A0F-8610-258413159C35}" = Windows Live UX Platform Language Pack
"{B693A4C3-B708-4F25-978E-56CA2517914C}" = Windows Live UX Platform Language Pack
"{B707DEE4-DD24-C96B-7BC7-B9B164ECA8A6}" = CCC Help Turkish
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
"{BA068968-594F-40BE-8EE8-99119123C991}" = Windows Live UX Platform Language Pack
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BEA0C361-4CEF-4132-AA16-86E95AE9293E}" = Windows Live Essentials
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2D4CD4A-AE20-40B3-8726-8ED1C03E8C15}" = Google Drive
"{C40D110E-0718-4E11-A69B-D4EC7BF2EB04}" = Windows Live UX Platform Language Pack
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C4D82144-B2D5-4A0E-A470-16F13EBC5BCB}" = Windows Live Essentials
"{C515758F-934D-EDC9-10E2-EE59EFAA95FC}" = CCC Help Czech
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
"{C9D08433-5FDD-43C6-8482-7AFA7D891D98}" = Windows Live UX Platform Language Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2CFF53-74EC-0073-DE4B-52B5CBACBAAC}" = CCC Help Dutch
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
"{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1750F58-4A07-B0FA-D930-3277950099C1}" = Catalyst Control Center InstallProxy
"{D1952E4A-9F67-4693-A06D-DA8E0FB2B00D}" = Windows Live Essentials
"{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D35203CE-AB4A-A4D6-5516-9E5DE7C64C81}" = CCC Help Korean
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D9757258-30B2-496E-86F2-84920C5858E1}_is1" = CollageIt 1.9.0
"{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{D9D4D271-609F-440D-A9EC-A66B0815CFE2}" = Windows Live Essentials
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCA5D0DE-F6AC-4E24-A924-03561D26BE97}" = Windows Live Essentials
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DD4C6EAE-DB02-41AB-BE05-825E09CB77F7}" = LibreOffice 3.4 Help Pack (English)
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18F981B-401C-4D90-BC57-D8903564D558}" = Windows Live UX Platform Language Pack
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E64C137C-D0B7-467A-B47F-460AAB30F0A3}" = ViewNX 2
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E7AE39C6-B669-433F-A351-CA132C611310}" = Windows Live UX Platform Language Pack
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9737B7B-41A9-9BA7-9FE9-EA0119C0A2C1}" = CCC Help Hungarian
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA2BE047-FF29-4336-BB70-6AF201085BAF}" = Windows Live 程式集
"{EA348D4B-FB4D-4449-8749-654CA51F56A6}" = Windows Live UX Platform Language Pack
"{EB38C3E0-4863-3123-9114-5BE86EC8E5C7}" = Google Talk Plugin
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{F09DD76B-D3D3-4558-B5BC-F1EEA6E00162}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F1CA7DAE-F998-499C-8CA5-FC58CA2416EC}" = Windows Live Essentials
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Easy Support Center 1.0
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F7304CCF-B4A0-49C7-88A8-CD3F28FFBF9A}" = Основные компоненты Windows Live
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F9B257B6-0DA2-40E1-BAE4-0D64A2C9EE5E}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FC7F96CA-E039-D308-04AB-663534D5EDC1}" = CCC Help Finnish
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE5B524F-CD89-4457-B8C1-9299F17E6634}" = Windows Live UX Platform Language Pack
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.22beta
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"avast" = avast! Free Antivirus
"bi_uninstaller" = Bundled software uninstaller
"CameraUserGuide-PSSX260HSandSX240HS" = Canon PowerShot SX260 HS and SX240 HS Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC 8
"com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1" = Bulkr
"Digital Editions" = Adobe Digital Editions
"DigitalEditions" = Digital Editions Converter
"EPSON Connect_is1" = EPSON Connect version 1.0
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FlashGet3.7" = FlashGet3.7
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"Game Console - WildGames" = WildTangent ORB Game Console
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 9.04
"ImageBrowser EX" = Canon Utilities ImageBrowser EX
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite
"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Media Player - Codec Pack" = Media Player Codec Pack 4.1.4
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"Mozilla Thunderbird 9.0.1 (x86 en-US)" = Mozilla Thunderbird 9.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"NoteTab Light 6_is1" = NoteTab Light 6 (Remove only)
"OpenVPN" = OpenVPN 2.2.1
"Photobie" = Photobie -- photo editing software from Photobie Design
"PhotoStitch" = Canon Utilities PhotoStitch
"RealPlayer 16.0" = RealPlayer
"Ringtone Maker" = Ringtone Maker
"SendToKindle" = Amazon Send to Kindle
"SpeedFan" = SpeedFan (remove only)
"Tomahawk" = Tomahawk
"TunnelBear" = TunnelBear 1.0.32
"UFRaw_is1" = UFRaw 0.19.2
"VLC media player" = VLC media player 2.0.6
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.6
"wp-som" = Web Protect for Windows
"WT085559" = Diner Dash 2 Restaurant Rescue
"WT085567" = Chuzzle Deluxe
"WT085580" = John Deere Drive Green
"WT085581" = Penguins!
"WT085583" = Polar Golfer
"WT085587" = Agatha Christie - Death on the Nile
"WT085597" = Build-a-lot
"WT085618" = Farm Frenzy
"WT085622" = Insaniquarium Deluxe
"WT085663" = Peggle
"WT085669" = Plants vs. Zombies
"WT089285" = Zuma Deluxe
"WT089286" = Bejeweled 2 Deluxe

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"JDownloader Packages" = JDownloader Packages
"LastPass" = LastPass (uninstall only)
"MusicManager" = Music Manager
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2013 8:20:41 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1019
Description =

Error - 9/17/2013 8:20:41 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1006
Description =

Error - 9/17/2013 8:20:54 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1019
Description =

Error - 9/17/2013 8:20:54 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1006
Description =

Error - 9/17/2013 8:21:05 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1019
Description =

Error - 9/17/2013 8:21:05 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1006
Description =

Error - 9/17/2013 8:22:24 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1019
Description =

Error - 9/17/2013 8:22:24 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1006
Description =

Error - 9/17/2013 8:22:35 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1019
Description =

Error - 9/17/2013 8:22:35 AM | Computer Name = Al-Laptop | Source = Windows Search Service | ID = 1006
Description =

[ System Events ]
Error - 9/17/2013 8:20:42 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%6801

Error - 9/17/2013 8:20:42 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
92 time(s).

Error - 9/17/2013 8:20:55 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%6801

Error - 9/17/2013 8:20:55 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
93 time(s).

Error - 9/17/2013 8:21:06 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%6801

Error - 9/17/2013 8:21:06 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
94 time(s).

Error - 9/17/2013 8:22:25 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%6801

Error - 9/17/2013 8:22:25 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
95 time(s).

Error - 9/17/2013 8:22:36 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7023
Description = The Windows Search service terminated with the following error: %%6801

Error - 9/17/2013 8:22:36 AM | Computer Name = Al-Laptop | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
96 time(s).


< End of report >
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 18th, 2013, 5:59 am

Hi,
Did you ask for help at another forum about this problem?

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
  • (Click the select all button next to the codebox to select the entire script).
    Code: Select all
    :commands
    [createrestorepoint]
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
    IE - HKCU\..\URLSearchHook: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - No CLSID value found
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;127.0.0.1;*.local;<local>
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
    O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O33 - MountPoints2\{65409abe-7250-11e1-9ef4-e81132e4109b}\Shell - "" = AutoRun
    O33 - MountPoints2\{65409abe-7250-11e1-9ef4-e81132e4109b}\Shell\AutoRun\command - "" = F:\SISetup.exe
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next.

Please download MiniToolBox.exe and save it to your Desktop.

  • Right click MiniToolBox and select " Run as administrator " to run it.
  • Check the following in the list:
  • Report IE proxy settings.
  • Report FireFox proxy settings.
  • Click Go.
  • A file name Result.txt will be created in the same location where you downloaded MiniToolBox.exe
  • Please post the contents of the Result.txt in your next Reply.

Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Result.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 18th, 2013, 6:30 am

Hi again,

No, but I did download and play with a few tools before asking here, based on what I read in some other places. I was still having the problem and so that's why I "opened a ticket" here. I hope I didn't make things worse. Should I go ahead with OTL and MiniTool?

Thanks, Alan
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 18th, 2013, 10:18 am

Hi,
I did download and play with a few tools before asking here, based on what I read in some other places.

I noticed you had some tools installed that you wouldn't usually see on a home computer.
Be careful running tools on your own, used incorrectly they can render your computer unbootable.
Should I go ahead with OTL and MiniTool?

Yes go ahead and post the resulting logs.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 18th, 2013, 11:03 am

Yes I decided the tools and instructions were beyond me, so I promise not to touch them again unless asked :)

I just ran OTL and while it was emptying temporary files with a message to not interrupt, a box popped up. It said something about a windows critical error, save your work, shutting down. It looked like the temp files were still emptying in OTL. The machine did reboot (you'd scared me!) but there's no log from what I can tell. Should I run the fix again?

Please advise -- thanks!
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 18th, 2013, 11:49 am

Hi,
No don't run the OTL fix again, post the MiniToolBox Result.txt
.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Malware repeatedly changing my proxy server

Unread postby mal-an » September 18th, 2013, 12:34 pm

Something weird happened with MiniToolBox. Instead of generating a log, both of my open browsers closed and reopened with Sweetpacks Toolbars installed, which can't be good. Additionally, Chrome had new extensions installed: JollyWallet and something called Iminent (sic). Possibly WordOv too because I don't remember/recognize it. Yikes!

Oh and during what was supposed to be the MiniToolBox process, a box was on the screen with one of those ads circa 2001 that would shake and said to upgrade IE. I didn't, of course.
mal-an
Regular Member
 
Posts: 49
Joined: September 14th, 2013, 2:43 pm

Re: Malware repeatedly changing my proxy server

Unread postby Cypher » September 18th, 2013, 12:47 pm

Hi,
Something weird happened with MiniToolBox. Instead of generating a log, both of my open browsers closed and reopened with Sweetpacks Toolbars installed

Did you download MiniToolBox from the link i provided?
I just downloaded and ran it myself, and nothing else was installed on my computer.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

  • Right click on OTL.exe And select Run as administrator to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, one Notepad file will open.
    • OTL.txt <-- Will be opened
    • Please post the contents of this Notepad file in your next reply.

    Logs/Information to Post in your Next Reply

    • AdwCleaner log.
    • OTL log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware