Iebho.dll - Moved by Jintan

dmavric · #1 July 4th, 2012, 01:20 AM

I'm having the same problem with IEBHO.DLL. Only difference is mine is under Prog2\wia6eb\datamngr\x64\iebho.dll. As far as I can recall the only software that I've installed was an update for iTunes - and now this error msg pops up every time I start any program, log in or whatever. Its really annoying. I've read through the previous post, and am running Malwarebytes - output file attached. If you can please help me, it would be greatly appreciated!!!

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: DARIO [administrator]

Protection: Enabled

7/3/2012 11:38:31 AM
mbam-log-2012-07-03 (17-16-24).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 1182498
Time elapsed: 5 hour(s), 10 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Garmin\Garmin City Navigator North America NT 2012.10\garmin map unlocker\unlocker.exe (RiskWare.Tool.CK) -> No action taken.
C:\Users\user\AppData\Roaming\data.dat (Stolen.Data) -> No action taken.
C:\Users\Public\Documents\dll (Trojan.Ransom) -> No action taken.

(end)

**Jintan** · #2 July 5th, 2012, 12:45 AM

Welcome to CTH dmavric,

I moved your post here to it's own request thread. Too difficult mixing them up. Let's take a more complete look at what all is there.

The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"

To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

dmavric · #3 July 5th, 2012, 03:57 PM

Hey Jintan,

Yeah, sorry about posting to the other gents post - thought it might be easier since we both had the same issue. Below is the output files from OTL. The only thing is you said there would be 2 files output by OTL - there was only 1? anyways I hope you are able to help.

thanks
dario

OTL logfile created on: 7/5/2012 7:36:54 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 49.79% Memory free
12.00 Gb Paging File | 6.91 Gb Available in Paging File | 57.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 468.44 Gb Free Space | 50.29% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1260.36 Gb Free Space | 67.65% Space Free | Partition Type: NTFS

Computer Name: DARIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/05 07:24:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/24 13:28:50 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
PRC - [2012/04/30 16:18:00 | 005,235,608 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/04/24 09:31:34 | 001,150,368 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/04/15 11:43:34 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\user\AppData\Local\Google\Update\1.3.21.1 11\GoogleCrashHandler.exe
PRC - [2012/04/11 12:09:14 | 001,177,496 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/04/11 12:01:46 | 000,247,704 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/02/01 10:36:38 | 022,140,304 | ---- | M] (magicJack L.P.) -- C:\Users\user\AppData\Roaming\mjusbsp\magicJack.ex e
PRC - [2012/01/24 17:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/01/24 17:21:22 | 000,021,880 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
PRC - [2012/01/24 17:11:56 | 000,705,912 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
PRC - [2012/01/24 17:06:48 | 000,673,144 | ---- | M] (Schneider Electric) -- C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/08 18:34:24 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/10/06 16:22:20 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\iCamSource\iCamSource.exe
PRC - [2011/09/14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 12:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/01 17:15:30 | 006,123,032 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2011/01/17 23:52:12 | 000,984,408 | ---- | M] (Intuit Canada ULC.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2011/01/17 22:28:28 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/11/20 05:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/10/25 15:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/08/30 14:28:02 | 000,032,600 | ---- | M] (Thought Communications, Inc.) -- C:\FaxTalk\FTmsgsvc.exe
PRC - [2010/08/30 14:27:46 | 000,120,152 | ---- | M] (Thought Communications, Inc.) -- C:\FaxTalk\FTclctrl.exe
PRC - [2010/08/30 14:27:40 | 000,014,680 | ---- | M] (Thought Communications, Inc.) -- C:\FaxTalk\Fapiexe.exe
PRC - [2010/08/05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/08/05 09:46:02 | 000,104,408 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2009/11/12 19:30:44 | 001,500,384 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackup.exe
PRC - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009/07/27 22:53:32 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\Intuit\QuickBooks 2010\QBDBMgr.exe
PRC - [2009/06/04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/28 03:28:56 | 000,438,296 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\ppGoogleNaClPluginChrome.dll
MOD - [2012/06/28 03:28:54 | 003,972,120 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\pdf.dll
MOD - [2012/06/28 03:27:40 | 000,554,520 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\libglesv2.dll
MOD - [2012/06/28 03:27:38 | 000,117,784 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\libegl.dll
MOD - [2012/06/28 03:27:29 | 000,140,328 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\avutil-51.dll
MOD - [2012/06/28 03:27:28 | 000,262,184 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\avformat-54.dll
MOD - [2012/06/28 03:27:26 | 002,386,984 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\avcodec-54.dll
MOD - [2012/06/28 01:27:26 | 009,252,040 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\gcswf32.dll
MOD - [2012/06/28 01:27:26 | 009,252,040 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\APPLIC~1 \200113~1.47\gcswf32.dll
MOD - [2012/06/13 22:09:54 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Mic rosoft.VisualBas#\6c59a14a23f734093e80d6093e25302a \Microsoft.VisualBasic.ni.dll
MOD - [2012/06/13 22:03:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6 \System.ServiceProcess.ni.dll
MOD - [2012/06/13 22:03:39 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\a501b7960f6c6e2e39162b83f3303aaa\System.We b.ni.dll
MOD - [2012/06/13 22:03:18 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\7b7fbe651c6e72f12099a298654c9594 \System.Windows.Forms.ni.dll
MOD - [2012/06/13 22:03:12 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\Syste m.Drawing.ni.dll
MOD - [2012/05/08 18:12:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c \System.Runtime.Remoting.ni.dll
MOD - [2012/05/08 18:12:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\f3814b488d9e083cbbc623e01b389f09\System.D ata.ni.dll
MOD - [2012/05/08 18:11:33 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xm l.ni.dll
MOD - [2012/05/08 18:11:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d \System.Configuration.ni.dll
MOD - [2012/05/08 18:11:29 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/08 18:11:24 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni .dll
MOD - [2011/10/06 16:22:20 | 001,124,352 | ---- | M] () -- C:\Program Files (x86)\iCamSource\iCamSource.exe
MOD - [2011/08/22 15:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper \DevManagerCore.dll
MOD - [2011/08/19 02:26:16 | 000,183,320 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\SharedBin\LvApi11.dll
MOD - [2011/08/12 12:20:56 | 000,053,784 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\VMSysPS.dll
MOD - [2011/08/12 12:20:56 | 000,053,784 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\UMVPLMutePS.dll
MOD - [2011/08/12 12:20:48 | 000,054,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\MRSystemPS.dll
MOD - [2011/08/12 12:20:24 | 000,053,784 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\MMSysPS.dll
MOD - [2011/08/12 12:19:50 | 000,053,784 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\FxPreviewPS.dll
MOD - [2011/08/12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 12:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/07/28 16:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 16:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/15 17:23:58 | 002,068,568 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\Windows\DRM\Cache\Ind iv_SID_S-1-5-21-623606949-1928459591-1333054469-1000\Indiv01.key
MOD - [2010/11/04 18:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2010/10/29 13:01:30 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
MOD - [2010/05/07 18:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2010/05/07 18:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2010/05/07 18:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2010/05/07 18:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2010/05/07 18:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2009/11/12 19:30:58 | 001,804,000 | ---- | M] () -- C:\Program Files (x86)\WD\WD Anywhere Backup\Memeo.Client.UI.dll
MOD - [2009/10/21 15:04:16 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\WD\WD Anywhere Backup\sqlite3.dll
MOD - [2009/04/22 14:53:56 | 000,969,040 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
MOD - [2009/04/09 16:04:56 | 002,141,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
MOD - [2009/03/03 15:18:08 | 000,138,064 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
MOD - [2009/03/03 15:18:06 | 000,035,152 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
MOD - [2009/03/03 15:18:06 | 000,029,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
MOD - [2009/03/03 15:17:46 | 011,311,952 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
MOD - [2009/03/03 15:17:46 | 000,363,856 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
MOD - [2009/03/03 15:17:44 | 000,200,016 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
MOD - [2009/03/03 15:17:40 | 000,475,472 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
MOD - [2009/03/03 15:17:38 | 007,704,400 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
MOD - [2009/03/03 15:17:32 | 000,291,664 | ---- | M] () -- C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
MOD - [2008/09/24 22:33:44 | 000,484,352 | ---- | M] () -- C:\Program Files (x86)\iCamSource\AppData\lame_enc.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/06 16:32:00 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/05/06 02:30:22 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 18:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/04/24 09:31:34 | 001,150,368 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/04/19 14:32:36 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/11 12:09:14 | 001,177,496 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/04/11 12:01:46 | 000,247,704 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/24 17:21:22 | 000,021,880 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe -- (APC Data Service)
SRV - [2012/01/24 17:11:56 | 000,705,912 | ---- | M] (Schneider Electric) [Auto | Running] -- C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/11/23 02:36:24 | 002,391,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/15 01:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/08 18:34:24 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/09/14 23:06:38 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2011/01/21 17:44:30 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/17 22:28:28 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/08/30 14:28:02 | 000,032,600 | ---- | M] (Thought Communications, Inc.) [Auto | Running] -- C:\FaxTalk\FTmsgsvc.exe -- (FaxTalk Messenger Pro 8)
SRV - [2010/08/05 09:46:02 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/12 19:30:42 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2009/08/27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/11/18 17:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS. exe -- (QBFCService)
SRV - [2008/08/07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2006/12/22 13:34:52 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C310(UVC)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/07/07 16:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/29 15:11:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/27 10:05:02 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/09/26 19:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/19 21:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/18 02:00:16 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/03/18 02:00:00 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 17:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 17:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/11/04 11:21:12 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/03 11:30:58 | 000,058,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007/02/03 11:25:56 | 000,955,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CamDrL64.sys -- (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0)
DRV - [2011/10/08 18:04:08 | 000,020,336 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
DRV - [2011/09/20 15:27:44 | 000,021,872 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2011/09/20 15:27:38 | 000,033,184 | ---- | M] (IObit.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA74C8}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mkhindustries.com/
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E FD C7 DC C0 82 CB 01 [binary data]
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\SearchScopes,DefaultScope = {6C4094A8-400C-4DF7-A938-A9A634EBBE52}
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\SearchScopes\{6C4094A8-400C-4DF7-A938-A9A634EBBE52}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.micros oft:{language}:{referrer:source}&ie={inputEncoding ?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms}
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\SearchScopes\{913A53A5-58EB-480E-9D6F-9ECD926AC03E}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.mkhindustries.com"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.9.6
FF - prefs.js..extensions.enabledItems: {1519200d-6633-40c9-a9a1-d60d8d1d0479}:1.0.3
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_20 2_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgo ogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgt po3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.1 11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.1 11\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/10/20 12:33:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/22 18:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/04/19 14:47:57 | 000,000,000 | ---D | M]

[2011/08/19 11:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions
[2012/04/24 06:49:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Prof iles\ngf5q0q6.default\extensions
[2011/08/25 19:25:38 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Prof iles\ngf5q0q6.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/02/28 14:41:52 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Prof iles\ngf5q0q6.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/01/18 10:00:20 | 000,000,000 | ---D | M] (PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD)) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Prof iles\ngf5q0q6.default\extensions\facepad@lazyrussi an.com
[2010/09/02 01:09:41 | 000,005,529 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Prof iles\ngf5q0q6.default\searchplugins\SearchquWebSea rch.xml
[2012/02/22 18:47:22 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video&gt

-- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
File not found (No name found) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/21 08:23:21 | 000,145,352 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROF ILES\NGF5Q0Q6.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2012/04/24 06:49:02 | 000,082,245 | ---- | M] () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROF ILES\NGF5Q0Q6.DEFAULT\EXTENSIONS\TILETABS@DW-DEV.XPI

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:accepte dSuggestion}{google:originalQueryForSuggestion}{go ogle:searchFieldtrialParameter}sourceid=chrome&ie= {inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldt rialParameter}client=chrome&hl={language}&q={searc hTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\Applicat ion\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_233.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\5.11.0.9874_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgo ogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\user\AppData\Roaming\Mozilla\plugins\npgt po3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_0\
CHR - Extension: Voozy.tv = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\flnepcgaapadgbmfkmacafjiej jhbipm\1.0_0\
CHR - Extension: YouTube Downloader: MP3 / HD Video Download = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokfcbmfpgeajcgkaeigohghnk hjmcbj\13.0_0\
CHR - Extension: AVG Safe Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.1901_0\
CHR - Extension: Until AM = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakp nmegnk\0.203_0\
CHR - Extension: Pink Floyd - The Wall = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpkeomdjahkcjckfbhpdaflfmi ahnaaa\0.3_0\
CHR - Extension: Skype Click to Call = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfg npldfl\6.0.0.10297_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacok ifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_0\

dmavric · #4 July 5th, 2012, 03:58 PM

and here is part 2 - looks like there was too much data for it all to fit in one post -

O1 HOSTS File: ([2012/03/05 14:18:45 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.e xe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe (Schneider Electric)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FaxTalk Messenger Pro 8] C:\FaxTalk\FTClCtrl.exe (Thought Communications, Inc.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [WD Anywhere Backup] C:\Program Files (x86)\WD\WD Anywhere Backup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [cdloader] C:\Users\user\AppData\Roaming\mjusbsp\cdloader2.ex e (magicJack L.P.)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1000..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-623606949-1928459591-1333054469-1004..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVer sion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\polic ies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{5840BB8F-3691-45FD-BFA6-B301F999CBFF}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{E5789BFB-9986-4162-ADC9-4110024CB620}: DhcpNameServer = 209.121.225.11 209.91.107.11
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\WIA6EB~1\DATAMNGR\X64\IEBHO.DLL ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\E\Shell\phone\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========

[2012/07/05 04:09:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{998B5E72-6E79-4065-A983-1CB0378298D4}
[2012/07/05 04:09:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{224948F0-7B8C-4866-B5AB-54EDEBDD3571}
[2012/07/04 16:09:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FABCBC83-BDE4-4F6B-9B87-2E152FEDE592}
[2012/07/04 16:09:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C0482724-3616-4423-B90B-B695F7498A43}
[2012/07/04 04:08:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1A469499-B3FD-42BA-AEDE-BFA4D6092E03}
[2012/07/04 04:08:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{478621EF-1BD3-44E7-A935-C57B7E3E6D4C}
[2012/07/03 16:07:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{89D47FF5-E3AE-40FF-98D0-40E7302DFE4B}
[2012/07/03 16:07:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5436DF70-1B02-4462-B22E-F80CDC265659}
[2012/07/03 09:29:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes
[2012/07/03 09:29:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/03 09:29:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/03 09:29:50 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 09:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/03 08:52:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/07/03 08:52:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\HiJackThis
[2012/07/03 04:07:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1EFDCF9D-A511-48D0-8BC3-93821B778AE8}
[2012/07/03 04:07:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F13F8DCE-FAE8-4607-AE26-79D7155E38FB}
[2012/07/02 16:06:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{46091F9F-DFE0-43C0-BF74-18AE4D2957C0}
[2012/07/02 04:06:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1FAC5443-0DC1-481C-9A87-48062A296C31}
[2012/07/01 16:06:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{51A80A4A-AAE7-422B-B20A-67EB16621AAF}
[2012/07/01 04:05:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9720EE30-D86E-4E58-B2C1-F7C09B4A2B48}
[2012/06/30 16:05:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5B1928DC-AAAC-4E28-9140-E298E59D7D9C}
[2012/06/30 16:04:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E8994B82-F800-4C21-8ADD-A042B49C60B0}
[2012/06/30 04:04:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8A5153BE-61D9-4AE2-A8F6-819466340903}
[2012/06/30 04:04:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A0D2D259-D4AF-49C9-B4CD-ABDB4B3B3883}
[2012/06/29 16:03:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{404EBBA5-D17F-4A94-958B-60CFE883100E}
[2012/06/29 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A12A04CA-04A7-4AF7-987A-6709EB31B0F5}
[2012/06/29 04:03:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6A9918A1-AFA9-4F79-83D8-11B32572C087}
[2012/06/29 04:03:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{83A0FD17-1540-48EA-B0B4-092CA1870D26}
[2012/06/28 16:03:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{78A362E3-83EB-46E1-AE08-88FF0BFA9CD0}
[2012/06/28 16:02:56 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E0166FCD-DEE1-4F56-8ADC-F60C38662743}
[2012/06/28 04:02:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9CD73816-5612-44B7-B906-8C1C2E82AA55}
[2012/06/28 04:02:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7491F923-6583-4B95-B57C-885D2CFFDC44}
[2012/06/27 16:01:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7C80CBA8-D6B8-4DF2-889B-564C01F6341B}
[2012/06/27 16:01:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E079C599-5F59-4245-A34C-61D5157CAA54}
[2012/06/27 13:45:07 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/06/27 13:45:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/06/27 13:45:07 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/06/27 07:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/27 07:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/27 07:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/27 07:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/27 04:01:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B7358099-C6C6-4111-95BD-2E2EAB196137}
[2012/06/27 04:01:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{341FEA2F-FA71-422C-967C-2C686AFEED66}
[2012/06/26 16:00:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{136C355B-5B75-4E58-B9DB-E5535A834E5D}
[2012/06/26 16:00:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{80D33E30-19C4-4B37-8BB7-1D6EF1398875}
[2012/06/26 04:00:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4A27F7D7-C1AD-4FBC-8C26-4F80692E3971}
[2012/06/26 03:59:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{ED0C1E5C-308B-4839-99CE-FF8EF66387B9}
[2012/06/25 15:59:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{14958C97-EDFB-40DF-BCAC-552C98798D42}
[2012/06/25 15:59:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4AB9FDF3-55DA-4D5B-AD02-9901EE67C692}
[2012/06/25 03:59:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{764CBB89-079C-4014-B0CA-15A4AAB1FBA6}
[2012/06/25 03:58:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DE041D61-4E7A-472E-B287-018A8CB3259B}
[2012/06/24 15:58:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{36183FE0-8E24-4045-B754-7BAC406C80B5}
[2012/06/24 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{425A6AB1-3F1C-4578-8B3B-933F2AC93CCC}
[2012/06/24 03:58:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{384B707B-DB2C-434D-9F5F-6B728DA12066}
[2012/06/24 03:57:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DCD7105F-1F93-4874-9181-5B6FAA841526}
[2012/06/23 15:57:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{83C1160B-AA24-483A-912D-31749CEDDDC0}
[2012/06/23 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{169070DB-4767-4D2A-8FB8-34FB8210307F}
[2012/06/23 03:57:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1F088E73-9D53-4C59-9AB3-65A45F7EC93A}
[2012/06/23 03:57:07 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{83038D13-B234-4137-89DB-C882812169C1}
[2012/06/22 15:56:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{879CC61E-4787-4E3B-B0E8-B73EC61F045D}
[2012/06/22 15:56:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{AF7F816F-4257-425D-A2DD-35009E0A1698}
[2012/06/22 03:56:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C2E054B6-A078-4A75-93A3-3BDC11D89840}
[2012/06/22 03:56:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{EA56DF63-A1EB-4949-8DF1-A7CA38DC7910}
[2012/06/21 15:56:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{98AB920D-C490-42E2-A6A6-165F7EEB7BC1}
[2012/06/21 15:55:57 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{A06DEA5A-A273-4604-ABCC-37F55F114B77}
[2012/06/21 03:55:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2D3AD948-1629-4A9F-AEDB-57EA14845369}
[2012/06/20 21:21:08 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/20 21:21:08 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/20 21:21:07 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/20 21:20:59 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/20 21:20:59 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/20 21:20:59 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/20 21:20:50 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/20 21:20:50 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/20 15:55:20 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{F62DE5CA-AC10-4702-A3EF-E88A6A4A3BD3}
[2012/06/20 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5FB7036F-582E-405B-A242-17DF71AF7E61}
[2012/06/19 23:54:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6420FB78-FD7B-4AC8-8DBE-15FFA35CE020}
[2012/06/19 23:54:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DA79C1AA-0B81-48FF-B033-3C6982E4D430}
[2012/06/19 11:54:35 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{464671D3-79B5-4A53-B186-24749959518B}
[2012/06/19 11:54:23 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{881E1868-A5F7-4B3F-80FF-5249A12E178A}
[2012/06/18 23:53:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8F38BBC0-E9FC-4C34-B729-B073B61A22C0}
[2012/06/18 23:53:42 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{468209A7-80F6-4C83-AD59-A3B1DCE9E644}
[2012/06/18 11:53:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DFFDF50B-138E-4EEB-BB57-1406F3A2030A}
[2012/06/17 11:52:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{158B5214-773C-478E-9D03-CCF1263FFEB2}
[2012/06/17 00:21:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C3D6B962-75BC-467B-9B0B-41434CE4D044}
[2012/06/16 12:20:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E51ED5D4-47ED-462E-99E1-83B09813921A}
[2012/06/16 00:20:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DEFB9890-8EB0-4D41-8791-CBC953E4DB23}
[2012/06/15 12:20:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B0982566-3B61-40E2-8C09-78ED789D8B27}
[2012/06/15 00:20:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5FD1163B-7AF0-4C8B-970C-8CF3567A90BF}
[2012/06/14 12:20:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{E3E1059F-0AC1-4DB3-A1AC-815904734651}
[2012/06/14 12:19:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DA74F496-8BA9-4616-85D2-B0768B028D97}
[2012/06/14 00:19:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{313EAD5D-8D81-4F82-9394-6E5B7EA53155}
[2012/06/14 00:19:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4D187F11-A101-4782-BF0D-E41C8FB97419}
[2012/06/13 21:22:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 21:22:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 21:22:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 21:22:53 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 21:22:52 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 21:22:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 21:22:51 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 21:22:51 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 21:22:50 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 21:22:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 21:22:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 21:22:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 21:22:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 21:22:21 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 21:22:20 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 21:22:20 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 21:22:19 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/06/13 21:22:19 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/06/13 21:22:18 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 21:22:17 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 21:22:16 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 21:22:13 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 21:22:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 21:21:52 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 12:18:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7F53A2A2-CC30-41C3-A24C-6FAEC1D6F069}
[2012/06/13 12:18:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8CC48DF2-5B9B-4328-B88B-581310B2A307}
[2012/06/13 00:18:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2EF598F3-A71C-426C-91F4-8AEBF15C6871}
[2012/06/13 00:18:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{731D2CB7-0F33-49F7-9224-9B8A6A02E47C}
[2012/06/12 16:04:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
[2012/06/12 12:17:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{40E67643-7639-44CE-9F00-1B7124FCA2E0}
[2012/06/12 12:17:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{077B939A-2E75-4653-8328-8B6E92D258BA}
[2012/06/12 00:17:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{04D4FB9D-2E5B-40E2-B707-7C59571F498E}
[2012/06/12 00:17:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{5A1CB52C-4411-4C8E-B06F-F17FD739775C}
[2012/06/11 12:16:36 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D2C061E7-8225-451C-B5E5-041FF0DD54AE}
[2012/06/11 12:16:25 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FD428F5D-F963-4785-9534-597805676B58}
[2012/06/11 11:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2012/06/11 11:53:27 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2012/06/11 00:16:00 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{846BC267-EA50-4429-91A5-83D9CFFEB48B}
[2012/06/10 12:15:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{9EBEF4A9-A3D4-41AE-9527-A926CB177F00}
[2012/06/10 00:15:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{18019BD0-A10F-4B95-A712-7E78FA6C98BB}
[2012/06/10 00:15:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{6F30FD89-FC2A-4988-B16E-3489B6CCE45C}
[2012/06/09 12:14:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B82674A6-F577-4F4C-A34E-0877E5797C25}
[2012/06/09 12:14:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{98916607-E986-4D4E-ADA7-81C3F38337CF}
[2012/06/09 00:14:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{C4A2DF61-5564-4A3C-AB88-81BA21BB8507}
[2012/06/09 00:14:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D72124C9-C7BE-420F-9B67-3EDB91FC502E}
[2012/06/08 12:13:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{AB5D6B74-B1A0-4F1D-B13B-1C53B66C087E}
[2012/06/08 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B6A17B19-C254-4CAF-9C64-238D0E5757EC}
[2012/06/08 00:13:29 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{D9B4E652-15D1-4FEE-9062-76786C345380}
[2012/06/08 00:13:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{7715509A-C3AC-4232-A933-D7751735CCBB}
[2012/06/07 12:12:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{3004943D-5BAC-4F66-80AA-21A3E32FF39E}
[2012/06/07 12:12:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{1F1750E7-50E3-44A9-9E55-DB654C0EE534}
[2012/06/07 00:12:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2479D2D1-289D-43D1-A008-570100F34563}
[2012/06/07 00:12:04 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{4927D494-441B-4A1A-8FC3-393DE511F370}
[2012/06/06 17:30:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2012/06/06 17:27:33 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Audacity
[2012/06/06 12:11:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{B4D72007-B439-4638-AC10-7A9D4576AF28}
[2012/06/06 12:11:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DFB2BF09-9954-47DB-9778-0F9578F378D8}
[2012/06/06 00:11:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{FF39BCF7-7D9F-4AC8-A990-69CEBAEBB034}
[2012/06/06 00:11:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{10657B2D-9BAF-4AB7-9DBB-A995D25FF014}
[2012/06/05 12:10:52 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{2A08C77E-BDF2-4350-89FC-F1882631100B}
[2012/06/05 12:10:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8757263C-99D8-45C7-A55D-C06833580CD7}
[2012/03/03 09:02:56 | 000,019,832 | ---- | C] (Schneider Electric) -- C:\Users\user\zh_res.dll
[2011/10/22 10:30:27 | 013,923,704 | ---- | C] (Schneider Electric) -- C:\Users\user\PCPE Setup.exe
[2011/10/22 10:30:27 | 001,079,808 | ---- | C] (Microsoft Corporation) -- C:\Users\user\mfc80u.dll
[2011/10/22 10:30:27 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\user\msvcr80.dll
[2011/10/22 10:30:27 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\user\grm_res.dll
[2011/10/22 10:30:27 | 000,021,880 | ---- | C] (Schneider Electric) -- C:\Users\user\fr_res.dll
[2011/10/22 10:30:27 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\user\pt_res.dll
[2011/10/22 10:30:27 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\user\it_res.dll
[2011/10/22 10:30:27 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\user\es_res.dll
[2011/10/22 10:30:27 | 000,021,368 | ---- | C] (Schneider Electric) -- C:\Users\user\en_res.dll
[2011/10/22 10:30:27 | 000,020,856 | ---- | C] (Schneider Electric) -- C:\Users\user\ru_res.dll
[2011/10/22 10:30:27 | 000,020,344 | ---- | C] (Schneider Electric) -- C:\Users\user\jp_res.dll
[2011/02/24 19:20:34 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\hostfile.exe
[2010/11/29 15:11:29 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\user\AppData\Roaming\pcouffin.sys
[2009/07/13 13:46:42 | 001,169,224 | ---- | C] (Microsoft Corporation) -- C:\Users\user\AppData\Roaming\Cadenza.exe

========== Files - Modified Within 30 Days ==========

[2012/07/05 07:48:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-623606949-1928459591-1333054469-1000UA.job
[2012/07/05 07:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/05 07:14:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/05 04:59:31 | 101,140,075 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/05 02:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 01:00:23 | 000,000,372 | -H-- | M] () -- C:\Windows\tasks\MKH Industries Ltd 2010 1289885724.job
[2012/07/04 11:48:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-623606949-1928459591-1333054469-1000Core.job
[2012/07/04 04:59:24 | 000,289,542 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/03 21:34:52 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 21:34:52 | 000,015,376 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/03 20:39:35 | 000,000,989 | ---- | M] () -- C:\Users\user\Desktop\magicJack.lnk
[2012/07/03 20:37:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/03 20:36:50 | 535,658,495 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/03 09:29:52 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 08:52:54 | 000,002,971 | ---- | M] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2012/06/30 21:53:03 | 000,002,393 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
[2012/06/29 17:24:39 | 005,140,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/29 12:58:24 | 000,731,852 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/29 12:58:24 | 000,627,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/29 12:58:24 | 000,107,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/29 12:02:15 | 000,032,538 | ---- | M] () -- C:\Users\user\Documents\cc_20120629_120203.reg
[2012/06/27 07:52:49 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/12 16:04:11 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\WD Link.lnk

========== Files Created - No Company Name ==========

[2012/07/03 09:29:52 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/03 08:52:54 | 000,002,971 | ---- | C] () -- C:\Users\user\Desktop\HiJackThis.lnk
[2012/06/29 17:23:52 | 005,140,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/29 12:02:05 | 000,032,538 | ---- | C] () -- C:\Users\user\Documents\cc_20120629_120203.reg
[2012/06/27 07:52:49 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/12 16:04:11 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\WD Link.lnk
[2012/02/28 15:12:02 | 000,081,767 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/11/03 07:38:28 | 000,072,192 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011/10/29 21:11:56 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/29 21:11:56 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/28 10:15:06 | 000,228,480 | ---- | C] () -- C:\Windows\hpwins23.dat.temp
[2011/10/22 10:30:28 | 013,338,112 | ---- | C] () -- C:\Users\user\PCPE_3.0.1.msi
[2011/10/22 10:30:27 | 000,018,808 | ---- | C] () -- C:\Users\user\ResourceReader.dll
[2011/10/15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/08/31 13:58:20 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat.temp
[2011/08/18 21:13:01 | 008,536,064 | ---- | C] () -- C:\Users\user\s-1-5-21-623606949-1928459591-1333054469-1000.rrr
[2011/07/06 16:32:24 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32. bc
[2011/04/16 10:39:44 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/16 10:39:43 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/02/26 00:52:39 | 000,022,016 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/18 01:47:40 | 000,007,665 | ---- | C] () -- C:\Users\user\AppData\Local\Resmon.ResmonCfg
[2011/01/11 14:21:10 | 000,001,057 | ---- | C] () -- C:\Users\user\AppData\Roaming\vso_ts_preview.xml
[2011/01/08 16:47:46 | 000,557,056 | R--- | C] () -- C:\Windows\SysWow64\libavcodecX.dll
[2011/01/08 16:47:46 | 000,099,328 | R--- | C] () -- C:\Windows\SysWow64\realaacX.dll
[2010/12/27 14:13:16 | 000,781,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/19 12:02:47 | 001,208,320 | ---- | C] () -- C:\Windows\SysWow64\cygxml2-2.dll
[2010/12/19 12:02:47 | 000,980,992 | ---- | C] () -- C:\Windows\SysWow64\cygiconv-2.dll
[2010/12/19 12:02:47 | 000,328,978 | ---- | C] () -- C:\Windows\SysWow64\dvda.exe
[2010/12/19 12:02:47 | 000,062,464 | ---- | C] () -- C:\Windows\SysWow64\cygz.dll
[2010/12/19 12:02:17 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/12/18 14:30:25 | 002,255,360 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010/12/18 14:30:25 | 000,395,776 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010/12/18 14:30:25 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010/12/18 14:30:25 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010/11/29 15:11:29 | 000,099,384 | ---- | C] () -- C:\Users\user\AppData\Roaming\inst.exe
[2010/11/29 15:11:29 | 000,007,859 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.cat
[2010/11/29 15:11:29 | 000,001,167 | ---- | C] () -- C:\Users\user\AppData\Roaming\pcouffin.inf
[2010/11/20 11:19:33 | 006,918,144 | ---- | C] () -- C:\Users\user\PCPE_3.0.msi
[2010/11/13 23:37:26 | 000,000,020 | ---- | C] () -- C:\Windows\YaxFTBg.dat
[2010/11/13 12:10:52 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2010/11/12 21:10:54 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/08/07 05:18:24 | 003,265,024 | ---- | C] () -- C:\Windows\es.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:FB1B13D8
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP

1B5B4F1

< End of report >

dmavric · #5 July 5th, 2012, 04:05 PM

Perhaps this is the second file you were talking about - hidden in my task bar.....

OTL Extras logfile created on: 7/5/2012 7:36:54 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 49.79% Memory free
12.00 Gb Paging File | 6.91 Gb Available in Paging File | 57.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 468.44 Gb Free Space | 50.29% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1260.36 Gb Free Space | 67.65% Space Free | Partition Type: NTFS

Computer Name: DARIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0717C4D4-9029-4929-B81D-99F9A83ABDAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CDED170-F794-4015-B54E-A0AFC67147FF}" = lport=1647 | protocol=6 | dir=in | name=mionet storage device configuration |
"{13B7F86C-822A-469C-9483-00296A58AF5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13D288DE-F886-4E08-8E67-4EA4A4C1AD4F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{15A97E94-CFCF-446C-9E68-A2185C190C41}" = lport=445 | protocol=6 | dir=in | app=system |
"{16897EA6-2E73-4B08-ABA7-EBCD3A6A9FCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{184F4FE7-70CF-4EFA-A9FE-5DEBB90B920F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{18792950-7A9A-431E-9255-22E03FAB843F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{196AE1A8-D3DD-42DD-B0DF-9A317AA67C27}" = lport=1705 | protocol=6 | dir=in | name=mionet remote drive access 5 |
"{251B52C6-CB57-467A-9B39-D0051ACF5C95}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A58DAFA-4997-4B4A-8A22-58C46763AB48}" = rport=138 | protocol=17 | dir=out | app=system |
"{2AFA3ECB-BA2F-456B-B732-6153EE90171A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{31806CEC-805F-4C81-9E00-740FF36BFA8C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3385674E-FF31-4B4E-AC29-457044FDC513}" = rport=139 | protocol=6 | dir=out | app=system |
"{342639E6-6A61-4410-846C-7DF63E6BDBF5}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
"{34CB9C7C-90DB-4AFC-850C-DCDCC2B02992}" = lport=1641 | protocol=6 | dir=in | name=mionet remote drive verification |
"{36EE5A1A-1A3E-4B01-8C85-C74D15F38101}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BC26867-4830-4464-BF1E-90A4775234DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CCD1EDE-91B1-4D82-A6BD-CD1552B9A1AE}" = lport=3389 | protocol=6 | dir=in | app=system |
"{42630BD0-88A5-488A-B9B7-C3FA6761FC9F}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{4A9022EE-4255-43F3-8FE0-12458527937A}" = lport=1702 | protocol=6 | dir=in | name=mionet remote drive access 2 |
"{53306386-3EA8-48BA-9318-BCEC9A987DE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C24E086-D537-48E9-8BC9-7BCEEF33A47A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6346B721-D251-442D-99E8-771937F0884A}" = lport=1700 | protocol=6 | dir=in | name=mionet remote drive access 0 |
"{6893C415-8273-4115-BF13-423472D79BA6}" = rport=445 | protocol=6 | dir=out | app=system |
"{68C2665E-FF51-49B3-A0F9-A4DBA8E7E2FB}" = lport=1706 | protocol=6 | dir=in | name=mionet remote drive access 6 |
"{698324B4-3C3D-4D9D-B381-5E0D470F1D1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71435595-398A-4EFC-9CAD-BF519209216D}" = lport=1701 | protocol=6 | dir=in | name=mionet remote drive access 1 |
"{7641F2B2-1CC3-4225-A5B2-60B172A42594}" = lport=1704 | protocol=6 | dir=in | name=mionet remote drive access 4 |
"{7859ADE9-9236-4999-96D7-A3B12535F490}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7906075F-03A5-4C32-A206-60FD4240BDE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C5CF22A-98C0-4E94-98B9-49AA53EA24E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80FD7F52-5242-4DA6-AF26-97CB64557E20}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{89192FB1-2A79-4560-9E1C-04AD90FD7071}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9F047AC4-9E61-4143-A39F-E495A192CAA3}" = lport=1703 | protocol=6 | dir=in | name=mionet remote drive access 3 |
"{B3C67887-749E-4978-A3E0-EB28A67E33F1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{BB8547AA-9898-4853-A8F9-F956B0172A0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD5EBBD5-D6C6-46AB-9CBB-CBA74688DC05}" = lport=1708 | protocol=6 | dir=in | name=mionet remote drive access 8 |
"{BDD62437-EA2F-4988-B0F2-B857891F5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C694AC15-E553-4B18-AB8D-C5F617382901}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD073203-EF02-4448-B429-62230B820A4D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC818480-E7BA-43D5-9386-F2A91648F13E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D83581-9E97-4B50-A372-DA0438BD0DD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBA934E9-0089-479B-8822-8029892812CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC23F1EB-6354-4CCB-8694-4D8D0F9A0E0C}" = lport=5432 | protocol=17 | dir=in | name=mionet storage device discovery |
"{EEC95803-D698-4C9C-BBC9-331955F60F39}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{EED2288F-786B-46CF-8115-8DBF607DD228}" = lport=1709 | protocol=6 | dir=in | name=mionet remote drive access 9 |
"{EFDEC92E-A310-4622-938C-BCB5E3EE723D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1429296-DB92-48FE-A37B-5C15F22FC368}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1C5B34D-87B2-444B-8D66-D325ECFBD076}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F74AEAF3-5CBB-43EC-ADC2-D607F9E91CCF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\wi ndows communication foundation\smsvchost.exe |
"{F955EE02-749F-4A9C-896F-7730D89C0006}" = lport=1707 | protocol=6 | dir=in | name=mionet remote drive access 7 |
"{F98F3A57-9D02-484E-9266-A77505C20348}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{05E9A8AC-0310-41A8-BCBF-790BC3CEC6FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{07FED767-40C5-443D-95F0-A57B7D4115F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B2C7DC2-BECA-45E5-88DC-603560BDDA9F}" = dir=in | app=d:\setup\hpznui40.exe |
"{0DF4619E-9DDA-48AB-AB4B-54EE9B103E44}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10509640-0817-40B8-B49F-ACDB6B57B2FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11221978-0090-46D3-8D31-4C9723D22F6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A72E913-39DB-47ED-9072-5B50A3FB3B81}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{21AA772F-1325-4B7E-93A6-347A0A3B17CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgwdsvc.exe |
"{23E68F6B-6313-4524-87C7-DAC497C5ED16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28807501-2478-458A-98FC-3852FEFCBF9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D671A10-8524-4BD6-8FDD-912C354BFBC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2DAE747E-C402-48E1-BC13-AF53F8E636FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{2F104981-116F-466D-934D-A74935284905}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{32C5F22F-1C49-4CD1-A9C2-C66BCAC90255}" = protocol=6 | dir=in | app=c:\faxtalk\ftmsgsvc.exe |
"{3366D5E0-A9B5-4CA6-8779-34E8F516E629}" = protocol=17 | dir=in | app=c:\faxtalk\ftmsgsvc.exe |
"{3C3A42FD-F737-4A68-8704-BF332C7A83F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgwdsvc.exe |
"{42F9E16C-9C92-46EC-92E9-A409B5567B6F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4356FC74-2FF3-4DA9-B598-3BA31233C50E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{51135789-2908-4678-A5BC-97B64C40DD49}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{548E5D63-378B-45F3-816A-DDB78E04E15A}" = protocol=6 | dir=in | app=c:\faxtalk\ftclctrl.exe |
"{56ACDD4E-5F26-47AF-AD8E-666FDEF69F7C}" = protocol=6 | dir=in | app=c:\faxtalk\fapiexe.exe |
"{5AAB390D-3660-4F2F-8D4C-FE833D708A98}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D670E18-0C5E-402A-95B9-E5BD09AB2BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6D944D61-9E2E-4AFF-9B5D-B82BA75E5F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74A4A014-6EED-4E61-8328-D897032CC0B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B54178D-5F7E-4C72-B761-F4B1FE8D5D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81EEA29B-9E02-4878-8F36-98049046AFFE}" = protocol=17 | dir=in | app=c:\faxtalk\ftclctrl.exe |
"{855F9823-80F6-48F0-A37C-546BECA37917}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{8C59A261-6CD9-4F72-AB85-077419F9CD64}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8E683000-5012-4468-B438-A47525FC397A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9198E2CF-81F1-4D01-A223-84B308F7F274}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B112BFDE-0C9D-4C0B-9C04-CF9ED3404E30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B37A5B69-F6DE-4596-84D8-739E8C13E6D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{B4C265CC-2033-46C7-9720-51CB405BF4DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B7830789-4FCC-4E68-8C15-10F0D6E1C80D}" = protocol=6 | dir=out | app=system |
"{BC2EB032-57B9-4364-B0DA-B66E6F2DDC50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCAF964D-548E-48CE-9763-262C9E0BD7AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{BE6338A0-DD71-44C7-B22B-C94B44A9AD8D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C320524F-9BB5-43DD-A7DE-E364B5108C67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9B3478F-6B9F-4448-886A-A217C38F8B05}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CA8FD4B3-3913-4B96-A817-8809D568696B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{CAF1063C-C0F4-49E1-A2CF-386FA9043A08}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CB28AEB9-FB51-4D50-8047-355D0B710A22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D246CC01-5434-4A4C-A7B7-F90EC011275B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6B1338D-5C18-48C7-AFAE-43DEB098AFAB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D743BD06-67C8-4D12-96AC-3DBC4B2F63A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{D8BDB7C1-4F8A-4F52-8966-F1A2B3B68DD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE50ABA5-4FE6-4769-977D-0300AAD11C29}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E3A7AEBC-6171-4D30-AF6F-48E66FB881EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E65D3A48-F03A-46CC-B76A-CFB3BE2DF1AB}" = protocol=17 | dir=in | app=c:\faxtalk\fapiexe.exe |
"{F9455471-1401-469B-9D56-F7839B82E150}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FDC6901E-BA2E-4D42-8EBB-056F02A9AAED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{164340CB-521C-47DB-8014-E86B8E7C77CB}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{59794051-9057-443F-A211-CB493EDA4990}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{9D425DBF-CC51-4100-9234-DA000414D1F2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{A9E40728-831B-44AC-8BB0-8B1CFB10FD15}C:\users\user\appdata\roaming\mjusbsp \magicjack.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjac k.exe |
"TCP Query User{FDFE3EB3-06AF-4CD1-8B5D-BD2E18157F91}C:\program files (x86)\icamsource\icamsource.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icamsource\icamsource.exe |
"UDP Query User{8D40AF30-396F-473C-B546-0ADA911B3228}C:\users\user\appdata\roaming\mjusbsp \magicjack.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjac k.exe |
"UDP Query User{961B82C4-8302-4554-A7CF-FC026D1CA181}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{9BFB53FD-93B5-4931-AF8E-FA8615B97325}C:\program files (x86)\icamsource\icamsource.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icamsource\icamsource.exe |
"UDP Query User{A08304B3-9F26-4A06-808F-BF29B4BFE528}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{E38A7914-D5D2-4666-B49D-C00EAE1AB668}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}" = WD SmartWare
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"AutoCAD 2010 - English Version 3" = AutoCAD 2010 - English Version 3
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BE321C4-6E17-4ECD-A6CB-3EF73791BE87}" = Decoder
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2677A170-EF83-40B9-BD72-37B343715F6E}" = MAGIX Video Pro X2 Download Version
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5B56FED7-B4F7-4530-9259-BF9BE5034FB3}" = FaxTalk Messenger Pro 8
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{99341ACA-2A86-4235-A636-02A2A9820987}" = WD Discovery Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1E7DA23-DAEF-40A0-94FC-8D11B787CCA1}" = QuickBooks Pro 2010
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B6143A6F-A2EB-4CA1-A30A-26E783CF8F82}" = Garmin TOPO Canada v4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAC8BC63-FBD5-44EA-B8D4-501F06DA1E8C}" = iCamSource
"{C09F1573-6262-47F2-8B90-5B2290A58B12}" = MAGIX Speed 2 (MSI)
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24C3478-BE8D-4F0D-B3D0-FFAADA42FC01}" = MAGIX Screenshare
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEE3BBB8-92B2-4789-90F3-9A549F7CF3FA}" = MAGIX 3D Maker (embedded MSI)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2
"BlueSprig_JetClean_is1" = JetClean
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"Cucusoft MPEG to DVD Author_is1" = Cucusoft MPEG to DVD Author 1.09
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"Electric Sheep" = Electric Sheep 2.7b28
"ExpressBurn" = Express Burn Disc Burning Software
"ffdshow" = ffdshow (remove only)
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Logitech Vid" = Logitech Vid HD
"MAGIX_MSI_Videodeluxe16_pro" = MAGIX Video Pro X2 Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MJPEG Processor" = MJPEG Processor (remove only)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Prism" = Prism Video File Converter
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RER Video Converter_is1" = RER Video Converter
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
"WD Link" = WD Link
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-623606949-1928459591-1333054469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2012 12:07:31 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in " ": DB error -739 ErrorMessage:'DBLib
not initialized: error -73

Error - 6/28/2012 12:36:58 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: ApplePhotoStreams.exe, version: 7.2.5.1,
time stamp: 0x4f3a19cc Faulting module name: MSVCR80.dll, version: 8.0.50727.6195,
time stamp: 0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x0001500a Faulting
process id: 0x1654 Faulting application start time: 0x01cd554c3488abfa Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR 80.dll
Report
Id: 79ee41c2-c13f-11e1-9ee9-6cf049576846

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/29/2012 5:47:09 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
stamp: 0x4a5bd018 Faulting module name: wmp.dll, version: 12.0.7601.17514, time
stamp: 0x4ce7ca81 Exception code: 0xc0000005 Fault offset: 0x00000000004af490 Faulting
process id: 0x1fcc Faulting application start time: 0x01cd563e99500641 Faulting application
path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: f97ba64d-c233-11e1-9ee9-6cf049576846

Error - 7/3/2012 2:37:54 PM | Computer Name = Dario | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.60.0.80 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 20d4 Start Time:
01cd59391ccf9cf1 Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: 2e60885a-c53e-11e1-8257-6cf049576846

Error - 7/4/2012 12:26:15 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: iCamSource.exe, version: 0.0.0.0, time
stamp: 0x4e8e382a Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time
stamp: 0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0006ccd5 Faulting process
id: 0x1a78 Faulting application start time: 0x01cd59ff2feb8b42 Faulting application
path: C:\Program Files (x86)\iCamSource\iCamSource.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a 1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR 90.dll
Report
Id: f98711c7-c5f4-11e1-b932-6cf049576846

Error - 7/4/2012 12:36:40 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: iCamSource.exe, version: 0.0.0.0, time
stamp: 0x4e8e382a Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time
stamp: 0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0006ccd5 Faulting process
id: 0x2328 Faulting application start time: 0x01cd5a02ae09193d Faulting application
path: C:\Program Files (x86)\iCamSource\iCamSource.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a 1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR 90.dll
Report
Id: 6dbf6ae7-c5f6-11e1-b932-6cf049576846

Error - 7/5/2012 10:36:26 AM | Computer Name = Dario | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.53.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1940 Start Time:
01cd5ab9e338fe5f Termination Time: 3 Application Path: C:\Users\user\Downloads\OTL.exe

Report
Id: c724019b-c6ae-11e1-b932-6cf049576846

[ Media Center Events ]
Error - 11/24/2011 9:03:35 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 5:03:29 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 11/24/2011 10:09:41 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 6:09:40 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 11/24/2011 11:15:50 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 7:15:50 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 12/16/2011 8:01:58 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 4:01:58 AM - Error connecting to the internet. 4:01:58 AM - Unable
to contact server..

Error - 12/16/2011 9:08:13 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 5:08:13 AM - Error connecting to the internet. 5:08:13 AM - Unable
to contact server..

Error - 12/16/2011 10:14:30 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 6:14:30 AM - Error connecting to the internet. 6:14:30 AM - Unable
to contact server..

Error - 2/4/2012 7:39:42 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 3:39:42 AM - Error connecting to the internet. 3:39:42 AM - Unable
to contact server..

Error - 2/4/2012 8:39:47 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 4:39:47 AM - Error connecting to the internet. 4:39:47 AM - Unable
to contact server..

Error - 2/4/2012 9:39:52 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 5:39:52 AM - Error connecting to the internet. 5:39:52 AM - Unable
to contact server..

Error - 2/4/2012 10:39:57 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 6:39:57 AM - Error connecting to the internet. 6:39:57 AM - Unable
to contact server..

[ System Events ]
Error - 7/2/2012 10:15:45 PM | Computer Name = Dario | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/2/2012 10:16:07 PM | Computer Name = Dario | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on I: cannot be read.

Error - 7/3/2012 11:38:38 PM | Computer Name = Dario | Source = DCOM | ID = 10016
Description =

Error - 7/3/2012 11:44:57 PM | Computer Name = Dario | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/4/2012 2:23:54 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866338
Description =

Error - 7/4/2012 2:25:24 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:27 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:33 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:43 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:47 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

< End of report >

dmavric · #6 July 5th, 2012, 04:06 PM

Perhaps this is the second file you were talking about - hidden in my task bar.....

OTL Extras logfile created on: 7/5/2012 7:36:54 AM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\user\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 49.79% Memory free
12.00 Gb Paging File | 6.91 Gb Available in Paging File | 57.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 468.44 Gb Free Space | 50.29% Space Free | Partition Type: NTFS
Drive H: | 1862.98 Gb Total Space | 1260.36 Gb Free Space | 67.65% Space Free | Partition Type: NTFS

Computer Name: DARIO | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0717C4D4-9029-4929-B81D-99F9A83ABDAB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0CDED170-F794-4015-B54E-A0AFC67147FF}" = lport=1647 | protocol=6 | dir=in | name=mionet storage device configuration |
"{13B7F86C-822A-469C-9483-00296A58AF5E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13D288DE-F886-4E08-8E67-4EA4A4C1AD4F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{15A97E94-CFCF-446C-9E68-A2185C190C41}" = lport=445 | protocol=6 | dir=in | app=system |
"{16897EA6-2E73-4B08-ABA7-EBCD3A6A9FCA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{184F4FE7-70CF-4EFA-A9FE-5DEBB90B920F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{18792950-7A9A-431E-9255-22E03FAB843F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{196AE1A8-D3DD-42DD-B0DF-9A317AA67C27}" = lport=1705 | protocol=6 | dir=in | name=mionet remote drive access 5 |
"{251B52C6-CB57-467A-9B39-D0051ACF5C95}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A58DAFA-4997-4B4A-8A22-58C46763AB48}" = rport=138 | protocol=17 | dir=out | app=system |
"{2AFA3ECB-BA2F-456B-B732-6153EE90171A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{31806CEC-805F-4C81-9E00-740FF36BFA8C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3385674E-FF31-4B4E-AC29-457044FDC513}" = rport=139 | protocol=6 | dir=out | app=system |
"{342639E6-6A61-4410-846C-7DF63E6BDBF5}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) |
"{34CB9C7C-90DB-4AFC-850C-DCDCC2B02992}" = lport=1641 | protocol=6 | dir=in | name=mionet remote drive verification |
"{36EE5A1A-1A3E-4B01-8C85-C74D15F38101}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3BC26867-4830-4464-BF1E-90A4775234DB}" = lport=138 | protocol=17 | dir=in | app=system |
"{3CCD1EDE-91B1-4D82-A6BD-CD1552B9A1AE}" = lport=3389 | protocol=6 | dir=in | app=system |
"{42630BD0-88A5-488A-B9B7-C3FA6761FC9F}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) |
"{4A9022EE-4255-43F3-8FE0-12458527937A}" = lport=1702 | protocol=6 | dir=in | name=mionet remote drive access 2 |
"{53306386-3EA8-48BA-9318-BCEC9A987DE6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C24E086-D537-48E9-8BC9-7BCEEF33A47A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6346B721-D251-442D-99E8-771937F0884A}" = lport=1700 | protocol=6 | dir=in | name=mionet remote drive access 0 |
"{6893C415-8273-4115-BF13-423472D79BA6}" = rport=445 | protocol=6 | dir=out | app=system |
"{68C2665E-FF51-49B3-A0F9-A4DBA8E7E2FB}" = lport=1706 | protocol=6 | dir=in | name=mionet remote drive access 6 |
"{698324B4-3C3D-4D9D-B381-5E0D470F1D1E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{71435595-398A-4EFC-9CAD-BF519209216D}" = lport=1701 | protocol=6 | dir=in | name=mionet remote drive access 1 |
"{7641F2B2-1CC3-4225-A5B2-60B172A42594}" = lport=1704 | protocol=6 | dir=in | name=mionet remote drive access 4 |
"{7859ADE9-9236-4999-96D7-A3B12535F490}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7906075F-03A5-4C32-A206-60FD4240BDE4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7C5CF22A-98C0-4E94-98B9-49AA53EA24E6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{80FD7F52-5242-4DA6-AF26-97CB64557E20}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{89192FB1-2A79-4560-9E1C-04AD90FD7071}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9F047AC4-9E61-4143-A39F-E495A192CAA3}" = lport=1703 | protocol=6 | dir=in | name=mionet remote drive access 3 |
"{B3C67887-749E-4978-A3E0-EB28A67E33F1}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{BB8547AA-9898-4853-A8F9-F956B0172A0B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BD5EBBD5-D6C6-46AB-9CBB-CBA74688DC05}" = lport=1708 | protocol=6 | dir=in | name=mionet remote drive access 8 |
"{BDD62437-EA2F-4988-B0F2-B857891F5F96}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{C694AC15-E553-4B18-AB8D-C5F617382901}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD073203-EF02-4448-B429-62230B820A4D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DC818480-E7BA-43D5-9386-F2A91648F13E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D83581-9E97-4B50-A372-DA0438BD0DD5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EBA934E9-0089-479B-8822-8029892812CB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC23F1EB-6354-4CCB-8694-4D8D0F9A0E0C}" = lport=5432 | protocol=17 | dir=in | name=mionet storage device discovery |
"{EEC95803-D698-4C9C-BBC9-331955F60F39}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{EED2288F-786B-46CF-8115-8DBF607DD228}" = lport=1709 | protocol=6 | dir=in | name=mionet remote drive access 9 |
"{EFDEC92E-A310-4622-938C-BCB5E3EE723D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1429296-DB92-48FE-A37B-5C15F22FC368}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1C5B34D-87B2-444B-8D66-D325ECFBD076}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F74AEAF3-5CBB-43EC-ADC2-D607F9E91CCF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=%systemroot%\microsoft.net\framework64\v3.0\wi ndows communication foundation\smsvchost.exe |
"{F955EE02-749F-4A9C-896F-7730D89C0006}" = lport=1707 | protocol=6 | dir=in | name=mionet remote drive access 7 |
"{F98F3A57-9D02-484E-9266-A77505C20348}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{05E9A8AC-0310-41A8-BCBF-790BC3CEC6FE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{07FED767-40C5-443D-95F0-A57B7D4115F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0B2C7DC2-BECA-45E5-88DC-603560BDDA9F}" = dir=in | app=d:\setup\hpznui40.exe |
"{0DF4619E-9DDA-48AB-AB4B-54EE9B103E44}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10509640-0817-40B8-B49F-ACDB6B57B2FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{11221978-0090-46D3-8D31-4C9723D22F6F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{1A72E913-39DB-47ED-9072-5B50A3FB3B81}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{21AA772F-1325-4B7E-93A6-347A0A3B17CC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgwdsvc.exe |
"{23E68F6B-6313-4524-87C7-DAC497C5ED16}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28807501-2478-458A-98FC-3852FEFCBF9A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2D671A10-8524-4BD6-8FDD-912C354BFBC1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2DAE747E-C402-48E1-BC13-AF53F8E636FB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{2F104981-116F-466D-934D-A74935284905}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{32C5F22F-1C49-4CD1-A9C2-C66BCAC90255}" = protocol=6 | dir=in | app=c:\faxtalk\ftmsgsvc.exe |
"{3366D5E0-A9B5-4CA6-8779-34E8F516E629}" = protocol=17 | dir=in | app=c:\faxtalk\ftmsgsvc.exe |
"{3C3A42FD-F737-4A68-8704-BF332C7A83F5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgwdsvc.exe |
"{42F9E16C-9C92-46EC-92E9-A409B5567B6F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4356FC74-2FF3-4DA9-B598-3BA31233C50E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{51135789-2908-4678-A5BC-97B64C40DD49}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{548E5D63-378B-45F3-816A-DDB78E04E15A}" = protocol=6 | dir=in | app=c:\faxtalk\ftclctrl.exe |
"{56ACDD4E-5F26-47AF-AD8E-666FDEF69F7C}" = protocol=6 | dir=in | app=c:\faxtalk\fapiexe.exe |
"{5AAB390D-3660-4F2F-8D4C-FE833D708A98}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5D670E18-0C5E-402A-95B9-E5BD09AB2BFD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{6D944D61-9E2E-4AFF-9B5D-B82BA75E5F1F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{74A4A014-6EED-4E61-8328-D897032CC0B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7B54178D-5F7E-4C72-B761-F4B1FE8D5D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81EEA29B-9E02-4878-8F36-98049046AFFE}" = protocol=17 | dir=in | app=c:\faxtalk\ftclctrl.exe |
"{855F9823-80F6-48F0-A37C-546BECA37917}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{8C59A261-6CD9-4F72-AB85-077419F9CD64}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8E683000-5012-4468-B438-A47525FC397A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9198E2CF-81F1-4D01-A223-84B308F7F274}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B112BFDE-0C9D-4C0B-9C04-CF9ED3404E30}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B37A5B69-F6DE-4596-84D8-739E8C13E6D2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{B4C265CC-2033-46C7-9720-51CB405BF4DA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B7830789-4FCC-4E68-8C15-10F0D6E1C80D}" = protocol=6 | dir=out | app=system |
"{BC2EB032-57B9-4364-B0DA-B66E6F2DDC50}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BCAF964D-548E-48CE-9763-262C9E0BD7AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{BE6338A0-DD71-44C7-B22B-C94B44A9AD8D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C320524F-9BB5-43DD-A7DE-E364B5108C67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C9B3478F-6B9F-4448-886A-A217C38F8B05}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{CA8FD4B3-3913-4B96-A817-8809D568696B}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{CAF1063C-C0F4-49E1-A2CF-386FA9043A08}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{CB28AEB9-FB51-4D50-8047-355D0B710A22}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D246CC01-5434-4A4C-A7B7-F90EC011275B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D6B1338D-5C18-48C7-AFAE-43DEB098AFAB}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D743BD06-67C8-4D12-96AC-3DBC4B2F63A1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{D8BDB7C1-4F8A-4F52-8966-F1A2B3B68DD5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE50ABA5-4FE6-4769-977D-0300AAD11C29}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{E3A7AEBC-6171-4D30-AF6F-48E66FB881EA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E65D3A48-F03A-46CC-B76A-CFB3BE2DF1AB}" = protocol=17 | dir=in | app=c:\faxtalk\fapiexe.exe |
"{F9455471-1401-469B-9D56-F7839B82E150}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{FDC6901E-BA2E-4D42-8EBB-056F02A9AAED}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"TCP Query User{164340CB-521C-47DB-8014-E86B8E7C77CB}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |
"TCP Query User{59794051-9057-443F-A211-CB493EDA4990}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"TCP Query User{9D425DBF-CC51-4100-9234-DA000414D1F2}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{A9E40728-831B-44AC-8BB0-8B1CFB10FD15}C:\users\user\appdata\roaming\mjusbsp \magicjack.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjac k.exe |
"TCP Query User{FDFE3EB3-06AF-4CD1-8B5D-BD2E18157F91}C:\program files (x86)\icamsource\icamsource.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icamsource\icamsource.exe |
"UDP Query User{8D40AF30-396F-473C-B546-0ADA911B3228}C:\users\user\appdata\roaming\mjusbsp \magicjack.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\mjusbsp\magicjac k.exe |
"UDP Query User{961B82C4-8302-4554-A7CF-FC026D1CA181}C:\program files (x86)\logitech\vid hd\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"UDP Query User{9BFB53FD-93B5-4931-AF8E-FA8615B97325}C:\program files (x86)\icamsource\icamsource.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icamsource\icamsource.exe |
"UDP Query User{A08304B3-9F26-4A06-808F-BF29B4BFE528}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{E38A7914-D5D2-4666-B49D-C00EAE1AB668}C:\program files (x86)\western digital\wd discovery software\wd discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\western digital\wd discovery software\wd discovery.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{49B1B217-27B1-42D8-A0A5-7ED0CD0D9508}" = WD SmartWare
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-8001-0409-0102-0060B0CE6BBA}" = AutoCAD 2010 - English
"{5783F2D7-8001-0409-1102-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - English
"{5783F2D7-A001-0409-0102-0060B0CE6BBA}" = AutoCAD 2012 - English
"{5783F2D7-A001-0409-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7A92C561-A1D5-11E0-92E1-0013D3D69929}" = Vegas Pro 10.0 (64-bit)
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8219EDCB-CE5A-4348-B056-AAC0FE4E99D0}" = Microsoft IntelliType Pro 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{E552C39C-C70E-464F-9733-8311331BDD90}" = Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012
"{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012
"{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AutoCAD 2010 - English" = AutoCAD 2010 - English
"AutoCAD 2010 - English Version 3" = AutoCAD 2010 - English Version 3
"AutoCAD 2012 - English" = AutoCAD 2012 - English
"Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012
"Autodesk Inventor Fusion plug-in for AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.2" = Microsoft IntelliType Pro 8.2
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07A8ED9E-B98E-437F-B750-241B412BE924}" = Garmin USB Drivers
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Autodesk Content Service
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11D08055-939C-432b-98C3-E072478A0CD7}" = PSE10 STI Installer
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BE321C4-6E17-4ECD-A6CB-3EF73791BE87}" = Decoder
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22D3A614-482C-444A-932C-9DA1B8ECDFD2}" = Elements 10 Organizer
"{2677A170-EF83-40B9-BD72-37B343715F6E}" = MAGIX Video Pro X2 Download Version
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{5B56FED7-B4F7-4530-9259-BF9BE5034FB3}" = FaxTalk Messenger Pro 8
"{5DF7AA5E-A1CB-11E0-A7D6-0013D3D69929}" = MSVCRT Redists
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{68131B0A-D78D-4aed-B74E-33A6C7324E50}" = WD Anywhere Backup
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED262EE-FC73-47A9-BB86-D92223246881}" = PowerChute Personal Edition 3.0.2
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{99341ACA-2A86-4235-A636-02A2A9820987}" = WD Discovery Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A1E7DA23-DAEF-40A0-94FC-8D11B787CCA1}" = QuickBooks Pro 2010
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B6143A6F-A2EB-4CA1-A30A-26E783CF8F82}" = Garmin TOPO Canada v4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BAC8BC63-FBD5-44EA-B8D4-501F06DA1E8C}" = iCamSource
"{C09F1573-6262-47F2-8B90-5B2290A58B12}" = MAGIX Speed 2 (MSI)
"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D24C3478-BE8D-4F0D-B3D0-FFAADA42FC01}" = MAGIX Screenshare
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2B53C96-C9FC-4FC3-8324-1BCE50DEA7E7}" = QuickBooks
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE549AF9-8FAA-4584-83B2-ECF1BC9DC1FF}" = Adobe Photoshop Elements 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEE3BBB8-92B2-4789-90F3-9A549F7CF3FA}" = MAGIX 3D Maker (embedded MSI)
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"8461-7759-5462-8226" = Vuze
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 10" = Adobe Photoshop Elements 10
"Advanced SystemCare 4_is1" = Advanced SystemCare 4
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2
"BlueSprig_JetClean_is1" = JetClean
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE. 1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485 DF8CE.1" = Adobe Media Player
"Cucusoft MPEG to DVD Author_is1" = Cucusoft MPEG to DVD Author 1.09
"Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro_is1" = Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
"Debut" = Debut Video Capture Software
"DivX Setup" = DivX Setup
"DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
"DVDSmith Movie Backup_is1" = DVDSmith Movie Backup 1.0.5
"Electric Sheep" = Electric Sheep 2.7b28
"ExpressBurn" = Express Burn Disc Burning Software
"ffdshow" = ffdshow (remove only)
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.7.0 (Full)
"LAME_is1" = LAME v3.99.3 (for Windows)
"Logitech Vid" = Logitech Vid HD
"MAGIX_MSI_Videodeluxe16_pro" = MAGIX Video Pro X2 Download Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MJPEG Processor" = MJPEG Processor (remove only)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Prism" = Prism Video File Converter
"Registry Mechanic_is1" = Registry Mechanic 10.0
"RER Video Converter_is1" = RER Video Converter
"VSO Burning SDK_is1" = VSO Burning SDK 4.0.10.472
"WD Link" = WD Link
"WinLiveSuite" = Windows Live Essentials
"Xvid Video Codec 1.3.2" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-623606949-1928459591-1333054469-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Google Chrome" = Google Chrome
"magicJack" = magicJack

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2012 12:07:31 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in " ": DB error -739 ErrorMessage:'DBLib
not initialized: error -73

Error - 6/28/2012 12:36:58 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: ApplePhotoStreams.exe, version: 7.2.5.1,
time stamp: 0x4f3a19cc Faulting module name: MSVCR80.dll, version: 8.0.50727.6195,
time stamp: 0x4dcddbf3 Exception code: 0xc0000005 Fault offset: 0x0001500a Faulting
process id: 0x1654 Faulting application start time: 0x01cd554c3488abfa Faulting application
path: C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Faulting
module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a 1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR 80.dll
Report
Id: 79ee41c2-c13f-11e1-9ee9-6cf049576846

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/28/2012 6:37:20 PM | Computer Name = Dario | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 6/29/2012 5:47:09 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: wmprph.exe, version: 12.0.7600.16385, time
stamp: 0x4a5bd018 Faulting module name: wmp.dll, version: 12.0.7601.17514, time
stamp: 0x4ce7ca81 Exception code: 0xc0000005 Fault offset: 0x00000000004af490 Faulting
process id: 0x1fcc Faulting application start time: 0x01cd563e99500641 Faulting application
path: C:\Program Files\Windows Media Player\wmprph.exe Faulting module path: C:\Windows\system32\wmp.dll
Report
Id: f97ba64d-c233-11e1-9ee9-6cf049576846

Error - 7/3/2012 2:37:54 PM | Computer Name = Dario | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.60.0.80 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 20d4 Start Time:
01cd59391ccf9cf1 Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: 2e60885a-c53e-11e1-8257-6cf049576846

Error - 7/4/2012 12:26:15 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: iCamSource.exe, version: 0.0.0.0, time
stamp: 0x4e8e382a Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time
stamp: 0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0006ccd5 Faulting process
id: 0x1a78 Faulting application start time: 0x01cd59ff2feb8b42 Faulting application
path: C:\Program Files (x86)\iCamSource\iCamSource.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a 1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR 90.dll
Report
Id: f98711c7-c5f4-11e1-b932-6cf049576846

Error - 7/4/2012 12:36:40 PM | Computer Name = Dario | Source = Application Error | ID = 1000
Description = Faulting application name: iCamSource.exe, version: 0.0.0.0, time
stamp: 0x4e8e382a Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time
stamp: 0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0006ccd5 Faulting process
id: 0x2328 Faulting application start time: 0x01cd5a02ae09193d Faulting application
path: C:\Program Files (x86)\iCamSource\iCamSource.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a 1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR 90.dll
Report
Id: 6dbf6ae7-c5f6-11e1-b932-6cf049576846

Error - 7/5/2012 10:36:26 AM | Computer Name = Dario | Source = Application Hang | ID = 1002
Description = The program OTL.exe version 3.2.53.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1940 Start Time:
01cd5ab9e338fe5f Termination Time: 3 Application Path: C:\Users\user\Downloads\OTL.exe

Report
Id: c724019b-c6ae-11e1-b932-6cf049576846

[ Media Center Events ]
Error - 11/24/2011 9:03:35 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 5:03:29 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 11/24/2011 10:09:41 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 6:09:40 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 11/24/2011 11:15:50 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 7:15:50 AM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

Error - 12/16/2011 8:01:58 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 4:01:58 AM - Error connecting to the internet. 4:01:58 AM - Unable
to contact server..

Error - 12/16/2011 9:08:13 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 5:08:13 AM - Error connecting to the internet. 5:08:13 AM - Unable
to contact server..

Error - 12/16/2011 10:14:30 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 6:14:30 AM - Error connecting to the internet. 6:14:30 AM - Unable
to contact server..

Error - 2/4/2012 7:39:42 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 3:39:42 AM - Error connecting to the internet. 3:39:42 AM - Unable
to contact server..

Error - 2/4/2012 8:39:47 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 4:39:47 AM - Error connecting to the internet. 4:39:47 AM - Unable
to contact server..

Error - 2/4/2012 9:39:52 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 5:39:52 AM - Error connecting to the internet. 5:39:52 AM - Unable
to contact server..

Error - 2/4/2012 10:39:57 AM | Computer Name = Dario | Source = MCUpdate | ID = 0
Description = 6:39:57 AM - Error connecting to the internet. 6:39:57 AM - Unable
to contact server..

[ System Events ]
Error - 7/2/2012 10:15:45 PM | Computer Name = Dario | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 7/2/2012 10:16:07 PM | Computer Name = Dario | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Encrypted volume check: Volume information on I: cannot be read.

Error - 7/3/2012 11:38:38 PM | Computer Name = Dario | Source = DCOM | ID = 10016
Description =

Error - 7/3/2012 11:44:57 PM | Computer Name = Dario | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.

Error - 7/4/2012 2:23:54 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866338
Description =

Error - 7/4/2012 2:25:24 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:27 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:33 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:43 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 7/4/2012 2:25:47 AM | Computer Name = Dario | Source = WMPNetworkSvc | ID = 866333
Description =

< End of report >

**Jintan** · #7 July 6th, 2012, 01:00 AM

Shoot, indications of a hacked Adobe CS install, and with the usually very expensive install of Autodesk showing here, and along with them the usuals, like Vegas Pro. Can't help but wonder what their status is. Sorry dmavric, like many security websites, CTH does not assist when the presence or use of illegal software is involved. Best I can off now is to reformat and reinstall, to ensure that any malware is removed. I will need to close this request at this point.

From the CTH Terms of Service:

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software illegally.