Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MiPony, Speedial, MyPC Backup Infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 tsusm

tsusm

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 19 May 2014 - 02:58 PM

Popups and redirects began occurring after downloading a Windows Media Codec file. MyPC Backup popups are occurring sporadically, and Chrome automatically redirects to Speedial on opening.

 

Thanks in advance!

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16545  BrowserJavaVersion: 10.51.2
Run by acarva1 at 14:49:34 on 2014-05-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3327.1386 [GMT -5:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Windows\System32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\NTR global\NTRconnect\NTRconnect.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Users\acarva1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2013\avgcfgex.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://speedial.com/?
 
f=1&a=spd_md_14_20_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0CtByDyDtCtAyDyEtB0B0CyByCtN0D0Tzu0SzzyCzytN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0FyDzytDtA0B0EtGzytCyEyCtGtByDyE0CtGzztDzzyBtGyDyBtD0AzztCzy0CtByD0EtB2QtN
 
1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtA0CyBtByDyBtGtCtA0CyBtGyD0FtDtCtGzz0A0B0BtGyE0B0CtD0DyDtByDzztA0ByC2Q&cr=1387231918&ir=
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://speedial.com/?
 
f=1&a=spd_md_14_20_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0CtByDyDtCtAyDyEtB0B0CyByCtN0D0Tzu0SzzyCzytN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0FyDzytDtA0B0EtGzytCyEyCtGtByDyE0CtGzztDzzyBtGyDyBtD0AzztCzy0CtByD0EtB2QtN
 
1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtA0CyBtByDyBtGtCtA0CyBtGyD0FtDtCtGzz0A0B0BtGyE0B0CtD0DyDtByDzztA0ByC2Q&cr=1387231918&ir=
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: HP Print Clips: {053F9267-DC04-4294-A72C-58F732D338C0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Acer Tour Reminder] <no file>
uRunOnce: [Del93052552] cmd.exe /Q /D /c del "c:\users\acarva1\appdata\local\temp\0.del"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Skytel] Skytel.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Del93052568] cmd.exe /Q /D /c del "c:\users\acarva1\appdata\local\temp\0.del"
dRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
dRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10h_ActiveX.exe -update activex
StartupFolder: c:\users\acarva1\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pcmmed~1.lnk - c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ALL_LINK
IE: &Download using 4shared Desktop - c:\program files\4shared desktop\Desktop.32/D_ONE_LINK
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E0D1139C-2D11-472C-8B77-0DBC6551E80F} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\34.0.1847.137\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\acarva1\appdata\roaming\mozilla\firefox\profiles\3nknrta9.default\
FF - prefs.js: browser.startup.homepage - hxxp://speedial.com/?
 
f=1&a=spd_md_14_20_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0CtByDyDtCtAyDyEtB0B0CyByCtN0D0Tzu0SzzyCzytN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0FyDzytDtA0B0EtGzytCyEyCtGtByDyE0CtGzztDzzyBtGyDyBtD0AzztCzy0CtByD0EtB2QtN
 
1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtA0CyBtByDyBtGtCtA0CyBtGyD0FtDtCtGzz0A0B0BtGyE0B0CtD0DyDtByDzztA0ByC2Q&cr=1387231918&ir=
FF - prefs.js: browser.search.selectedEngine - Speedial
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\sibelius software\scorch\NPSibelius.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\acarva1\appdata\local\yahoo!\browserplus\2.4.17\plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\users\acarva1\appdata\roaming\mozilla\firefox\profiles\3nknrta9.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 07:21; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: extensions.nspdlsd.aflt - spd_md_14_20_ch
FF - user.js: extensions.nspdlsd.instlRef - 140305_b
FF - user.js: extensions.nspdlsd.cr - 1387231918
FF - user.js: extensions.nspdlsd.cd - 
 
2XzuyEtN2Y1L1QzutDtDtC0CtByDyDtCtAyDyEtB0B0CyByCtN0D0Tzu0SzzyCzytN1L2XzutBtFtBtDtFtCtAtFtCtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StD0FyDzytDtA0B0EtGzytCyEyCtGtByDyE0CtGzztDzzyBtGyDyBtD0AzztCzy0CtByD0EtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0
 
FtA0CyBtByDyBtGtCtA0CyBtGyD0FtDtCtGzz0A0B0BtGyE0B0CtD0DyDtByDzztA0ByC2Q
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-7-20 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-7-20 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-7-1 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-10-23 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-11-25 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-10-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-7-20 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2014-4-15 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-11-20 283136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-30 21504]
R2 ntrconnect;NTRConnect;c:\program files\ntr global\ntrconnect\NTRconnect.exe [2008-10-29 89600]
R2 RVIEGVST;VSC VST Engine;c:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2009-3-11 188276]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2010-8-24 40912]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2010-8-24 10448]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S3 YMIDUSBW;Yamaha USB-MIDI Driver (WDM);c:\windows\system32\drivers\ymidusbw.sys [2011-11-1 36040]
S4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2007-4-16 266343]
S4 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-10-14 166352]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-18 21:56:30 -------- d-----w- c:\users\acarva1\appdata\roaming\Speedial
2014-05-18 21:56:30 -------- d-----w- c:\program files\Speedial
2014-05-18 21:56:14 -------- d-----w- c:\program files\MyPC Backup
2014-05-18 21:55:59 -------- d-----w- c:\program files\MiPony
2014-05-15 17:52:30 -------- d-----w- c:\users\acarva1\appdata\roaming\ActiveState
2014-05-15 17:52:30 -------- d-----w- c:\users\acarva1\appdata\local\ActiveState
2014-05-15 08:00:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-08 11:21:12 188272 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2014-05-08 11:21:12 188272 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-05-13 19:59:12 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 19:59:12 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-15 18:35:26 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-03-07 23:12:00 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-03-07 23:02:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-07 23:02:07 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-03-07 22:57:17 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-07 22:56:03 421376 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 14:50:30.45 ===============
 


BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:45 AM

Posted 21 May 2014 - 10:33 AM

:welcome:

Hello tsusm,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 tsusm

tsusm
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 22 May 2014 - 01:28 PM


--------------------------------------------------------------checkup.txt--------------------------------------------------------------
 
 Results of screen317's Security Check version 0.99.83  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Sophos Anti-Rootkit 1.5.20   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 31  
 Java 7 Update 51  
 Java™ 6 Update 4  
 Java™ 6 Update 6  
 Java™ 6 Update 7  
 Java™ SE Development Kit 6 Update 14 
 Java DB 10.4.2.1   
 Java version out of Date! 
 Adobe Flash Player  13.0.0.214  
 Adobe Reader 10.1.10 Adobe Reader out of Date!  
 Mozilla Firefox (Firefox,. Firefox out of Date!  
 Mozilla Thunderbird (3.1.17) Thunderbird out of Date!  
 Google Chrome 34.0.1847.137  
 Google Chrome 35.0.1916.114  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 Empowering Technology eSettings Service capuserv.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1 % 
````````````````````End of Log`````````````````````` 
 
 
--------------------------------------------------------------OLT.txt--------------------------------------------------------------
 
OTL logfile created on: 5/22/2014 1:07:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\acarva1\Documents\Application Setup Files
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 38.90% Memory free
6.73 Gb Paging File | 4.63 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 19.60 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.26 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 5.90 Gb Free Space | 78.62% Space Free | Partition Type: FAT32
Drive G: | 1.84 Gb Total Space | 0.77 Gb Free Space | 41.80% Space Free | Partition Type: FAT
Drive K: | 7.50 Gb Total Space | 7.05 Gb Free Space | 93.88% Space Free | Partition Type: FAT32
Drive L: | 931.28 Gb Total Space | 794.84 Gb Free Space | 85.35% Space Free | Partition Type: FAT32
Drive M: | 7.62 Gb Total Space | 1.79 Gb Free Space | 23.46% Space Free | Partition Type: FAT32
 
Computer Name: AC-PC | User Name: acarva1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\acarva1\Documents\Application Setup Files\OTL.exe (OldTimer Tools)
PRC - C:\Windows\Temp\CR_E7080.tmp\setup.exe (Google Inc.)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\acarva1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG2013\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\LBTWiz.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Program Files\NTR global\NTRconnect\NTRconnect.exe (NTRglobal)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\fbf434299b068c463296945c12845734\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\c5213af29d521ee19cc55983f8c2037c\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\73726634ae4a00a21279a6a66b081301\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\d17ceca243fabda73eefb21d9bd072df\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f87e71868aedbc6c4e8fe7160d17c4ab\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2b605fc7deda872727d1ed37710420e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8e6265a54260bddfc05951e764f5bc48\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\957628d9dd7b3bf370a56dca7835a997\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\694a37a84dee2cd2609a1dfab27c0433\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Program Files\Motorola\SMSERIAL\sm56chs.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ZuneNetworkSvc) -- K:\!New Files!\Programs\Zune\ZuneNss.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ZuneWlanCfgSvc) -- C:\Windows\System32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (ntrconnect) -- C:\Program Files\NTR global\NTRconnect\NTRconnect.exe (NTRglobal)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XBCD) -- System32\Drivers\xbcd.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\system32\9724.tmp File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\acarva1\AppData\Local\Temp\catchme.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (ALSysIO) -- C:\Users\acarva1\AppData\Local\Temp\ALSysIO.sys File not found
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\Windows\System32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (YMIDUSBW) -- C:\Windows\System32\drivers\ymidusbw.sys (Yamaha Corporation)
DRV - (LMouKE) -- C:\Windows\System32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LEqdUsb) -- C:\Windows\System32\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV - (LHidEqd) -- C:\Windows\System32\drivers\LHidEqd.sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\Windows\System32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (RsFx0103) -- C:\Windows\System32\drivers\RsFx0103.sys (Microsoft Corporation)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RVIEGVST) -- C:\Program Files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys (Roland)
DRV - (RVIEG01) -- C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys (Roland)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7F 5B ED 01 18 1E 5D 42 A4 84 A3 3F 11 1A 85 CC  [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {58011AF5-961C-4406-A6C7-6DFCD6AD6FFF}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Speedial"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: DeviceDetection%40logitech.com:1.23.0.5
FF - prefs.js..extensions.enabledAddons: moveplayer%40movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.7.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files\Sibelius Software\Scorch\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@sun.com/npsopluginmi;version=1.0: C:\Program Files\OpenOffice.org 3\program File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6e: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.4.17: C:\Users\acarva1\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2014/03/08 11:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/13 13:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2014/03/08 11:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.13\extensions\\Components: C:\Program Files\SeaMonkey\components [2014/03/08 11:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.0.13\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2014/05/13 13:18:55 | 000,000,000 | ---D | M]
 
[2011/04/09 13:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Extensions
[2010/11/06 13:34:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/04/09 13:22:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2014/05/20 02:57:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions
[2010/09/17 16:29:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2014/05/20 02:57:18 | 000,000,000 | ---D | M] (WOT) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/08/06 17:53:39 | 000,000,000 | ---D | M] (iFox) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2009/09/12 23:22:50 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2014/05/20 02:57:18 | 000,000,000 | ---D | M] ("Speedial") -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\{fa95f577-07cb-4470-ac90-e843f5f83c52}
[2011/08/12 19:25:44 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\DeviceDetection@logitech.com
[2011/10/19 15:53:02 | 000,000,000 | ---D | M] (Low Quality Flash) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\low_quality_flash@pie2k.com
[2009/05/16 18:44:16 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\moveplayer@movenetworks.com
[2011/10/24 06:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\res1wbb7.default\extensions
[2011/04/10 17:45:51 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\acarva1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\res1wbb7.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/04/10 17:45:51 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\acarva1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\res1wbb7.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/04/10 17:45:51 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\acarva1\AppData\Roaming\Mozilla\SeaMonkey\Profiles\res1wbb7.default\extensions\inspector@mozilla.org
[2013/03/14 11:28:54 | 000,005,958 | ---- | M] () (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\4sharedCopyLinks.xpi
[2014/05/20 02:57:18 | 000,348,260 | ---- | M] () (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\personas@christopher.beard.xpi
[2009/08/06 17:53:39 | 000,762,510 | ---- | M] () (No name found) -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}\chrome\tmp.xpi
[2014/05/20 02:57:22 | 000,002,771 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\Speedial.xml
[2011/07/23 15:54:21 | 000,001,214 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\uespwiki-en.xml
[2008/06/22 20:59:30 | 000,001,108 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\wikipedia-en.xml
[2008/07/16 02:50:24 | 000,001,196 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\winamp-search.xml
[2013/08/12 06:27:23 | 000,002,112 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\wot-safe-search.xml
[2014/03/12 18:12:23 | 000,002,383 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\youtube-1.xml
[2008/09/25 00:30:52 | 000,002,255 | ---- | M] () -- C:\Users\acarva1\AppData\Roaming\Mozilla\Firefox\Profiles\3nknrta9.default\searchplugins\youtube.xml
[2013/08/04 07:47:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/04 07:47:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/01/17 18:08:43 | 001,152,488 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll
[2008/08/17 17:11:15 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\mozilla firefox\plugins\NPTURNMED.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/03/31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll
[2010/04/08 12:35:52 | 009,822,960 | R--- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchAxPlugin.dll
[2010/04/08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://mail.yahoo.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Triscape FxFoto Control and Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFxViewer.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Turner Media Plugin 1.0.0.10 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: getPlusPlus for Adobe 16244 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: VLC Multimedia Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Yahoo! BrowserPlus Plugin (Enabled) = C:\Users\acarva1\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\acarva1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\acarva1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: No name found = C:\Users\acarva1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki\2.0.14193.1217_0\
CHR - Extension: Google Wallet = C:\Users\acarva1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2012/03/12 15:39:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\Run: [Acer Tour Reminder]  File not found
O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [ROC_ROC_APR2013_AV] C:\Users\acarva1\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid c127393720dd4339b80c9225fa4f0c2f-5ed912022d0bbb8e46c78462b41b7138d9663455 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2012 File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\acarva1\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ALL_LINK File not found
O8 - Extra context menu item: &Download using 4shared Desktop - res://C:\Program Files\4shared Desktop\Desktop.32/D_ONE_LINK File not found
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: txstate.edu ([ibis.sap] https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0D1139C-2D11-472C-8B77-0DBC6551E80F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\acarva1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\acarva1\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 10:42:08 | 000,000,000 | ---D | M] - L:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/18 16:56:30 | 000,000,000 | ---D | C] -- C:\Users\acarva1\AppData\Roaming\Speedial
[2014/05/18 16:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony
[2014/05/15 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\acarva1\AppData\Roaming\ActiveState
[2014/05/15 12:52:30 | 000,000,000 | ---D | C] -- C:\Users\acarva1\AppData\Local\ActiveState
[2014/05/15 03:00:34 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/25 08:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/22 12:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/22 12:56:00 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\Speedial.job
[2014/05/22 12:25:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/22 12:15:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/05/22 11:35:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 11:35:06 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/22 07:25:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ccee0db15fad06.job
[2014/05/21 17:26:21 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/20 03:40:55 | 000,732,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/20 03:40:55 | 000,155,056 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/20 03:35:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/20 02:12:57 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/19 14:20:32 | 000,001,200 | ---- | M] () -- C:\Users\acarva1\.recently-used.xbel
[2014/05/15 03:24:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/05/13 14:59:12 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/13 14:59:12 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/05 18:14:12 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/28 12:26:04 | 002,585,888 | ---- | M] () -- C:\Users\acarva1\Documents\davison convo form.JPG
[2014/04/25 08:45:53 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2014/04/24 02:06:58 | 002,648,387 | ---- | M] () -- C:\Users\acarva1\Documents\Convo request form - Dai New Year Ceremonies.JPG
[2014/04/24 02:02:33 | 000,309,804 | ---- | M] () -- C:\Users\acarva1\Documents\2013-2014-Music-Guests.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/19 14:20:32 | 000,001,200 | ---- | C] () -- C:\Users\acarva1\.recently-used.xbel
[2014/05/18 16:56:58 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\Speedial.job
[2014/04/28 12:25:44 | 002,585,888 | ---- | C] () -- C:\Users\acarva1\Documents\davison convo form.JPG
[2014/04/24 02:07:11 | 002,648,387 | ---- | C] () -- C:\Users\acarva1\Documents\Convo request form - Dai New Year Ceremonies.JPG
[2014/04/24 02:02:39 | 000,309,804 | ---- | C] () -- C:\Users\acarva1\Documents\2013-2014-Music-Guests.pdf
[2013/10/30 23:54:55 | 000,001,443 | ---- | C] () -- C:\Users\acarva1\AppData\Local\recently-used.xbel
[2013/07/30 17:10:34 | 000,000,051 | ---- | C] () -- C:\Users\acarva1\AppData\Roaming\mbam.context.scan
[2012/08/13 10:57:00 | 000,012,927 | ---- | C] () -- C:\Program Files\readme.html
[2012/05/08 14:15:36 | 000,000,005 | ---- | C] () -- C:\Program Files\basis-link
[2012/03/11 01:50:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/01/17 18:08:49 | 000,000,063 | -H-- | C] () -- C:\ProgramData\Ts_infos.ini
[2010/08/14 00:50:57 | 000,000,000 | ---- | C] () -- C:\Users\acarva1\AppData\Local\prvlcl.dat
[2009/04/22 17:17:33 | 000,256,269 | ---- | C] () -- C:\Users\acarva1\Rollins ticket purchase.xps
[2008/02/03 17:18:25 | 000,160,768 | ---- | C] () -- C:\Users\acarva1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/03 00:57:52 | 000,006,446 | ---- | C] () -- C:\Users\acarva1\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 08:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/10/18 17:26:57 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\4shared Desktop
[2008/08/04 14:10:40 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\acccore
[2008/01/25 18:05:31 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Acer
[2014/05/15 12:52:30 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\ActiveState
[2010/02/19 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Anvil Studio
[2014/05/19 14:15:00 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Audacity
[2013/08/07 16:12:52 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\AVG2013
[2012/08/14 03:25:51 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\bsnes
[2008/02/04 15:43:29 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Cakewalk
[2012/08/04 21:23:49 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\com.essexreddevelopment.mergepdfmac
[2009/09/02 18:37:53 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Dev-Cpp
[2014/04/21 01:00:01 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Dropbox
[2014/03/29 12:07:45 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\DropboxMaster
[2010/11/10 12:14:44 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\eSobi
[2013/05/04 17:41:10 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Garritan
[2013/08/22 14:04:59 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Guitar Pro 6
[2011/02/03 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\inkscape
[2013/09/18 06:15:06 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\IrfanView
[2008/01/25 18:05:30 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Leadertech
[2013/05/04 17:40:52 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\MakeMusic
[2011/10/27 14:49:29 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\mjusbsp
[2009/09/23 15:04:30 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\MusE
[2009/03/08 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\OpenOffice.org
[2013/08/04 07:06:09 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Opera Software
[2013/05/05 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Plogue
[2012/08/14 03:24:56 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\purify
[2014/05/18 16:56:57 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Speedial
[2014/05/15 02:03:27 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Spotify
[2008/08/07 11:20:39 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Template
[2010/11/06 13:34:25 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\Thunderbird
[2011/09/09 14:22:19 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\ToDo Sync Helper
[2013/08/07 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\acarva1\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:0B4227B4
 
< End of report >
 
 
--------------------------------------------------------------Extras.txt--------------------------------------------------------------
 
OTL Extras logfile created on: 5/22/2014 1:07:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\acarva1\Documents\Application Setup Files
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.26 Gb Available Physical Memory | 38.90% Memory free
6.73 Gb Paging File | 4.63 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.70 Gb Total Space | 19.60 Gb Free Space | 17.55% Space Free | Partition Type: NTFS
Drive D: | 111.43 Gb Total Space | 111.26 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Drive F: | 7.50 Gb Total Space | 5.90 Gb Free Space | 78.62% Space Free | Partition Type: FAT32
Drive G: | 1.84 Gb Total Space | 0.77 Gb Free Space | 41.80% Space Free | Partition Type: FAT
Drive K: | 7.50 Gb Total Space | 7.05 Gb Free Space | 93.88% Space Free | Partition Type: FAT32
Drive L: | 931.28 Gb Total Space | 794.84 Gb Free Space | 85.35% Space Free | Partition Type: FAT32
Drive M: | 7.62 Gb Total Space | 1.79 Gb Free Space | 23.46% Space Free | Partition Type: FAT32
 
Computer Name: AC-PC | User Name: acarva1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "K:\!New Files!\Programs\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "K:\!New Files!\Programs\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "K:\!New Files!\Programs\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05298078-5CC2-424F-8DF1-673A690906AC}" = lport=5353 | protocol=6 | dir=in | name=bonjour tcp | 
"{153E7B55-3C7A-4289-8921-25A847E1046A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{26695623-CAFD-47A8-85E6-994AB857E64C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2D82526C-84A4-4B1A-A7FB-CF8AB655CE15}" = lport=5353 | protocol=17 | dir=in | name=bonjour udp | 
"{31D71338-849A-4FDE-AF12-6176D970884A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{31F5D840-9FF7-4B39-A46B-7561FBB01D40}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33C3E698-73FC-43E1-BCC9-15D2A6DC4FEF}" = lport=19210 | protocol=6 | dir=in | name=todo sync helper 2nd port tcp | 
"{36E53519-4791-4C1B-9DFA-15E53B9AAB6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D48D5EF-719F-4E5E-BACF-5119974FC048}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3E08DD36-5736-4C5A-876A-DDDEC0F942D9}" = rport=139 | protocol=6 | dir=out | app=system | 
"{402749D0-9AED-4637-91A4-CE9576A85B53}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46661D69-9B89-41EE-9270-BFFABFFB8762}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{46F755CF-949F-4CDB-A368-9CDCEC4943D4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{47A12A1D-4507-4DF5-AC63-DD80B2C1636F}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{4A6E3CD6-49C1-4A2D-B058-F36AC5A199EF}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{533AF149-55A5-4FED-A293-F466CBC8FD74}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C6F9701-C63B-4834-A7F7-C5BF04F1AE21}" = lport=19210 | protocol=17 | dir=in | name=todo sync helper 2nd port udp | 
"{5D7261F2-2304-4737-80B6-AAC40BF1B4C4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5F9E45C5-5ACE-4BE0-ABB0-CDEDA06E71B3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5FDF30E2-3D6B-4346-B968-2D4101DD6FC9}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{6781D0FC-6717-4616-A981-61EF9E244924}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6785F786-0135-42AE-AD89-D72F9D5AA342}" = lport=48699 | protocol=17 | dir=in | name=todo sync helper 2nd port udp | 
"{6A3593B9-27FF-425F-BC2C-B7FA0C030217}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A80A672-B2D3-4005-AD89-37E7B84FD471}" = lport=48699 | protocol=6 | dir=in | name=todo sync helper 2nd port tcp | 
"{6EE33765-2C84-4E1F-8509-BF8667727F5E}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{75D58119-1081-4545-83FA-0041629C739C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{78C414C5-7ADF-4969-AD58-E14AD3EC5C11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{81D96A2C-49A7-41E5-831E-539FEECB8210}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{8C139736-53B6-4D47-AA46-471B968A5EAB}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{90F0E8BC-1611-446D-B5BE-AA0378A5D291}" = lport=445 | protocol=6 | dir=in | app=system | 
"{9284E8EF-E88D-426E-A0AB-B9081DDDA127}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{97D99EA7-D890-4CEB-A8F6-9B357A1D8E70}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{9FA55B49-CAE1-4403-ACDA-22F4CCC78BBE}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe | 
"{B7BF4F4A-911B-49DC-8EB2-33AEECD4A15A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B9DC77B0-B30A-4B50-993D-7DBB107B69B1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C4D71617-4D71-4637-95AD-1A64E4C74624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CE014D35-B49E-4302-89DC-18D2FB9145BD}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D46ACFFD-DE31-47BA-A02F-9F9D9DE5EEB7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{E3643513-C115-4562-B0C3-35DC88CA9CF0}" = rport=10244 | protocol=6 | dir=out | app=system | 
"{EA181170-203B-42D9-B97A-0905903EBCC5}" = lport=10244 | protocol=6 | dir=in | app=system | 
"{F1670CED-961E-4F39-AF66-C4E9C7BAB997}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F36CAB39-6BCA-452B-8451-07B6AC4CC441}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FB3B2F8D-3057-4DD4-A136-D5DC3729AE97}" = lport=3390 | protocol=6 | dir=in | app=system | 
"{FFE04EFC-CAD6-4CEE-9B16-B5D162113B64}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CD5117-24E1-4167-92E3-2A64D1385D3B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{06206F25-54C3-4E3B-BAC1-4EB558ED6E2C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{06B267F3-F067-40D5-A251-70C9BABD0BE0}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{06C57EE1-FE80-4BAC-9B9E-46F53865A431}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{06F61951-66E3-4F52-93E0-E1AE34223D91}" = protocol=6 | dir=in | app=c:\program files\todo sync helper\todo sync helper.exe | 
"{0CF0E196-8C39-47BA-B7FB-24A2A23626A3}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{15393BC8-3007-4D1A-A337-A5B70487FB0C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{1553063D-56E6-4162-85D6-2AF3588AB80F}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{16F0431A-492B-4D60-8CEC-05ED1ED00D7D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{1955E669-BE1F-4C13-B854-FB32F2900974}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{2307EE63-8497-464E-BCC8-541564CE14F5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{239341AC-73D3-459D-A1F6-00A453A116A1}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{251ED3E6-E878-43B9-AF0C-0B7D2501D736}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{2B2212AE-8CAA-4B6F-BAC1-28DC8CC00EDF}" = protocol=6 | dir=in | app=c:\users\acarva1\appdata\roaming\dropbox\bin\dropbox.exe | 
"{2EAAEA50-64A6-4FE1-BC1B-3F51B3D44475}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{2ED68BC8-8862-40A1-8B02-F2205A3A2411}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{351A5F16-C8A5-4B1F-96EF-E235429FEBE1}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{38705CFC-29F4-4FBD-B0D1-2040B0AB103F}" = protocol=17 | dir=in | app=c:\users\acarva1\appdata\roaming\dropbox\bin\dropbox.exe | 
"{38A7CE85-00DA-4E42-88E7-45A217C8BE25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{397337E1-2625-4031-B309-55741440E4D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe | 
"{3BD3E58B-9FDD-41A0-BA42-7C3BDDD121BC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{4354B6B7-D2D5-4EE6-9FD0-AADDDFD44F75}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{47C0BB5F-0794-4B78-9B3B-45DA7BFCF19B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{4CAE0001-D114-4EA9-A636-BC3ACFEA7A20}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{4DEAC201-470C-408B-8A26-52494BE6060C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | 
"{5720D183-4613-48D8-B7AF-56DFF92F3E0E}" = protocol=17 | dir=in | app=c:\users\acarva1\appdata\roaming\spotify\spotify.exe | 
"{5A12BE6D-ED9C-4BC3-88C3-4B419F7FD993}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{5F06C73B-3B46-4ED5-983C-2880071833B2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe | 
"{5F281941-6ED0-412F-87AA-39D06FFC5E63}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{61516135-EFF5-4829-A973-F1E382A0446C}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{63E7873C-3BB5-4E27-96F8-8F7112A52D4E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{64C52DD3-2977-4C34-BDA1-8FD96179DF00}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe | 
"{69B1D601-A575-4CEB-BC3C-F5CFC877311C}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6D9AF5D4-5AF8-486E-B13D-CD64BF3A594B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{6E18B414-95D0-4A47-B951-558557696C3E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{73526156-7588-446A-ACC7-7C088D30F23A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{79D67D1C-2F84-4DC2-A9B1-B891D843FE51}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{7E0E3B00-6896-4E20-9BD8-CFB3A311368D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{81C0BFB6-BA56-44B7-91D5-3D0C81FF0506}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{8387B4FD-A562-476A-A01E-1576C243526E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe | 
"{84C814BC-7749-462A-BE54-85A949941424}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{87785172-F019-49CE-8262-32F369A34FED}" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{87BBB514-F5D0-4138-9B2F-C233D5676BA0}" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"{884C7781-0B5A-4782-B4BF-B801B366490F}" = protocol=6 | dir=out | app=system | 
"{8B160BBD-16D6-418B-9943-A960C50610AD}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{8BC03027-2846-423D-9358-69A864B9BA9C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{8C9B722F-AE98-443B-BBB1-165E2B4F42D7}" = protocol=6 | dir=in | app=c:\program files\todo sync helper\todo sync helper.exe | 
"{91F4AA58-AD3B-4E42-91B2-92A66655E7C3}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{9532DC34-EF29-468A-916F-2D884658CB50}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{95D8FD5E-85CF-4393-9E0C-2E11E6E55009}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{95DAE0AD-419D-4175-AF5A-EBBF5795C1F2}" = protocol=17 | dir=in | app=c:\program files\todo sync helper\todo sync helper.exe | 
"{9C99C629-B1DE-4363-9778-C69F997740C9}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe | 
"{9F6BABA3-D127-4510-9A75-F106B8AC86E8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{A0E22BD1-9D17-41A4-BF50-419B503C50D0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe | 
"{A153B03F-E51B-473B-9A24-613038D5F5F1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{A1F00982-C024-4CC6-9B36-5BA3A1381A59}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{A35FC145-ADC9-48EA-855E-387274B3C59A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | 
"{A609B93E-347C-487F-982B-0E15E206A2EE}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{A8757501-B402-4C19-AD10-EA4697A9512B}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe | 
"{A9F26AFB-FC8B-40DB-9C5D-E89072E578F4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe | 
"{B329DFFB-26ED-4967-B72A-9174126D27D9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{BA0FA2D7-A5A2-4528-BE2B-8D5DDB61CFCB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{BC89DCC8-739B-4D6D-B667-F3EED66497FE}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{C0AE7C83-DD34-4899-8816-AC1E3746DF27}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{C0B04953-9D63-4886-9FEE-B20972592777}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{C1480A14-3741-495E-BC92-8291DF44090F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe | 
"{C332F54A-214E-46A2-A232-CAD360D42917}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{CB0B0E36-7C85-483B-AA52-9F37304CED51}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | 
"{CC5BB61B-2E20-4797-92BD-ED41C21DE298}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"{CEBCE6A0-C94B-4376-B642-4DF8AFC03713}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe | 
"{D8716FEF-0B96-4C4C-BB07-792F6EE43839}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{DD29CF52-E925-4630-BD63-98753F16AA95}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{DFFF3429-DA90-43DB-898C-FAEEFE3F39E2}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe | 
"{E3F143B5-7BD5-4540-A70B-15466875B9D4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{E4DA8D61-D62D-40C8-AC64-7ED5DBA7609A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{E59634F8-1C07-40AC-84E1-E301FBC238EE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe | 
"{E6B20E10-D7D1-4C95-A645-98F7B8BA8AF9}" = protocol=6 | dir=in | app=c:\users\acarva1\appdata\roaming\spotify\spotify.exe | 
"{ED437696-A478-4013-BC4A-377F1EFBE972}" = protocol=17 | dir=in | app=c:\program files\todo sync helper\todo sync helper.exe | 
"{EDC7B0D8-963A-4BFD-AA26-D18DFE503A24}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | 
"{EF670AE2-B131-4B31-AF42-9A8F19868DFA}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{F42A10AE-D383-4A78-9E05-64BBC84376C5}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe | 
"{F5A3F7B9-CBD6-411E-B68C-263D5CFB51D9}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe | 
"{FD63F6CF-D981-41F0-A27D-F6363459E52B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{19A092CF-43E4-4DB3-B6FD-18499ACDD3A4}C:\program files\winamp remote\bin\orbtray.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"TCP Query User{2A83B92F-3521-4B9F-9AE0-CF459B60ECCB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4D8216E6-F43C-46D4-9C93-A999C5FD0F9C}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"TCP Query User{64FAD65C-9E00-4DE7-AC06-019F27BA9898}C:\program files\winamp remote\bin\orb.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"TCP Query User{732C045D-35B2-449B-9A12-C93130D358D0}C:\program files\winamp remote\bin\orbir.exe" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"TCP Query User{87255BF6-2537-4DB7-8ADE-48960B643F2E}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{923DED3A-1958-49F0-95FB-A7B6C8C132CC}C:\users\acarva1\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\acarva1\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{971D0106-AC0A-4A88-9CAD-DF172491E488}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | 
"TCP Query User{BEC3C1A7-5DB6-4D66-8DB0-3E3EE2904C69}C:\users\acarva1\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\acarva1\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{DF06B647-7FD5-4B17-BE8B-E327F810F7C2}C:\program files\java\jdk1.6.0_14\jre\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jdk1.6.0_14\jre\bin\java.exe | 
"UDP Query User{13A6252A-DAF7-47A4-9CD5-B60309564B93}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe | 
"UDP Query User{6DB053A2-0292-47F9-BE94-1BDD5133C6E0}C:\program files\winamp remote\bin\orbir.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"UDP Query User{7263C544-ACEE-491B-9286-F099C9EB4C89}C:\program files\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{749829EE-4447-434B-812C-153AB65A7F02}C:\users\acarva1\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\acarva1\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{872F081A-9979-4507-9DB3-90269BE0E806}C:\users\acarva1\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\acarva1\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{986D06D2-DEAA-405F-A740-D43646308C25}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | 
"UDP Query User{98BF4AF1-68F0-4936-8C6B-82AB48B9D222}C:\program files\java\jdk1.6.0_14\jre\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jdk1.6.0_14\jre\bin\java.exe | 
"UDP Query User{BC0510A7-7FD1-4F15-BCC2-2D1CE4500702}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{D3BA73B6-E099-460C-A7FA-8FAA6A0CAC41}C:\program files\winamp remote\bin\orbtray.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"UDP Query User{EBFEB0E6-4260-4A11-878B-5A33205A305A}C:\program files\winamp remote\bin\orb.exe" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"__ARIA_1012___is1" = Garritan ARIA Player vAppVersion=v1.504
"__ARIA_1013___is1" = Garritan Instruments for Finale
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{021661E0-C377-C87B-9583-E0A69E61A489}" = Catalyst Control Center Localization Thai
"{023387B5-AF74-D690-D2C6-C8D474597284}" = CCC Help Polish
"{042B8532-E27C-C06E-A8F5-71F36B98B2DE}" = Catalyst Control Center Localization Portuguese
"{07AE9F43-360F-7412-577B-2B4B73E5EAB9}" = CCC Help Hungarian
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C09E020-9996-4E1C-9839-97DA8F9C8D6B}" = CCC Help Danish
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1861D449-590B-71F5-2C62-21730731FC4C}" = ccc-utility
"{18B2020D-3D3F-4508-81E7-ACD4CCD25C53}" = Yamaha USB-MIDI Driver
"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21565317-7E58-CEED-E5BE-6916533442F4}" = Catalyst Control Center Localization Czech
"{2224B408-E7E4-15CF-0674-EC7C36D68741}" = Catalyst Control Center Localization Hungarian
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{236D1288-99DB-C3D6-D132-EDE6317BF619}" = CCC Help Japanese
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2AABA091-41DF-D0D3-83F8-0133F8C7AA97}" = Catalyst Control Center Localization Swedish
"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{317DE552-B622-0DD2-4E7E-28400D64C100}" = Catalyst Control Center Localization Dutch
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160140}" = Java™ SE Development Kit 6 Update 14
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41626CC0-A854-4402-AD06-D7939515C282}" = Sibelius Scorch (Firefox, Opera, Netscape, Chrome only)
"{42DF661F-6351-B582-DE2C-B8C46B30303F}" = CCC Help Dutch
"{462C7C7F-5446-4FA3-97E9-C179EFA14E1E}" = ToDo Sync Helper
"{47107F5F-FDEC-4A01-896C-E76245743F1A}" = X-Edit
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{4F5641C5-409C-7E5A-A2F9-B6D00A190B55}" = Catalyst Control Center Graphics Previews Vista
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{549514BF-2BDA-422B-9134-67B5A79C2487}" = NTRConnect
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EA96EEF-4E57-C1F0-6A06-088191FE110C}" = CCC Help Thai
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B73D186-ED5C-6EB1-96EE-8F866269243C}" = Catalyst Control Center Localization Danish
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7007D9E6-F820-CFEA-EB87-9C9377A967F7}" = CCC Help Swedish
"{710EA46C-2A49-F39A-5EC7-3884DC5329D7}" = Catalyst Control Center Localization Spanish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{745877DC-8FFE-4E4C-ABBC-589B887A47D1}" = Virtual Sound Canvas DXi
"{74AF0F2A-A87D-B6B7-6671-61B53F98254B}" = Catalyst Control Center Localization Turkish
"{760F3E42-B1E4-5324-4C4A-0459C8938B6A}" = Catalyst Control Center Localization Italian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760B7DD-C922-C286-AB6C-2E06B32C1D4F}" = Catalyst Control Center Graphics Full Existing
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79BD66B2-4DAE-4C3B-B08E-DC72E507C163}" = iCloud
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7C8C2AA5-FFD4-4A10-970D-152B2AB49C57}" = AVG 2013
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837F9742-DCC8-3FF4-5066-E11E48EE2391}" = Catalyst Control Center Localization Korean
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86861408-CB40-247E-B851-608792116658}" = CCC Help Norwegian
"{86E71966-9EE0-9AD3-2C17-FC3A0B8BB810}" = Catalyst Control Center Localization Chinese Standard
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8BCA7792-CF78-46C6-66A7-EB9A8F0FB0A2}" = Catalyst Control Center Localization Russian
"{8C42C789-B0EF-3226-9069-D1956B220B38}" = Catalyst Control Center Localization Greek
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{926C96FB-9D0A-4504-8000-C6D3A4A3118E}" = Java DB 10.4.2.1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE1CAAF-31C0-6B2A-45EE-7761FDEFC806}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C353B52-07E4-07A7-B95F-392D8AA37210}" = Catalyst Control Center Localization Japanese
"{9DBB76DD-812B-26E9-C681-B7CD2DA27A78}" = CCC Help French
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{9F96AFEF-28F1-2479-1D6A-33F8D4A7BF11}" = CCC Help Chinese Standard
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A10FCB8E-F4C3-0C5E-4FFC-8C9A560095A8}" = CCC Help Russian
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A6038CD2-72AF-2C0A-C1A3-93D360F5A889}" = CCC Help Korean
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.10)
"{AE223864-BFA1-1F17-49B2-13C8971DACA2}" = Catalyst Control Center Localization German
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B22D8435-CB77-849A-B9AE-D1737A073914}" = Catalyst Control Center Localization Polish
"{B3BA8D55-5397-6712-1B6C-5A8849AF19F5}" = Catalyst Control Center Core Implementation
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1722D10-8C05-B66D-A160-7C2CFF589176}" = Catalyst Control Center Graphics Light
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C485A66D-3521-20E8-2A7B-F060B1773491}" = Catalyst Control Center Localization French
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CD1C40A4-2836-1911-673E-18572FD2B62A}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{CF6FE5A8-1338-188F-35B3-8372FA31D822}" = Skins
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files 
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D5E905F1-7657-7B1E-E5BD-2C69C89C8ABE}" = CCC Help Italian
"{D6DB00A1-4BCC-AB1B-24C2-0999BDA43D85}" = CCC Help Greek
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{D7D4DB0F-9070-AED1-D2F4-D11BD42C7588}" = CCC Help Chinese Traditional
"{D7F01E28-9D36-F8EC-872F-9FD71792F858}" = CCC Help Finnish
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA22A6BB-10B5-4595-BD59-1AD4023C8536}" = Virtual Sound Canvas VST
"{DA6AB13B-4D72-6EBB-AA4D-656CE9C0E512}" = CCC Help English
"{DF59BA36-54DC-6BB4-FCED-C9B9F2BCB4AE}" = CCC Help Spanish
"{E0325EFE-9D02-0F1E-7306-F4D95979715A}" = Catalyst Control Center Localization Chinese Traditional
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E63AA3F4-5647-0BC8-24FC-F40CFE56B579}" = Catalyst Control Center Localization Norwegian
"{E6541F6A-3D2D-30E5-57F9-4DD411C2E4F0}" = CCC Help German
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{E65B87D8-30C4-4FB0-8C24-AFD64950A881}" = ActiveState Komodo Edit 8.5.3
"{E720B248-D9F5-5E20-8E72-3E419D45D703}" = Catalyst Control Center Localization Finnish
"{E8E32E53-18F7-095E-CC75-F77E412F1AD9}" = CCC Help Portuguese
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F09030B7-7B8A-30DE-539B-607C9B1831DB}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3ABD1F0-16CA-4F7A-AAAB-2DEE964FD544}" = AVG 2013
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center
"{F76D7388-A433-E572-4718-CD3421738166}" = CCC Help Turkish
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"4shared Desktop" = 4shared Desktop
"7-Zip" = 7-Zip 9.20
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"ARIA Engine_is1" = ARIA Engine v1.5.0.4
"ATI Uninstaller" = ATI Uninstaller
"Audacity_is1" = Audacity 2.0.3
"AVG" = AVG 2013
"Cakewalk VST Adapter 4.4.4.0" = Cakewalk VST Adapter 4.4.4.0
"dBpoweramp Musepack Codec" = dBpoweramp Musepack Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DreamStation DXi2" = DreamStation DXi2
"ESET Online Scanner" = ESET Online Scanner v3
"ExtractNow_is1" = ExtractNow
"Finale 2012" = Finale 2012
"GIMP-2_is1" = GIMP 2.8.6
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"Hugin" = Hugin 2010.4.0
"Inkscape" = Inkscape 0.48.0
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{18B2020D-3D3F-4508-81E7-ACD4CCD25C53}" = Yamaha USB-MIDI Driver
"IrfanView" = IrfanView (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"Mozilla Thunderbird (3.1.17)" = Mozilla Thunderbird (3.1.17)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Opera 15.0.1147.153" = Opera Stable 15.0.1147.153
"Orb" = Winamp Remote
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 2.0.0.0
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"SeaMonkey (2.0.13)" = SeaMonkey (2.0.13)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SONAR Home Studio 4" = SONAR Home Studio 4
"SONAR Plugin Manager" = SONAR Plugin Manager
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.20
"sp6" = Logitech SetPoint 6.22
"TEFView_is1" = TEFView 2.65
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6e
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"WinLiveSuite_Wave3" = Windows Live Essentials
"X-Edit" = X-Edit
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457
"pdfsam" = pdfsam
"Spotify" = Spotify
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/15/2014 4:15:47 AM | Computer Name = AC-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 5/15/2014 2:19:32 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/15/2014 2:19:32 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/16/2014 2:21:01 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/16/2014 2:21:01 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/17/2014 2:22:28 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/17/2014 2:22:28 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/18/2014 2:23:30 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/18/2014 2:23:30 PM | Computer Name = AC-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 5/20/2014 4:20:57 PM | Computer Name = AC-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
 0x49e01da5, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e,
 exception code 0xc0000005, fault offset 0x0012928e,  process id 0x670, application
 start time 0x01cf74066db6f094.
 
[ Media Center Events ]
Error - 5/23/2011 8:02:30 PM | Computer Name = AC-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
 try to ping www.msn.com prior to filing a bug.; Win32 GetLastError returned 10000109
  Process: DefaultDomain Object Name: Media Center Guide 
 
Error - 5/23/2011 8:03:11 PM | Computer Name = AC-PC | Source = Mcx2Dvcs | ID = 401
Description = 
 
Error - 5/23/2011 8:04:09 PM | Computer Name = AC-PC | Source = Mcx2Prov | ID = 508
Description = 
 
Error - 5/23/2011 8:05:10 PM | Computer Name = AC-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 5/23/2011 8:09:45 PM | Computer Name = AC-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 5/23/2011 9:46:20 PM | Computer Name = AC-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 5/23/2011 9:47:36 PM | Computer Name = AC-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 5/23/2011 9:59:37 PM | Computer Name = AC-PC | Source = McrMgr | ID = 107
Description = 
 
Error - 5/23/2011 10:01:22 PM | Computer Name = AC-PC | Source = McrMgr | ID = 109
Description = 
 
Error - 5/25/2011 4:02:16 PM | Computer Name = AC-PC | Source = McrMgr | ID = 107
Description = 
 
[ System Events ]
Error - 5/11/2014 10:01:37 AM | Computer Name = AC-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 5/13/2014 2:18:46 PM | Computer Name = AC-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 5/13/2014 2:18:46 PM | Computer Name = AC-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 5/13/2014 2:18:46 PM | Computer Name = AC-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 5/15/2014 4:24:23 AM | Computer Name = AC-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 5/16/2014 7:33:07 AM | Computer Name = AC-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:28:35 AM on 5/16/2014 was unexpected.
 
Error - 5/16/2014 7:33:36 AM | Computer Name = AC-PC | Source = Service Control Manager | ID = 7006
Description = 
 
Error - 5/17/2014 4:07:23 PM | Computer Name = AC-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:23:18 PM on 5/17/2014 was unexpected.
 
Error - 5/20/2014 4:35:01 AM | Computer Name = AC-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:32:19 AM on 5/20/2014 was unexpected.
 
Error - 5/20/2014 4:35:10 AM | Computer Name = AC-PC | Source = Print | ID = 19
Description = The print spooler failed to share printer HP Photosmart C4200 series
 with shared resource name HP Photosmart C4200 series. Error 2114. The printer cannot
 be used by others on the network.
 
 
< End of report >
 


#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:45 AM

Posted 22 May 2014 - 01:58 PM

Hello tsusm,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:45 AM

Posted 27 May 2014 - 02:55 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:45 AM

Posted 28 May 2014 - 05:10 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users