Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

0x80070643 Cannot Complete the Security Essentials Installation


  • This topic is locked This topic is locked
14 replies to this topic

#1 AndreasNHagen

AndreasNHagen

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 23 May 2014 - 08:15 AM

Hi,
 
I want to install Microsoft Security Essentials but keep on getting an error that states:
(X) Cannot Complete the Security Essentials Installation 0x80070643

My computer is running Windows 7 Ultimate 64 bit.
I have uninstalled or removed every reference to Antivirus from my computer.

Ran updates

Ran MSE installers from the update, CD and online and ensured there were no references on computer after installation failed yet again.

 

Checked and confirmed that my version was valid using the Microsoft online utility (http://www.microsoft.com/genuine/validate/)

Followed the instructions on the Microsoft forums that included checking the Windows Installer version is 3.1+ which it is according to Belarc advisor.

Enclosed is my DDS log, can someone please take a look and give advice?

I have not performed any registry changes as suggested on some forums because I am uncertain if they are correct ... but, wonder if there is malware preventing me from installing MSE?

Thanks in advance!

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.25.2
Run by Whanau at 0:44:17 on 2014-05-24
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.1033.18.3996.1752 [GMT 12:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\zpanel\bin\hmailserver\Bin\hMailServer.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader.exe
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
c:\Program Files (x86)\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\Program Files (x86)\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe
C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetynut.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Users\Whanau\Desktop\mseinstall.exe
c:\dc1c41bf0c64e422c7439ccd99\epplauncher.exe
c:\dc1c41bf0c64e422c7439ccd99\amd64\Setup.exe
C:\Windows\SysWOW64\vmnat.exe
c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdhost.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
C:\Program Files (x86)\Opera\21.0.1432.67\opera_crashreporter.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
C:\Program Files (x86)\Opera\21.0.1432.67\opera.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://prize.hutter1.net/hrules.htm
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.duba.com/?f=unchie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe
BHO: Speed Test 127: {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: 应用宝一键安装插件: {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Toolbar BHO: {d5a1d22b-9e17-454f-8ecd-83c578fb3983} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Whanau\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Browser Tab Search by Ask] "C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader.exe"
uRun: [Browser Tab Search by Askx64] "C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe"
uRun: [Free Download Manager] "C:\Program Files (x86)\Free Download Manager\fdm.exe" -autorun
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
mRun: [Registry Helper] "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [Spiceworks] C:\Saphire\www\bin\spicetray_silent.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Whanau\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEATHE~1.LNK - C:\Users\Whanau\AppData\Local\WeatherAlerts\WeatherAlerts.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoDriveAutoRun = dword:1073741823
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: trademe.co.nz
Trusted Zone: alipay.com
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: alisoft.com
Trusted Zone: taobao.com
Trusted Zone: taobao.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} - hxxps://download.alipay.com/aliedit/aliedit/2401/aliedit.cab
DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://ngatiwhatuaprod.crm5.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=ubpprv45rr5ker2viwpin455&Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=c87c64823aa34aa2a7ddb9dcefa2657d&OpType=PrintCab&Arch=X86
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6} : NameServer = 192.168.1.1,127.0.0.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\146523 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\34F666665656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\35562756E6964797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\44D2C496E6B602144435C40225F657475627 : DHCPNameServer = 192.168.26.11 192.168.26.10
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\4527573747023447 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}\47865602452757374702D416E6167656D656E647 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browsemngr.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browsemngr.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://msn.co.nz/?pc=UP97&ocid=UP97DHP|http://www.learnerstv.com/Free-Computer-Science-Video-lectures-ltv766-Page1.htm
FF - prefs.js: keyword.URL - hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=101&systemid=488&v=a12627-299&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=0837710009844045&o=APN11459&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll
FF - plugin: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.18\Bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Tencent\QZoneMusic\2014.3.5.14.54.21\npQzoneMusic.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Users\Whanau\AppData\Local\Citrix\Plugins\104\npappdetector.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2013-06-07 09:29; 1gffxtbr@InboxAce_1g.com; C:\Program Files (x86)\InboxAce_1g\bar\1.bin
.
---- FIREFOX POLICIES ----
.
.
.
.
.
.
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-3-22 56336]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-8-16 70296]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622;C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc1.cfg [2014-5-19 36224]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2013-6-21 46792]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 Znf;Znf;C:\Windows\System32\drivers\znf.sys [2013-5-24 55368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-11 144152]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-22 2211000]
R2 CrmSqlStartupSvc;SQL Server (CRM) On-Demand Shutdown;C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe [2014-3-18 24240]
R2 hMailServer;hMailServer;C:\zpanel\bin\hmailserver\Bin\hMailServer.exe RunAsService --> C:\zpanel\bin\hmailserver\Bin\hMailServer.exe RunAsService [?]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
R2 ReportServer$SQLEXPRESS;SQL Server Reporting Services (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSRS11.SQLEXPRESS\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-6-12 1610168]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);C:\Program Files (x86)\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2012-6-29 1192392]
R2 SafetyNutManager2;SafetyNut Manager2;C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe [2014-5-19 3544072]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-1-8 5341536]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2009-12-3 716872]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2011-9-21 227896]
R3 MSSQLFDLauncher$SQLEXPRESS;SQL Full-text Filter Daemon Launcher (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\fdlauncher.exe [2012-2-11 43096]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-4-5 7680512]
R3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-6-21 42184]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys [2010-9-1 75776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 CRON;Cron service;C:\zpanel\bin\crond\crons.exe --> C:\zpanel\bin\crond\crons.exe [?]
S2 named;named;C:\zpanel\bin\bind\bin\named.exe [2013-6-29 376832]
S2 PassShow;PassShow;C:\Program Files (x86)\PassShow\PassShow155.exe --> C:\Program Files (x86)\PassShow\PassShow155.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2012-6-12 445368]
S3 c2wts;Claims to Windows Token Service;C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [2011-11-28 15768]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2013-11-11 21712]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-27 111616]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-25 119512]
S3 MSSQL$CRM;SQL Server (CRM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-11 5434368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);C:\Windows\System32\drivers\vodafone_K3805-z_cdc_acm.sys [2010-9-1 78336]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;C:\Windows\System32\drivers\vodafone_K3805-z_cdc_ecm.sys [2010-9-1 88064]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;C:\Windows\System32\drivers\vodafone_K3805-z_cpo.sys [2010-9-1 13824]
S3 VsEtwService120;Visual Studio ETW Event Collection Service;C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [2013-10-4 87728]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-26 1255736]
S3 WiFiPasswordService;WiFiPasswordService;C:\Users\Whanau\AppData\Local\Temp\WiFiPasswordService.exe --> C:\Users\Whanau\AppData\Local\Temp\WiFiPasswordService.exe [?]
S3 zsc;zsc;C:\Windows\System32\drivers\zsc.sys [2013-5-24 94720]
S3 ZTEusbnet;ZTE USB-NDIS miniport;C:\Windows\System32\drivers\ZTEusbnet.sys [2012-1-19 167424]
S3 ZTEusbvoice;ZTE VoUSB Port;C:\Windows\System32\drivers\zteusbvoice.sys [2012-1-19 150656]
S4 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-3-4 2454816]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 47128]
S4 SQLAgent$CRM;SQL Server Agent (CRM);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.CRM\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .vbs: bfvbsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
FileExt: .js: bfjsfile="C:\Program Files (x86)\Bluefish\bluefish.exe" "%1"
ShellExec: Opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-05-23 12:32:28 -------- d-----w- C:\dc1c41bf0c64e422c7439ccd99
2014-05-23 12:11:16 -------- d-----w- C:\SymCache
2014-05-23 12:04:04 10594416 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-05-23 12:04:02 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-23 12:04:02 1266800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-05-23 11:30:56 -------- d-----w- C:\Program Files (x86)\Belarc
2014-05-22 09:52:40 -------- d-----w- C:\457965a8e3319e9598a7892db054
2014-05-22 09:46:53 -------- d-----w- C:\Users\Whanau\AppData\Roaming\SUPERAntiSpyware.com
2014-05-22 09:46:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-05-22 09:46:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-05-22 09:31:17 -------- d-----w- C:\MGADiagToolOutput
2014-05-21 09:42:07 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EF05452A-7464-43AC-84FB-0BC58D91289A}\mpengine.dll
2014-05-20 08:54:45 -------- d-----w- C:\enwik
2014-05-19 10:01:42 -------- d-----w- C:\ProgramData\SafetyNut
2014-05-18 01:28:04 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-18 01:28:04 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-08 08:29:40 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2014-05-07 08:47:15 95744 ----a-w- C:\Windows\SysWow64\msxml4r.dll
2014-05-07 08:47:15 51200 ----a-w- C:\Windows\SysWow64\temp.001
2014-05-07 08:47:15 1106944 ----a-w- C:\Windows\SysWow64\temp.000
2014-05-07 08:47:14 73728 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VFP\foxhhelp9.exe
2014-05-07 08:47:14 1748992 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VFP\gdiplus.dll
2014-05-07 08:47:14 16384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VFP\foxhhelpps9.dll
2014-05-07 08:47:14 1187840 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VFP\VFP9renu.dll
2014-05-07 08:47:13 4734976 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VFP\VFP9r.dll
2014-05-07 08:40:57 -------- d-----w- C:\Syndemo9
2014-05-07 08:09:18 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-04 00:13:13 -------- d-----w- C:\SUPERDelete
2014-05-03 10:00:38 -------- d-----w- C:\extensions
2014-05-01 08:37:57 -------- d-----w- C:\ProgramData\Free Download Manager
2014-04-29 08:37:37 -------- d-sh--w- C:\Users\Whanau\AppData\Local\EmieUserList
2014-04-29 08:37:37 -------- d-sh--w- C:\Users\Whanau\AppData\Local\EmieSiteList
2014-04-27 09:05:59 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-04-25 08:42:39 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-25 01:23:40 80806080 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSORES.DLL
2014-04-25 01:23:38 548024 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOSQM.EXE
2014-04-25 01:23:38 26134720 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
2014-04-24 08:49:14 -------- d--h--w- C:\Windows\$CrmUninstallKB2919956_Client_1033$
.
==================== Find3M  ====================
.
2014-05-16 10:02:28 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-16 10:02:28 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 10:46:48 130712 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-03-31 10:46:48 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-03-30 21:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-24 08:20:51 111000 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-03-17 13:31:08 72368 ----a-w- C:\Windows\SysWow64\CRMMS32.dll
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-05 02:00:48 86840 ----a-w- C:\Windows\System32\drivers\TFsFltX64.sys
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH:  0:46:24.41 ===============
 

Edited by hamluis, 23 May 2014 - 10:55 AM.
Moved from AV/AM Software to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 24 May 2014 - 07:11 AM

:welcome:

Hello AndreasNHagen,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Did you try to turn on Windows firewall and then install MSE?
enable-windows-firewall
 

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 24 May 2014 - 08:27 PM

Hi Jo*,

Downloaded SecurityCheck to desktop and ran as admin (log was not created)

Ran from other link still no log.

Any tips?

Regards,

Andreas



#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 25 May 2014 - 01:32 AM

OK skip SecurityCheck and go on with OTL.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 25 May 2014 - 01:33 AM

Sorry, double post.


Edited by Jo*, 25 May 2014 - 01:39 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 25 May 2014 - 01:34 AM

Sorry, double post.


Edited by Jo*, 25 May 2014 - 01:38 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 25 May 2014 - 01:35 AM

Sorry, double post.


Edited by Jo*, 25 May 2014 - 01:38 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 25 May 2014 - 03:20 AM

OTL logfile created on: 25/05/2014 7:55:22 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Whanau\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
 
3.90 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.51% Memory free
5.18 Gb Paging File | 3.44 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 59.82 Gb Free Space | 20.42% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 2.69 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 451.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: WAIPAREIRA-PC | User Name: Whanau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Whanau\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetynut.exe (SafetyNut Inc)
PRC - C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe (SafetyNut Inc)
PRC - C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader.exe (IAC Search and Media)
PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Offline Course Player\OlpSynch.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\zpanel\bin\hmailserver\Bin\hMailServer.exe (hMailServer)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe ( Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetycrt.dll ()
MOD - C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll ()
MOD - C:\Program Files (x86)\Offline Course Player\OlpSynch.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (ZuneWlanCfgSvc) -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV:64bit: - (WMZuneComm) -- C:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV:64bit: - (ZuneNetworkSvc) -- C:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SafetyNutManager2) -- C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe (SafetyNut Inc)
SRV - (c2cpnrsvc) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation)
SRV - (c2cautoupdatesvc) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation)
SRV - (CrmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (Conduit)
SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (VsEtwService120) -- C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (wampmysqld) -- c:\wamp\bin\mysql\mysql5.6.12\bin\mysqld.exe ()
SRV - (wampapache) -- c:\wamp\bin\apache\Apache2.4.4\bin\httpd.exe (Apache Software Foundation)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (named) -- C:\zpanel\bin\bind\bin\named.exe ()
SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.)
SRV - (Apache) -- C:\zpanel\bin\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Te.Service) -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe (Microsoft Corporation)
SRV - (fussvc) -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (hMailServer) -- C:\zpanel\bin\hmailserver\Bin\hMailServer.exe (hMailServer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV:64bit: - (taphss6) -- C:\Windows\SysNative\drivers\taphss6.sys (Anchorfree Inc.)
DRV:64bit: - (HssDRV6) -- C:\Windows\SysNative\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation)
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (VMparport) -- C:\Windows\SysNative\drivers\VMparport.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (vsock) -- C:\Windows\SysNative\drivers\vsock.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (vmm) -- C:\Windows\SysNative\drivers\VMM.sys (Microsoft Corporation)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vodafone_K3805-z_cdc_ecm) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_cdc_ecm.sys (Vodafone)
DRV:64bit: - (vodafone_K3805-z_cdc_acm) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_cdc_acm.sys (Vodafone)
DRV:64bit: - (vodafone_K3805-z_dc_enum) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV:64bit: - (vodafone_K3805-z_cpo) -- C:\Windows\SysNative\drivers\vodafone_K3805-z_cpo.sys (Vodafone)
DRV:64bit: - (Znf) -- C:\Windows\SysNative\drivers\znf.sys (NetFilterSDK.com)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (HBtnKey) -- C:\Windows\SysNative\drivers\CPQBttn64.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (zsc) -- C:\Windows\SysNative\drivers\zsc.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (ATSwpWDF) -- C:\Windows\SysNative\drivers\ATSwpWDF.sys (AuthenTec, Inc.)
DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\drivers\ctxusbm.sys (Citrix Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ZTEusbnet) -- C:\Windows\SysNative\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbvoice) -- C:\Windows\SysNative\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (F06DEFF2-5B9C-490D-910F-35D3A9119622) -- C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc1.cfg (SafetyNut Inc)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (VSPerfDrv110) -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12627-299&apn_uid=0837710009844045&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.duba.com/?f=unchie
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=215&systemid=448&v=n10781-218&apn_uid=7130430203754928&apn_dtid=TCH001&o=APN10648&apn_ptnrs=AGI&q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12627-299&apn_uid=0837710009844045&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://prize.hutter1.net/hrules.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://msn.co.nz/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-NZ
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 7F FD B1 1C 1B CF 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}: "URL" = http://dts.search.ask.com/sr?src=ieb&gct=ds&appid=101&systemid=488&v=a12627-299&apn_uid=0837710009844045&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://msn.co.nz/?pc=UP97&ocid=UP97DHP|http://www.learnerstv.com/Free-Computer-Science-Video-lectures-ltv766-Page1.htm"
FF - prefs.js..extensions.enabledAddons: %7Bbb65e674-b194-4b6e-8033-5fa0afe3a198%7D:1.1
FF - prefs.js..extensions.enabledAddons: fdm_ffext%40freedownloadmanager.org:1.6.0.6
FF - prefs.js..extensions.enabledAddons: %7B10AC039D-1073-3BCA-E76F-EB60607D86B8%7D:5.0.0.12627
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - prefs.js..keyword.URL: "http://dts.search.ask.com/sr?src=ffb&gct=ds&appid=101&systemid=488&v=a12627-299&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=0837710009844045&o=APN11459&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.0.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@InboxAce_1g.com/Plugin: C:\Program Files (x86)\InboxAce_1g\bar\1.bin\NP1gStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@kingsfot.com/npkws: C:\Program Files (x86)\Kingsoft\kingsoft antivirus\npkws.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@qq.com/npAndroidAssistant: C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll (腾讯公司)
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall: C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/npqscall,version=1.0.0: %commonprogramfiles%\tencent\NPQSCALL\npqscall.dll File not found
FF - HKLM\Software\MozillaPlugins\@qq.com/QzoneMusic: C:\Program Files (x86)\Tencent\QZoneMusic\2014.3.5.14.54.21\npQzoneMusic.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@qq.com/TXSSO: C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.18\Bin\npSSOAxCtrlForPTLogin.dll (Tencent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Whanau\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/05/24 00:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/05/24 00:03:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{07236a7a-ea6f-49fe-a3c5-8f3d188c0b4f}: C:\Program Files (x86)\PassShow\155.xpi
 
[2013/01/13 12:00:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Whanau\AppData\Roaming\Mozilla\Extensions
[2014/05/19 22:02:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\extensions
[2014/05/19 22:02:36 | 000,000,000 | ---D | M] (Ask New Tabs) -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\extensions\{10AC039D-1073-3BCA-E76F-EB60607D86B8}
[2013/05/03 12:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles2iem13dr.default\extensions
[2013/05/03 12:06:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles2iem13dr.default\extensions\staged
[2014/02/28 10:29:41 | 000,008,689 | ---- | M] () (No name found) -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\extensions\{bb65e674-b194-4b6e-8033-5fa0afe3a198}.xpi
[2014/05/19 22:02:48 | 000,002,664 | ---- | M] () -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\Ask.xml
[2014/02/26 08:35:26 | 000,002,273 | ---- | M] () -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\bingp.xml
[2014/02/02 17:39:27 | 000,000,861 | ---- | M] () -- C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\conduit-search.xml
[2014/05/24 00:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/24 00:04:05 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/12 18:20:38 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAMDATA\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSIONS\1.6.0.7
[2012/08/28 04:00:08 | 000,061,440 | ---- | M] (Element K Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOlp32.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://msn.co.nz/?pc=UP97&ocid=UP97DHP
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogjnnleghndloamdkljhnhdchpcijl\1.155.0.0_0\
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.2.15747.10003_0\
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/01/08 13:09:21 | 000,001,065 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Speed Test 127) - {11C8C9C0-D918-44C0-8B5E-D297DA42F2C7} - C:\Program Files (x86)\Speed Test 127\ScriptHost.dll File not found
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (应用宝一键安装插件) - {50F4150A-48B2-417A-BE4C-C83F580FB904} - C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll (腾讯公司)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Toolbar BHO) - {d5a1d22b-9e17-454f-8ecd-83c578fb3983} - C:\PROGRA~2\INBOXA~2\bar\1.bin\1gbar.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {5347542D-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [InboxAce Home Page Guard 64 bit] "C:\PROGRA~2\INBOXA~2\bar\1.bin\AppIntegrator64.exe" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe File not found
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe File not found
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found
O4 - HKLM..\Run: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [Registry Helper] "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot File not found
O4 - HKLM..\Run: [Spiceworks] C:\Saphire\www\bin\spicetray_silent.exe File not found
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe File not found
O4 - HKCU..\Run: [Browser Tab Search by Ask] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader.exe (IAC Search and Media)
O4 - HKCU..\Run: [Browser Tab Search by Askx64] C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe (IAC Search and Media)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Whanau\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4 - Startup: C:\Users\Whanau\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Weather Alerts.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 1073741823
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: alipay.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alipay.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: alisoft.com ([]https in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: taobao.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: asb.co.nz ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: asbbank.co.nz ([fnc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dynamics.com ([*.crm5] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dynamics.com ([wt874.crm5] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoftelearning.com ([dynamics] http in Trusted sites)
O15 - HKCU\..Trusted Domains: thewarehouse.co.nz ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: trademe.co.nz ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windows.net ([dynamicscrmapac.accesscontrol] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab (DLM Control)
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} https://download.alipay.com/aliedit/aliedit/2401/aliedit.cab (EditCtrl Class)
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://ngatiwhatuaprod.crm5.dynamics.com/Reserved.ReportViewerWebControl.axd?ReportSession=ubpprv45rr5ker2viwpin455&Culture=1033&CultureOverrides=True&UICulture=1033&UICultureOverrides=True&ReportStack=1&ControlID=c87c64823aa34aa2a7ddb9dcefa2657d&OpType=PrintCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A6D08D8-1090-4FBB-ADAB-919CDF43D3E6}: NameServer = 192.168.1.1,127.0.0.1
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (userinit.exe) -  File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\bitguard.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\bprotect.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\bpsvc.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\browsemngr.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\browserdefender.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\browsermngr.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\browserprotect.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\browsersafeguard.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\bundlesweetimsetup.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\cltmngsvc.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\delta babylon.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\delta tb.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\delta2.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\deltainstaller.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\deltasetup.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\deltatb.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\dprotectsvc.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\iminentsetup.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\jumpflip: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\protectedsearch.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\rjatydimofu.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\searchinstaller.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\searchprotection.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\searchprotector.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\searchsettings.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\searchsettings64.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\snapdo.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\stinst32.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\stinst64.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\sweetimsetup.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\umbrella.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\utiljumpflip.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\volaro: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\vonteera: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\websteroids.exe: Debugger - tasklist.exe File not found
O27:64bit: - HKLM IFEO\websteroidsservice.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\bitguard.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\bprotect.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\bpsvc.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\browsemngr.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\browserdefender.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\browsermngr.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\browserprotect.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\browsersafeguard.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\bundlesweetimsetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\cltmngsvc.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\delta babylon.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\delta tb.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\delta2.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltainstaller.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltasetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltatb.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\deltatb_2501-c733154b.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\dprotectsvc.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\iminentsetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\jumpflip: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\protectedsearch.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\rjatydimofu.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\searchinstaller.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\searchprotection.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\searchprotector.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\searchsettings.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\searchsettings64.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\snapdo.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\stinst32.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\stinst64.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\sweetimsetup.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\tbdelta.exetoolbar783881609.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\umbrella.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\utiljumpflip.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\volaro: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\vonteera: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\websteroids.exe: Debugger - tasklist.exe File not found
O27 - HKLM IFEO\websteroidsservice.exe: Debugger - tasklist.exe File not found
O29:64bit: - HKLM SecurityProviders - (credssp.dll) -  File not found
O29 - HKLM SecurityProviders - (credssp.dll) -  File not found
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/04 17:07:32 | 000,000,035 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: x64 - (C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll) - C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll ()
O36 - AppCertDlls: x86 - (C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetycrt.dll) - C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetycrt.dll ()
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/25 19:52:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Whanau\Desktop\OTL.exe
[2014/05/24 00:41:36 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Whanau\Desktop\dds.com
[2014/05/24 00:11:16 | 000,000,000 | ---D | C] -- C:\SymCache
[2014/05/24 00:11:05 | 000,000,000 | ---D | C] -- C:\Users\Whanau\Documents\WPA Files
[2014/05/24 00:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/23 23:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc
[2014/05/23 23:28:29 | 002,585,872 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\Desktop\WindowsInstaller-KB893803-v2-x86.exe
[2014/05/22 21:52:40 | 000,000,000 | ---D | C] -- C:\457965a8e3319e9598a7892db054
[2014/05/22 21:46:53 | 000,000,000 | ---D | C] -- C:\Users\Whanau\AppData\Roaming\SUPERAntiSpyware.com
[2014/05/22 21:46:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/05/22 21:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/05/22 21:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/05/22 21:31:17 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2014/05/22 21:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2014/05/22 20:52:22 | 013,829,304 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\Desktop\mseinstall.exe
[2014/05/21 21:12:18 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/05/20 20:54:45 | 000,000,000 | ---D | C] -- C:\enwik
[2014/05/19 22:01:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SafetyNut
[2014/05/18 13:28:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/18 13:28:05 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/16 21:47:50 | 000,477,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/16 21:47:48 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/16 21:47:14 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014/05/16 21:47:14 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/05/16 21:47:13 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014/05/16 21:47:12 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2014/05/16 21:47:11 | 005,550,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014/05/16 21:47:11 | 000,722,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\objsel.dll
[2014/05/16 21:47:09 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\objsel.dll
[2014/05/16 21:47:09 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2014/05/16 21:47:07 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cngprovider.dll
[2014/05/16 21:47:07 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adprovider.dll
[2014/05/16 21:47:07 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\capiprovider.dll
[2014/05/16 21:47:07 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpapiprovider.dll
[2014/05/16 21:47:07 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cngprovider.dll
[2014/05/16 21:47:07 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adprovider.dll
[2014/05/16 21:47:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capiprovider.dll
[2014/05/16 21:47:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dimsroam.dll
[2014/05/16 21:47:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dimsroam.dll
[2014/05/16 21:47:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2014/05/16 21:47:06 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpapiprovider.dll
[2014/05/16 21:47:06 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wincredprovider.dll
[2014/05/16 21:47:06 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wincredprovider.dll
[2014/05/16 21:47:06 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2014/05/16 21:47:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2014/05/08 20:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2014/05/07 21:00:58 | 000,000,000 | ---D | C] -- C:\Users\Whanau\Desktop\Synergy
[2014/05/07 20:47:15 | 001,106,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2014/05/07 20:47:15 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2014/05/07 20:47:15 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2014/05/07 20:40:57 | 000,000,000 | ---D | C] -- C:\Syndemo9
[2014/05/07 20:09:18 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/05 20:23:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/05/04 12:13:13 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/05/03 22:00:38 | 000,000,000 | ---D | C] -- C:\extensions
[2014/05/01 20:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Free Download Manager
[2014/04/29 20:37:37 | 000,000,000 | -HSD | C] -- C:\Users\Whanau\AppData\Local\EmieUserList
[2014/04/29 20:37:37 | 000,000,000 | -HSD | C] -- C:\Users\Whanau\AppData\Local\EmieSiteList
[2014/04/27 21:06:28 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/27 21:06:28 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/27 21:06:27 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/27 21:06:10 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/27 21:06:10 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/27 21:06:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/27 21:06:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/27 21:06:02 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/27 21:06:02 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/27 21:06:02 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/27 21:06:01 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/27 21:06:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/27 21:06:01 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/27 21:06:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/27 21:06:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/27 21:06:00 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/27 21:06:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/27 21:06:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/27 21:05:59 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/27 21:05:56 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/27 21:05:56 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/27 21:05:56 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/27 21:05:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/27 21:05:56 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/27 21:05:55 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/27 21:05:55 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/27 21:05:52 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/27 21:05:52 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/27 21:05:49 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/25 20:42:39 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2013/10/26 20:56:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Whanau\HijackThis.exe
[2013/09/24 21:37:37 | 003,244,288 | ---- | C] (TestKing) -- C:\Users\Whanau\TestKing-Testing-Engine.exe
[2013/03/23 04:28:48 | 001,129,048 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\ClientSetupResources.dll
[2013/03/23 04:28:48 | 000,395,352 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\SetupBIDSExtensions.exe
[2013/03/23 04:28:48 | 000,328,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\BIDSExtensionsSetup.dll
[2013/03/23 04:23:04 | 000,774,816 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\msvcr100.dll
[2013/03/23 04:23:04 | 000,422,048 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\msvcp100.dll
[2013/03/23 04:22:58 | 000,077,472 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\Microsoft.Crm.Setup.BIDSExtensions.exe
[2012/01/16 20:30:06 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\SetupClient.exe
[2012/01/16 20:30:06 | 000,354,664 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\ClientSetup.dll
[2010/10/28 15:34:50 | 004,368,744 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\mfc100u.dll
[2010/10/27 06:08:50 | 000,080,720 | ---- | C] (Microsoft Corporation) -- C:\Users\Whanau\mfcm100u.dll
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Whanau\Desktop\*.tmp files -> C:\Users\Whanau\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/25 19:58:20 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/25 19:58:20 | 000,026,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/25 19:52:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Whanau\Desktop\OTL.exe
[2014/05/25 19:49:31 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/25 19:49:26 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\PassShow Update.job
[2014/05/25 19:49:26 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\PassShow_wd.job
[2014/05/25 19:49:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/25 19:48:58 | 3142,791,168 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/25 16:07:00 | 000,000,540 | ---- | M] () -- C:\Windows\tasks\G2MUpdateTask-S-1-5-21-448382057-4245689632-2705131830-1028.job
[2014/05/25 16:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/25 15:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/25 13:47:00 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task da0ced23-f6c0-4241-8ef6-00f6a64ba0ec.job
[2014/05/25 13:24:12 | 000,854,367 | ---- | M] () -- C:\Users\Whanau\Desktop\SecurityCheck.exe
[2014/05/24 00:41:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Whanau\Desktop\dds.com
[2014/05/24 00:15:16 | 000,002,150 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/05/23 23:39:41 | 001,739,529 | ---- | M] () -- C:\Program Files\Windows Defender.zip
[2014/05/23 23:30:57 | 000,002,144 | ---- | M] () -- C:\Users\Whanau\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/05/23 23:30:57 | 000,002,120 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/05/23 23:28:29 | 002,585,872 | ---- | M] (Microsoft Corporation) -- C:\Users\Whanau\Desktop\WindowsInstaller-KB893803-v2-x86.exe
[2014/05/23 23:00:28 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9498156-9adb-4e35-8362-dcbee6922af1.job
[2014/05/22 21:46:44 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/05/22 20:52:27 | 013,829,304 | ---- | M] (Microsoft Corporation) -- C:\Users\Whanau\Desktop\mseinstall.exe
[2014/05/21 22:20:24 | 001,160,490 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/05/21 22:20:24 | 000,923,180 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/21 22:20:24 | 000,236,860 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/21 22:20:16 | 001,160,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/21 20:35:43 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/21 20:24:24 | 000,512,400 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/18 15:53:19 | 000,000,884 | RHS- | M] () -- C:\Users\Whanau\ntuser.pol
[2014/05/16 22:02:28 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/05/16 22:02:28 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/05/09 18:14:03 | 000,477,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/05/09 18:11:23 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/05/07 20:51:40 | 005,410,297 | ---- | M] () -- C:\Users\Whanau\Desktop\10. TimeClocking Guide.pdf
[2014/05/07 20:47:54 | 000,000,559 | ---- | M] () -- C:\Users\Whanau\Desktop\synergy - Shortcut.lnk
[2014/05/06 21:35:53 | 000,898,838 | ---- | M] () -- C:\Users\Whanau\Desktop\mcsa-windows-client-8-1.pdf
[2014/05/06 20:40:28 | 000,002,110 | ---- | M] () -- C:\Users\Whanau\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/05/06 15:00:47 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/05/06 14:10:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/05/05 21:15:48 | 000,000,095 | ---- | M] () -- C:\Windows\OrionPrt.ini
[2014/05/05 20:35:50 | 000,001,203 | ---- | M] () -- C:\Users\Whanau\Desktop\Orion.lnk
[2014/05/04 21:31:25 | 284,853,054 | ---- | M] () -- C:\Users\Whanau\Desktop\%E7%92%A7%E9%9D%9B%EE%98%A9%E9%8D%9A%E5%B1%BD%EE%84%9F%E6%B5%BC%E6%B0%AC%E6%B4%96%E6%A4%A4%E6%8D%90%EE%9D%8B%E6%A3%B0%EF%BF%BD3.mp4
[2014/05/04 20:51:24 | 004,196,296 | ---- | M] () -- C:\Users\Whanau\Desktop\basics-of-accounting-information-processing.pdf
[2014/05/04 12:35:53 | 000,226,905 | ---- | M] () -- C:\Users\Whanau\Desktop\accountingconcepts.pdf
[2014/05/04 12:19:49 | 003,021,609 | ---- | M] () -- C:\Users\Whanau\Desktop\accounting_finance_08.pdf
[2014/05/04 12:11:03 | 000,135,020 | ---- | M] () -- C:\Users\Whanau\Desktop\BFA507-UO-S2-2013.pdf
[2014/05/04 12:07:54 | 001,153,988 | ---- | M] () -- C:\Users\Whanau\Desktop\1572_introaccconcepts_211010.pdf
[2014/05/03 23:17:42 | 000,569,007 | ---- | M] () -- C:\Users\Whanau\Desktop\Accounting_Policies_Procedures.pdf
[2014/05/03 23:04:32 | 001,663,130 | ---- | M] () -- C:\Users\Whanau\Desktop\AAT_Willis_Sample_chapter.pdf
[2014/05/03 22:22:19 | 003,407,692 | ---- | M] () -- C:\Users\Whanau\Desktop\bazley81588_0170181588_02.01_chapter01.pdf
[2014/05/03 22:21:28 | 000,000,449 | ---- | M] () -- C:\Users\Whanau\Desktop\url
[2014/04/26 15:37:54 | 000,011,302 | ---- | M] () -- C:\Users\Whanau\Desktop\receipt.pdf;jsessionid=66EFA5E8210A9E6421ACF2FCDDBA2E68.pdf
[2014/04/25 21:15:24 | 000,000,158 | ---- | M] () -- C:\Users\Whanau\Desktop\Fitness.url
[6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Users\Whanau\Desktop\*.tmp files -> C:\Users\Whanau\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/25 13:24:12 | 000,854,367 | ---- | C] () -- C:\Users\Whanau\Desktop\SecurityCheck.exe
[2014/05/23 23:39:39 | 001,739,529 | ---- | C] () -- C:\Program Files\Windows Defender.zip
[2014/05/23 23:30:57 | 000,002,144 | ---- | C] () -- C:\Users\Whanau\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2014/05/23 23:30:57 | 000,002,132 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
[2014/05/23 23:30:57 | 000,002,120 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk
[2014/05/22 21:47:01 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task da0ced23-f6c0-4241-8ef6-00f6a64ba0ec.job
[2014/05/22 21:46:59 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c9498156-9adb-4e35-8362-dcbee6922af1.job
[2014/05/22 21:46:44 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2014/05/18 13:11:56 | 005,410,297 | ---- | C] () -- C:\Users\Whanau\Desktop\10. TimeClocking Guide.pdf
[2014/05/07 20:47:54 | 000,000,559 | ---- | C] () -- C:\Users\Whanau\Desktop\synergy - Shortcut.lnk
[2014/05/06 21:35:53 | 000,898,838 | ---- | C] () -- C:\Users\Whanau\Desktop\mcsa-windows-client-8-1.pdf
[2014/05/05 20:41:41 | 000,000,095 | ---- | C] () -- C:\Windows\OrionPrt.ini
[2014/05/05 20:34:54 | 000,001,203 | ---- | C] () -- C:\Users\Whanau\Desktop\Orion.lnk
[2014/05/04 21:14:33 | 284,853,054 | ---- | C] () -- C:\Users\Whanau\Desktop\%E7%92%A7%E9%9D%9B%EE%98%A9%E9%8D%9A%E5%B1%BD%EE%84%9F%E6%B5%BC%E6%B0%AC%E6%B4%96%E6%A4%A4%E6%8D%90%EE%9D%8B%E6%A3%B0%EF%BF%BD3.mp4
[2014/05/04 20:51:24 | 004,196,296 | ---- | C] () -- C:\Users\Whanau\Desktop\basics-of-accounting-information-processing.pdf
[2014/05/04 12:35:53 | 000,226,905 | ---- | C] () -- C:\Users\Whanau\Desktop\accountingconcepts.pdf
[2014/05/04 12:19:33 | 003,021,609 | ---- | C] () -- C:\Users\Whanau\Desktop\accounting_finance_08.pdf
[2014/05/04 12:10:52 | 000,135,020 | ---- | C] () -- C:\Users\Whanau\Desktop\BFA507-UO-S2-2013.pdf
[2014/05/04 12:07:52 | 001,153,988 | ---- | C] () -- C:\Users\Whanau\Desktop\1572_introaccconcepts_211010.pdf
[2014/05/03 23:17:42 | 000,569,007 | ---- | C] () -- C:\Users\Whanau\Desktop\Accounting_Policies_Procedures.pdf
[2014/05/03 23:04:28 | 001,663,130 | ---- | C] () -- C:\Users\Whanau\Desktop\AAT_Willis_Sample_chapter.pdf
[2014/05/03 22:22:03 | 003,407,692 | ---- | C] () -- C:\Users\Whanau\Desktop\bazley81588_0170181588_02.01_chapter01.pdf
[2014/05/03 22:21:27 | 000,000,449 | ---- | C] () -- C:\Users\Whanau\Desktop\url
[2014/04/26 15:37:36 | 000,011,302 | ---- | C] () -- C:\Users\Whanau\Desktop\receipt.pdf;jsessionid=66EFA5E8210A9E6421ACF2FCDDBA2E68.pdf
[2014/04/25 21:15:16 | 000,000,158 | ---- | C] () -- C:\Users\Whanau\Desktop\Fitness.url
[2014/04/25 20:10:08 | 000,002,150 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/04/23 20:46:29 | 000,000,531 | ---- | C] () -- C:\Windows\Topscan.INI
[2014/04/22 21:30:30 | 000,000,049 | ---- | C] () -- C:\Windows\Orion_EftPos.ini
[2014/04/22 21:30:30 | 000,000,029 | ---- | C] () -- C:\Windows\OrionPb.Ini
[2014/04/20 21:14:52 | 000,000,218 | ---- | C] () -- C:\Users\Whanau\AppData\Local\recently-used.xbel
[2014/03/20 21:23:14 | 000,000,088 | ---- | C] () -- C:\Windows\BACKUP.INI
[2014/03/19 20:11:31 | 000,000,372 | ---- | C] () -- C:\Windows\SAMFORMS.INI
[2014/03/19 20:11:31 | 000,000,022 | ---- | C] () -- C:\Windows\SamFonts.ini
[2014/03/19 20:10:24 | 000,010,083 | ---- | C] () -- C:\Windows\SAMINI.ini
[2014/03/19 20:10:24 | 000,000,037 | ---- | C] () -- C:\Windows\cashcam.Ini
[2014/03/07 20:23:02 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2014/02/18 19:28:37 | 000,000,464 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/02/12 09:50:29 | 000,000,000 | ---- | C] () -- C:\Users\Whanau\index.html
[2014/01/04 20:00:31 | 000,236,216 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/12/11 11:28:53 | 000,000,059 | ---- | C] () -- C:\Users\Whanau\.gitconfig
[2013/11/13 11:27:34 | 000,001,067 | ---- | C] () -- C:\Windows\Hew2Inst.ini
[2013/11/13 11:24:49 | 000,000,055 | ---- | C] () -- C:\Windows\HewInstMan.ini
[2013/10/31 19:33:35 | 000,001,181 | ---- | C] () -- C:\Users\Whanau\RogueKiller - Shortcut.lnk
[2013/10/22 13:29:05 | 000,917,336 | ---- | C] () -- C:\Users\Whanau\T104 - Whanau Overview Dashboard Report.rdl
[2013/10/20 21:35:34 | 001,194,892 | ---- | C] () -- C:\Users\Whanau\Report Project11.zip
[2013/10/20 21:31:38 | 000,001,076 | ---- | C] () -- C:\Users\Whanau\wip.rptproj.user
[2013/10/20 21:30:46 | 000,001,308 | ---- | C] () -- C:\Users\Whanau\wip.sln
[2013/10/20 21:29:55 | 000,003,071 | ---- | C] () -- C:\Users\Whanau\wip.rptproj
[2013/10/20 21:25:32 | 000,007,680 | ---- | C] () -- C:\Users\Whanau\wip.suo
[2013/10/17 20:52:11 | 000,056,730 | ---- | C] () -- C:\Users\Whanau\Account Distribution - Backup.rdl
[2013/10/15 19:32:40 | 000,056,730 | ---- | C] () -- C:\Users\Whanau\Account Distribution.rdl
[2013/10/15 19:18:24 | 001,565,859 | ---- | C] () -- C:\Users\Whanau\AllCRMResources_sourcecode_v1_0_0_0.zip
[2013/10/12 21:03:38 | 000,020,725 | ---- | C] () -- C:\Users\Whanau\Readme.png
[2013/10/09 20:02:10 | 010,483,042 | ---- | C] () -- C:\Users\Whanau\Microsoft Dynamics Sure Step Methodology.mp3
[2013/09/29 20:50:01 | 002,409,397 | ---- | C] () -- C:\Users\Whanau\Pricing_Licensing_Guide.pdf
[2013/09/24 20:55:20 | 000,001,793 | ---- | C] () -- C:\Users\Whanau\MB2-868.lnk
[2013/09/24 06:45:41 | 000,025,226 | ---- | C] () -- C:\Users\Whanau\Diagram1.png
[2013/09/24 06:44:39 | 000,018,154 | ---- | C] () -- C:\Users\Whanau\Diagram1.dia
[2013/09/24 06:44:39 | 000,001,692 | ---- | C] () -- C:\Users\Whanau\Diagram1.dia~
[2013/09/24 06:19:05 | 000,003,313 | ---- | C] () -- C:\Users\Whanau\.ganttproject
[2013/09/21 14:05:18 | 000,096,074 | ---- | C] () -- C:\Users\Whanau\desk_1.jpg
[2013/09/21 14:00:48 | 000,088,074 | ---- | C] () -- C:\Users\Whanau\Overload.png
[2013/09/20 21:12:34 | 000,029,190 | ---- | C] () -- C:\Users\Whanau\360_Feedback_Logo.jpg
[2013/09/20 08:22:14 | 002,160,635 | ---- | C] () -- C:\Users\Whanau\ANKI Cards.zip
[2013/08/16 21:24:57 | 000,000,036 | ---- | C] () -- C:\Users\Whanau\AppData\Roaming\mbam.context.scan
[2013/07/27 15:27:53 | 000,000,000 | ---- | C] () -- C:\Users\Whanau\index.php
[2013/07/27 12:55:51 | 000,000,000 | ---- | C] () -- C:\Users\Whanau\upload_file.php
[2013/07/27 12:55:15 | 000,000,000 | ---- | C] () -- C:\Users\Whanau\index.htm
[2013/06/27 13:38:55 | 000,558,080 | ---- | C] () -- C:\Users\Whanau\AppData\Roaming\SharedSettings.ccs
[2013/04/26 13:51:15 | 000,000,884 | RHS- | C] () -- C:\Users\Whanau\ntuser.pol
[2013/04/18 19:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/04/18 19:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/04/18 19:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/04/18 19:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/03/23 04:43:14 | 001,122,304 | ---- | C] () -- C:\Users\Whanau\BIDSExtensions.msi
[2013/02/28 00:48:34 | 000,000,412 | ---- | C] () -- C:\Users\Whanau\Microsoft.Crm.Setup.BIDSExtensions.exe.config
[2013/02/28 00:23:18 | 000,037,283 | ---- | C] () -- C:\Users\Whanau\MSCRMBidsExtensionsEULA.rtf
[2013/02/28 00:23:16 | 000,135,209 | ---- | C] () -- C:\Users\Whanau\EnvironmentDiagnostics.chm
[2013/02/05 20:50:11 | 000,000,146 | ---- | C] () -- C:\Users\Whanau\.appletviewer
[2012/12/03 14:22:00 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\MPMapTrace.dll
[2012/12/03 13:31:24 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\mpPathan.dll
[2012/01/16 21:56:40 | 009,228,288 | ---- | C] () -- C:\Users\Whanau\Client.msi
[2012/01/16 21:56:38 | 004,939,776 | ---- | C] () -- C:\Users\Whanau\MUISetup_1033_i386.msi
[2012/01/10 00:49:08 | 000,000,343 | ---- | C] () -- C:\Users\Whanau\SpawnCmd.js
[2010/10/27 06:16:28 | 000,037,283 | ---- | C] () -- C:\Users\Whanau\MSCRMClientEULA.rtf
[2010/10/27 06:16:28 | 000,006,880 | ---- | C] () -- C:\Users\Whanau\Readme.htm
[2010/10/27 06:06:24 | 000,000,530 | ---- | C] () -- C:\Users\Whanau\Default_Client_Config.xml
 
========== ZeroAccess Check ==========
 
[2009/07/14 16:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 14:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 14:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 13:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 15:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 13:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/06/25 11:35:38 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\2XClient
[2014/03/27 22:50:53 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\BitTorrent
[2013/06/27 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\CoffeeCup Software
[2014/02/04 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\com.zoodles
[2014/02/04 16:02:25 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\com.zoodles.3B7D4B2F97D0C2BDB13554D0687ECC70A3734EDD.1
[2014/02/02 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\DriverCure
[2013/10/22 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Dropbox
[2013/06/17 13:19:28 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Foxit Software
[2014/05/22 21:39:08 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Free Download Manager
[2013/05/03 12:16:33 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Full
[2013/12/11 11:30:48 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\GitHub
[2013/01/13 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\gtk-2.0
[2013/01/30 09:56:28 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\ICAClient
[2014/03/21 19:34:48 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Kingsoft
[2014/01/31 09:47:48 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\LibreOffice
[2014/01/12 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Megacoin
[2014/04/06 20:46:17 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Microchip
[2014/03/29 20:09:15 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\NetBeans
[2014/04/29 18:56:02 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\newnext.me
[2014/04/20 21:23:51 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Notepad++
[2013/08/17 21:38:49 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\NuGet
[2014/04/18 16:49:50 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\OpenOffice
[2013/09/02 21:37:04 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Opera Software
[2014/04/22 21:30:38 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Orion
[2014/03/26 18:30:06 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\PerformerSoft
[2014/04/27 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\RUYIJHBIVDN
[2013/05/01 20:18:13 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Samsung
[2014/03/05 14:04:12 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\shoujizhushou
[2013/03/29 20:27:18 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\SogouInput
[2014/02/02 17:39:44 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\SpeedyPC Software
[2013/07/10 10:13:35 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\TeamViewer
[2014/03/06 10:07:28 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Tencent
[2013/09/14 19:21:42 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\TestKing
[2014/01/05 22:47:22 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\TFP
[2013/12/05 21:39:34 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Thunderbird
[2014/01/09 12:44:47 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Unified Remote
[2013/01/09 09:59:30 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Vodafone
[2014/01/08 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\Wondershare
[2014/04/27 14:48:36 | 000,000,000 | ---D | M] -- C:\Users\Whanau\AppData\Roaming\XWYESKOREYL
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/11/01 01:31:20 | 104,348,737 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\㍥ᡄ
[2013/10/31 11:54:27 | 104,348,737 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\㍥ᡄ
[2013/10/12 20:31:38 | 100,595,853 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ỗᡄ¬
[2013/10/12 20:31:38 | 100,595,853 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ỗᡄ¬
[2013/10/10 19:02:50 | 100,221,909 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\삢ᡄ
[2013/10/09 19:20:21 | 100,221,909 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\삢ᡄ
[2013/09/20 20:46:00 | 098,459,047 | ---- | M] ()(C:\Windows\SysWow64\偧???) -- C:\Windows\SysWow64\偧ꆶᕌ
[2013/09/19 12:49:16 | 098,459,047 | ---- | C] ()(C:\Windows\SysWow64\偧???) -- C:\Windows\SysWow64\偧ꆶᕌ
[2013/09/17 18:12:06 | 097,922,994 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꢶ렙ᕌ
[2013/09/17 18:12:06 | 097,922,994 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꢶ렙ᕌ
[2013/09/12 14:17:01 | 097,226,733 | ---- | M] ()(C:\Windows\SysWow64\???F) -- C:\Windows\SysWow64\ế㸸ᕌF
[2013/09/12 14:17:01 | 097,226,733 | ---- | C] ()(C:\Windows\SysWow64\???F) -- C:\Windows\SysWow64\ế㸸ᕌF
[2013/08/30 13:45:48 | 094,663,095 | ---- | M] ()(C:\Windows\SysWow64\???2) -- C:\Windows\SysWow64\䮘ᕌ2
[2013/08/26 20:14:22 | 094,663,095 | ---- | C] ()(C:\Windows\SysWow64\???2) -- C:\Windows\SysWow64\䮘ᕌ2
[2013/08/22 20:19:20 | 099,751,737 | ---- | M] ()(C:\Windows\SysWow64\蒵??F) -- C:\Windows\SysWow64\蒵↔ᕌF
[2013/08/22 20:19:20 | 099,751,737 | ---- | C] ()(C:\Windows\SysWow64\蒵??F) -- C:\Windows\SysWow64\蒵↔ᕌF
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:AD022376

< End of report >

OTL Extras logfile created on: 25/05/2014 7:55:22 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Whanau\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00001409 | Country: New Zealand | Language: ENZ | Date Format: d/MM/yyyy
 
3.90 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 59.51% Memory free
5.18 Gb Paging File | 3.44 Gb Available in Paging File | 66.42% Paging File free
Paging file location(s): d:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 292.87 Gb Total Space | 59.82 Gb Free Space | 20.42% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 2.69 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Drive E: | 451.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: WAIPAREIRA-PC | User Name: Whanau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = bfjsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
.reg [@ = regfile] -- regedit.exe "%1"
.txt[@ = bftxtfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
.vbs[@ = bfvbsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = bfjsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
.reg [@ = regfile] -- regedit.exe "%1"
.txt [@ = bftxtfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
.vbs [@ = bfvbsfile] -- C:\Program Files (x86)\Bluefish\bluefish.exe (The Bluefish Developers)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files (x86)\Opera\Launcher.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\WT\Desktop\ANH\AptanaStudio3.exe" "%1"
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- "C:\Users\WT\Desktop\ANH\AptanaStudio3.exe" "%1"
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BA3ED1-CEDA-4AC6-9A6C-2DEA6F56B54F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{07CD25A2-C919-4FBC-87DD-71F94CFA2E57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{092B5C79-84F3-43C8-8F44-1AF6A563BBE8}" = rport=138 | protocol=17 | dir=out | app=system |
"{0A8B37EA-8883-49CD-A5B9-871702F5B735}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{0DA32EC1-2F46-4E99-8868-B05991A90901}" = lport=137 | protocol=17 | dir=in | app=system |
"{139E4897-5430-4C34-97BF-B3B2D08F11C8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1AB50E14-8C49-4803-AC9F-A6FA32253D3B}" = lport=139 | protocol=6 | dir=in | app=system |
"{1B436A82-9C08-426B-A5E2-F3DFEEF2CFD3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{1BBBF140-6173-4146-801C-268A82187932}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1FA317DD-997F-49D5-97E7-E8F825B8C5AA}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{21F407FE-E94E-461C-A969-3E739B39F6AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23514CC6-1391-408F-A2E8-8F7B20315287}" = lport=21 | protocol=6 | dir=in | name=ftp (no ssl) |
"{302D04C6-EAE0-4735-8BD0-C0F083D6EE5F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{32257AFA-DDDA-44BE-ABC7-EC5BDDBA6A1A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{34791D8E-85DB-4201-96C5-677E78A7B0E7}" = lport=138 | protocol=17 | dir=in | app=system |
"{3660207F-3113-47B1-87B3-278C4CCD0037}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3D0E4C94-4FF1-4B32-81C2-E1EF6E3D5EAB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{40352353-E322-477B-BD29-D188DA2C1A1C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{463EF69D-7509-47DC-82FA-8E53241CD172}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{472E031D-08CB-462B-A73C-C903564B63D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4B567DE9-9715-4CCE-9BB8-7D61C3E8EA43}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4BBE037B-62F9-4C43-A119-E4D700B252AB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{4D7FAA92-FA0E-40C8-99ED-DCC6ACFA9F36}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DA22830-AC87-4267-87DD-7F915F2146FD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{50A3C6F7-0A73-4216-8901-D3B46D79D385}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 12.0\common7\ide\wdexpress.exe |
"{593B6208-5107-4F24-813A-3ACA8F6760D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6E9AB452-629F-46F3-87E7-D7770152767B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7A91DBC9-55C7-49A0-B324-7DCC982BB5D5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7EAAF849-0452-44D9-95D0-3A9C5CBB0FBE}" = rport=2869 | protocol=6 | dir=out | app=system |
"{847017F7-BE53-4F8D-9CFE-B33FF1D5A263}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8741065D-13F4-448E-A474-B65EBE902EFE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{933D4ED8-70C1-4D94-BA27-62E91DF8AA59}" = lport=445 | protocol=6 | dir=in | app=system |
"{9D285D38-D8E9-42FA-B150-DEB19F94932B}" = rport=137 | protocol=17 | dir=out | app=system |
"{9F326DF5-3D15-411E-B912-5E1462C9D6AC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B506C02D-E96B-4338-AAA7-D10048909221}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C33400B2-5F8B-4E93-A63D-15A2C7C96AA9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CE974B78-7845-436D-BCF5-C3FE6B866A43}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CEC6A9CA-F2E8-40CD-8A26-257EDF87A28A}" = rport=445 | protocol=6 | dir=out | app=system |
"{D466EE6D-3B61-4380-B185-CA9FBDF42B28}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{D7870478-799C-4439-8BC4-64EBEB98516D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD4760DC-EE1A-4350-B255-035973C50249}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E561554A-E0AB-4F33-B0BB-6E885E585F9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EADB1665-54A8-4755-83D1-3E87889A6B1D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EAF9ABA2-2026-4DCC-A545-C1E602A45C4B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{ECE8D445-DCA9-4B24-B0C7-1D9C0E5DA9C2}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{F0972E7F-2A93-4ACB-A352-AE4ECCC0A8BF}" = rport=139 | protocol=6 | dir=out | app=system |
"{F17BBA63-0C94-41CA-B681-F82E8E5CC8C2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F6AEADD6-316E-4F36-B6DA-89A1D4A8AEBE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFBDADC9-DCDD-4E5E-B6CE-C455F5541222}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014F4151-0468-42E6-9590-949E30B734B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0167F5FE-C933-4B66-92DB-9643E82DE229}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{0CFF32B3-60C1-4256-9B51-32EE6E3F5A9B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{10739E31-AE38-4F22-AF09-15EE25A2E887}" = protocol=17 | dir=in | app=c:\users\whanau\appdata\roaming\bittorrent\bittorrent.exe |
"{15ACF10D-07C0-4D17-85F4-12BAD6B2E4AD}" = protocol=17 | dir=in | app=c:\users\whanau\appdata\roaming\tencent\qqpcmgr\download\qqpcdownload.exe |
"{18D159D8-2E29-44DA-9586-5351C065318D}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1AAE335E-7615-4D37-8C42-C54953ECB868}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{1CCE37D6-4191-4452-BCF3-ADC96A04FEA0}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{1E8C3B6D-97F8-4C7E-A70F-79C0C868B26C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{213540E7-322C-4E23-B2A0-D6626690085A}" = protocol=6 | dir=in | app=c:\users\whanau\appdata\local\microsoft\windows\temporary internet files\content.ie5\jbq28im3\bittorrent.exe |
"{239D6AC3-1F73-4DF0-9C64-2171C91F2938}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{2470827D-D383-46F9-81D0-DE096E128893}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqplayer\qqdeskupdate.exe |
"{28124820-B7E4-42E3-BEB5-A1B4B9D26C0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{28223189-DA4D-4D56-A944-C6601F1ABF39}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{285A23F9-A112-471F-9C76-FA8E32801F38}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{293B1C1E-48DE-4169-889B-702A2779F719}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{2AE943F4-139B-4848-A120-8FEAF9B203BB}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2AF81F5C-BDA3-4EB2-9C07-8CF237F038A2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2F190126-AEE2-45D4-878A-6534A96AD91A}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqplayer\qqdeskupdate.exe |
"{30EFC193-AA30-43BE-B963-BA8A5ABB0E6E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{326FA29C-72D0-4750-8D9D-353BE2E37DCD}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{345A559A-190B-411F-8E98-3C1DC5485876}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{347FB165-E121-47B2-B0F9-75ECDCBEE9CF}" = protocol=6 | dir=in | app=c:\users\whanau\appdata\roaming\bittorrent\bittorrent.exe |
"{358C994A-86B7-4063-9C61-F98E3453F158}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqplayer\qpup.exe |
"{362705FD-135C-47CB-B978-90D9F97E32EA}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7817\pinyinup.exe |
"{36850096-4DBF-4E31-BD9A-C530E9EE1106}" = protocol=6 | dir=in | app=c:\users\wt\desktop\anh\titanium\titaniumstudio.exe |
"{37312D9E-24B9-4E8A-8268-6465C2CBE072}" = protocol=6 | dir=out | app=system |
"{39C3C06A-0AC4-4B0B-A190-1E1EE84EC92A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{3C68D692-F7F1-4C94-BFB1-0CA3076E0A74}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{3D5A9C8C-6F6B-440E-ABF8-31007AF4A542}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{41C41C85-CAA7-42A6-8764-965EC20C6CBA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{463C2E96-0651-457F-8690-1FA2EC7DE33D}" = protocol=17 | dir=in | app=c:\program files (x86)\ipfx\softphone\softphone.exe |
"{474D46A0-6DB3-4755-9BD3-E69450511E9C}" = protocol=17 | dir=in | app=c:\program files (x86)\wandoujia\wandoujia.exe |
"{4B2C965F-8580-44C4-B2C6-466A9E43B1F6}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{4D63B039-249C-428B-979F-89D708540C51}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{4E51AC4A-9FA5-4004-960F-31777A3B0FF7}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{4FCA2ED9-679C-49B5-84DF-EDBD933B92DE}" = protocol=17 | dir=in | app=c:\users\whanau\appdata\local\temp\qqpcdetector.exe |
"{51C91397-49D3-4B59-A1F6-D31D56C9B84E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{55EB8F37-F48F-4CCE-9ECE-01DD66CB2630}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{5B2AB11C-7A91-414B-A2E2-788E30130E54}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqpcmgr\8.8.10772.235\plugins\qqpcb1androidjmp\qqphonemanager.exe |
"{5C6A9739-D707-4F39-9739-3595632A65A1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6435EEC3-627A-49E9-88C3-55D9FAEB7C67}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqplayer\qpup.exe |
"{6B7A6F19-91DA-49CF-8249-C33737A9A6D2}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6E266E5B-70E6-42B6-B29B-6713AA036EAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6ECD0935-BC0A-4A11-8583-7A99F0EACF17}" = protocol=6 | dir=in | app=c:\users\whanau\appdata\local\temp\qqpcdetector.exe |
"{71BAE33B-4850-4515-BB90-E33D71344D58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{722C0CDF-98E1-4861-930F-82184A344D23}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{7259C4D9-6A6F-4DBE-905D-6F290F9DB942}" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7817\sefastinstall.exe |
"{741B8E82-1423-4B1A-B818-D8DD0CC60862}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{752E54A4-6A8D-4B5E-B643-1CC22A0FC311}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{80A0B52A-C3B0-4A41-9361-6F2EBA1F8F8F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{830A1B15-9D11-49F9-BA89-89085A91D951}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqplayer\qqplayer.exe |
"{840F0F45-BB08-4E02-85F2-A2C2F9E97C02}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7817\sefastinstall.exe |
"{8623E578-F316-4E18-9D76-DC04FDC23445}" = dir=in | app=c:\users\whanau\appdata\local\torch\application\torch.exe |
"{86CDA27F-2CC8-40B0-8E7D-E023D841D87A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{87A5487B-7FB6-4F73-BB08-F44C85525372}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{889EF840-5925-46BC-956B-07E9B84CA038}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqpcmgr\8.8.10772.235\plugins\qqpcb1androidjmp\qqphonemanager.exe |
"{8A6714DB-7B2F-4336-865E-B715A2EEE2FF}" = dir=in | app=c:\program files (x86)\tencent\qzonemusic\2014.3.5.14.54.21\qzonemusic.exe |
"{8E416F04-948E-46D7-AFA7-730F0489A570}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{91416586-99CD-49BE-B7CF-896A1838C23D}" = protocol=6 | dir=in | app=c:\users\whanau\appdata\roaming\bittorrent\bittorrent.exe |
"{916B63CC-3FDA-4CE1-99EC-005178AF3325}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\auclt.exe |
"{92CD3E9A-D5F7-48CD-B74D-8F7139272BC1}" = protocol=6 | dir=in | app=c:\program files (x86)\wandoujia\wandoujia.exe |
"{93B3C0FD-2C4D-4068-89BD-26614C7F4478}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqplayer\qqplayer.exe |
"{99EC7498-1A3A-4E78-8FCC-946FDBDFC525}" = protocol=6 | dir=in | app=c:\program files (x86)\ipfx\softphone\softphone.exe |
"{9AB784CA-934C-4015-ABF9-534A26F13466}" = protocol=6 | dir=in | app=c:\users\whanau\appdata\roaming\tencent\qqpcmgr\download\qqpcdownload.exe |
"{9B1CD7A2-7B44-46B2-94D6-9401515B2E13}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9C028393-8315-40A0-9B7C-7E887780DA3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{9D3687F9-8E50-4C96-BFA8-4B13D282394A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{9D61DBBF-CC9B-42A3-BB9D-B5C409863751}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FAADA31-32B6-4B6C-9E73-A0F55252FB70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4107F94-1CE1-4905-91F4-46BF431A2B37}" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7817\pinyinup.exe |
"{A69C0569-DDB2-40B8-86E8-9EF5C33EDDEC}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{AA11E417-6616-4A56-AF0E-941EE43235E7}" = protocol=17 | dir=in | app=c:\users\whanau\appdata\local\microsoft\windows\temporary internet files\content.ie5\jbq28im3\bittorrent.exe |
"{AB4FDE02-CEEC-4FB1-A293-7B771B934D12}" = dir=in | app=c:\program files (x86)\common files\tencent\qqdownload\125\tencentdl.exe |
"{ABE47FFE-CB91-4F2D-B920-3DF91EA251EA}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{B109E44E-0934-49AF-9518-F91920E8B3BB}" = protocol=17 | dir=in | app=c:\program files (x86)\ipfx\softphone\softphone.exe |
"{B59928E3-6390-4490-8DEA-3A3058C3A603}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B8CFB016-F485-4647-A3CB-64B2138DF3AF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B96FCCB5-C848-42E9-AC68-AFB6ECCF812C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BC4422C8-D918-4622-A46A-55F2FB57670D}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BCB090AF-AD33-4F5E-835C-718D2E60E6A0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BCC73657-6BB1-484D-BCED-1B6664847CFD}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{BDE5FB0E-C66E-43C9-806F-5C06F3B75D7F}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"{BEBCD3DB-08A3-447B-AB77-DC6A993D0BFE}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{C254ED66-DC9C-401B-8B75-0AE141D9E12C}" = protocol=6 | dir=in | app=c:\users\whanau\appdata\local\ilivid\ilivid.exe |
"{C3B3EEFC-FA82-4EED-8A6E-7471106CC929}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{CDF3B39C-859B-4863-B958-DCF7AD8DD72A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{CEB85843-936C-427E-B7C2-BAAC0A8B6850}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D0750ADA-5F7A-48A2-921E-7AA7958E496B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D2088A72-4C1B-4AE8-865B-2066BB20C0D7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{D32DB511-FF46-49AB-9D70-3518245AB405}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\txupd.exe |
"{D3D199B6-2DD7-42BE-BF44-88C7B4DB2836}" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qqintl\bin\qq.exe |
"{D847E6AE-B6E5-4BD9-9DCA-96594C524000}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E2854C1E-6A37-483E-8583-343C8447884F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E3202B25-62A2-4F7E-A27D-702CBFC1F4B3}" = protocol=6 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"{E45D5B1D-7051-4512-AE99-FB491FFBB912}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E55BA474-78F7-4AD7-827B-F8C30105ABF2}" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"{E582265C-EBB2-4910-B2D2-EF6AAE1FB7CB}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{E6C3C805-C0F9-439F-A487-B18C80C17731}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E73E1C51-6AA1-43B4-9F59-A3BE9DBC490F}" = dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{E7448456-EF7B-4EA4-97CE-7F875F56D8C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E91FAB31-FFB5-462C-8FFB-7E1BC3D80AD0}" = protocol=17 | dir=in | app=c:\users\wt\desktop\anh\titanium\titaniumstudio.exe |
"{F09822AD-8C1B-4199-8D64-0E141BC9171E}" = protocol=6 | dir=in | app=c:\program files (x86)\ipfx\softphone\softphone.exe |
"{F7A4D9A6-2A00-441A-A00E-64CA63A37C38}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F9982D72-7093-473D-8C22-6FEA49C5116B}" = protocol=17 | dir=in | app=c:\users\whanau\appdata\local\ilivid\ilivid.exe |
"{FC2D89E7-5FF9-4A67-BCFD-C4A4ED7B802C}" = protocol=17 | dir=in | app=c:\program files (x86)\remote mouse\server\server.exe |
"TCP Query User{07345764-3B82-4B66-919A-A5D08121972E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{21816A27-0A64-4A94-AAB8-C217BA88A77A}C:\saphire\www\httpd\bin\spiceworks-httpd.exe" = protocol=6 | dir=in | app=c:\saphire\www\httpd\bin\spiceworks-httpd.exe |
"TCP Query User{3595377D-04E0-468B-A26A-D6B9DE390139}C:\cobalt\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\cobalt\mysql\bin\mysqld.exe |
"TCP Query User{37F6D7EB-0742-43FC-AE4F-05743077D824}C:\program files (x86)\tencent\qq\bin\auclt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"TCP Query User{3CF811C8-0869-4D47-AD8A-189F489EC4DD}C:\unifiedremote\remoteserver.exe" = protocol=6 | dir=in | app=c:\unifiedremote\remoteserver.exe |
"TCP Query User{4C1DE5C8-8E79-4EC3-96BC-1570BEB7DF36}C:\silicontree\bin\apache\apache2.4.4\bin\httpd.exe" = protocol=6 | dir=in | app=c:\silicontree\bin\apache\apache2.4.4\bin\httpd.exe |
"TCP Query User{4C3E1457-EC5A-4FD3-BE90-17A6AD38A905}C:\program files (x86)\megacoin\megacoin-qt.exe" = protocol=6 | dir=in | app=c:\program files (x86)\megacoin\megacoin-qt.exe |
"TCP Query User{59851508-C222-40C7-8C75-BDCA4332289B}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"TCP Query User{59C2AFD2-FC7B-48E9-BF22-0B4A7B5E29AB}C:\users\wt\desktop\anh\titanium\titaniumstudio.exe" = protocol=6 | dir=in | app=c:\users\wt\desktop\anh\titanium\titaniumstudio.exe |
"TCP Query User{7FE01BE6-B7A5-4639-9B7E-8C4CA48540E6}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{822ED724-A995-421D-9BC2-5CA4EBDC210C}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"TCP Query User{87762D3D-C68C-47F6-BAC4-D3B59C11ED8D}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{97AB23DE-3F68-4ABA-9ABF-440644DC514D}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"TCP Query User{B658A8BB-3E65-4DFD-A2EE-54F01FC964E9}C:\unifiedremote\remoteserver.exe" = protocol=6 | dir=in | app=c:\unifiedremote\remoteserver.exe |
"TCP Query User{B6C2F5A5-8D9C-4C94-A935-FB9210826F5F}C:\program files (x86)\sogouinput\6.2.0.7270\pinyinup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7270\pinyinup.exe |
"TCP Query User{B81D41CD-3EA7-43C0-B4C3-8743A72CBC0D}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"TCP Query User{BE72892A-F8BB-42B6-A7BE-4B6C7715B8D1}C:\program files (x86)\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"TCP Query User{C6405B2B-0E87-43F1-8D18-36AF3FB1FD21}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{CD4C21AE-0DB2-4F5D-BEE2-D500B9C9676A}C:\users\whanau\desktop\mosync_reload_windows\server\bin\win\node.exe" = protocol=6 | dir=in | app=c:\users\whanau\desktop\mosync_reload_windows\server\bin\win\node.exe |
"TCP Query User{CE9448D1-8A1D-4347-9ECB-04EF28D8AAE9}C:\saphire\www\bin\spiceworks.exe" = protocol=6 | dir=in | app=c:\saphire\www\bin\spiceworks.exe |
"TCP Query User{CF326F79-4B73-4776-9AC9-F7771A55A851}C:\xampp\mercurymail\mercury.exe" = protocol=6 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"TCP Query User{D2C4FD11-E9E0-46C7-B46A-6F0C51E20671}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{D769F26A-E7AE-45D9-A68C-C6366405D6AE}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe |
"TCP Query User{D8983470-E9A5-413E-9587-248B799FB58A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"TCP Query User{DB482153-F73A-4044-B5A9-99797F401605}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E1371EBF-740D-44A3-AC5E-F1F3F350FA0D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{E3330ADF-84E7-47E0-8F57-B8BB60EB487A}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{E5D31902-8082-4741-A4A1-A4ABC132D935}C:\program files (x86)\microsoft dynamics crm\client\res\web\bin\microsoft.crm.application.hoster.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft dynamics crm\client\res\web\bin\microsoft.crm.application.hoster.exe |
"TCP Query User{E77D7C92-0295-4AF2-9309-36E68195064A}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
"TCP Query User{ED406CA3-7E28-4301-A86F-C732ECD2FE85}C:\program files (x86)\ipfx\softphone\softphone.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ipfx\softphone\softphone.exe |
"TCP Query User{F2C7F64B-563F-42AA-BC6A-55C06EE8A9B9}C:\users\whanau\desktop\mcserver.exe" = protocol=6 | dir=in | app=c:\users\whanau\desktop\mcserver.exe |
"TCP Query User{F9D7F719-C9A3-4E46-976F-5771C85FB47D}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"TCP Query User{FF850383-A235-43BD-84EB-7D33DEA554B6}C:\program files\netbeans 7.4\bin\netbeans64.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 7.4\bin\netbeans64.exe |
"UDP Query User{02EDF8B2-40FC-4143-B247-33D8BBAE8494}C:\silicontree\bin\apache\apache2.4.4\bin\httpd.exe" = protocol=17 | dir=in | app=c:\silicontree\bin\apache\apache2.4.4\bin\httpd.exe |
"UDP Query User{032ABBFE-878E-4F4A-A15B-4F7F307BE8F6}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{076898FD-9FFA-4B1A-9FF6-30F46456F92A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{139EB85E-BA7D-4C07-9639-13A21F3F1D3B}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{1B5DB252-E4E9-44AE-AAA3-DCF9334848C6}C:\program files (x86)\tencent\qq\bin\auclt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\auclt.exe |
"UDP Query User{32746A59-AF0C-4E9B-A750-942302B14454}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{466055C6-7000-452B-B367-1B97AA68136E}C:\program files\netbeans 7.4\bin\netbeans64.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 7.4\bin\netbeans64.exe |
"UDP Query User{521D6122-4A15-437C-A430-6D9EAD09236F}C:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\mobilego for android\mobilegoservice.exe |
"UDP Query User{5596F514-C05E-45AC-B574-F568F7EF1BFA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{59600B8D-45A9-470D-86F2-ABA0930487A7}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{597ED6C5-9794-48E4-AB52-63654C74A509}C:\saphire\www\httpd\bin\spiceworks-httpd.exe" = protocol=17 | dir=in | app=c:\saphire\www\httpd\bin\spiceworks-httpd.exe |
"UDP Query User{5BE6383E-A144-4A29-AF9B-39AEB55A1813}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
"UDP Query User{6D0DEDF5-3217-4117-9CFC-50EDAB1F2B0B}C:\program files (x86)\tencent\qq\bin\qq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tencent\qq\bin\qq.exe |
"UDP Query User{78875F5B-63B9-446C-BB8A-622FB90B8E53}C:\cobalt\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\cobalt\mysql\bin\mysqld.exe |
"UDP Query User{7DC0D618-7721-498D-817D-2317F22AA816}C:\program files (x86)\sogouinput\6.2.0.7270\pinyinup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sogouinput\6.2.0.7270\pinyinup.exe |
"UDP Query User{83A18CA1-473F-4EFC-ADA6-D9112AA142D2}C:\users\whanau\desktop\mosync_reload_windows\server\bin\win\node.exe" = protocol=17 | dir=in | app=c:\users\whanau\desktop\mosync_reload_windows\server\bin\win\node.exe |
"UDP Query User{83A5A807-3B2D-479B-B631-AA184F8CB3C5}C:\unifiedremote\remoteserver.exe" = protocol=17 | dir=in | app=c:\unifiedremote\remoteserver.exe |
"UDP Query User{9668F0D6-90C8-43CF-80A5-CBD38C9C4E04}C:\users\wt\desktop\anh\titanium\titaniumstudio.exe" = protocol=17 | dir=in | app=c:\users\wt\desktop\anh\titanium\titaniumstudio.exe |
"UDP Query User{A394626D-9F5C-4F7B-A57F-6B41E9F6C273}C:\program files (x86)\megacoin\megacoin-qt.exe" = protocol=17 | dir=in | app=c:\program files (x86)\megacoin\megacoin-qt.exe |
"UDP Query User{AABA9B41-5769-40AD-9E28-F0F86C4FA056}C:\program files (x86)\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft\starcraft.exe |
"UDP Query User{AFE3FFDF-A603-4042-84BE-9D51E38E5DF5}C:\saphire\www\bin\spiceworks.exe" = protocol=17 | dir=in | app=c:\saphire\www\bin\spiceworks.exe |
"UDP Query User{B417A495-0672-4B69-BE0F-138A36EE86A6}C:\program files (x86)\microsoft dynamics crm\client\res\web\bin\microsoft.crm.application.hoster.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft dynamics crm\client\res\web\bin\microsoft.crm.application.hoster.exe |
"UDP Query User{BB3677BE-7DE9-41E2-AD80-DD6C3E0D55F9}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
"UDP Query User{C1020039-6D2A-453E-8B6A-C6E9D7B4EA23}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{C732EC93-E76C-4CD8-9BD3-CAEE8A48C8D4}C:\users\whanau\desktop\mcserver.exe" = protocol=17 | dir=in | app=c:\users\whanau\desktop\mcserver.exe |
"UDP Query User{CCEE4B7D-F5FE-41BB-841B-612FFC1D05B5}C:\xampp\mercurymail\mercury.exe" = protocol=17 | dir=in | app=c:\xampp\mercurymail\mercury.exe |
"UDP Query User{D92E2262-1340-4CCB-98D0-40C4E82DC469}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{DAB03B4E-2063-4F9A-96FE-0F99FC50C5C2}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
"UDP Query User{DB55DFD9-D560-4926-A1C9-3EB7C99F0C70}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{E4D66DE3-3AD1-4626-888A-9073D045AB4D}C:\wamp\bin\apache\apache2.4.4\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.4.4\bin\httpd.exe |
"UDP Query User{F05F5ECB-A980-4DE5-BB2B-DDC9D1CAB1E0}C:\program files (x86)\ipfx\softphone\softphone.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ipfx\softphone\softphone.exe |
"UDP Query User{F227B37A-478C-48DD-AAA3-A0B5BD8F64CE}C:\unifiedremote\remoteserver.exe" = protocol=17 | dir=in | app=c:\unifiedremote\remoteserver.exe |
"UDP Query User{F5F2C8AA-561A-418C-83D4-CC7D3230DA60}C:\program files (x86)\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files (x86)\libreoffice 4\program\soffice.bin |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05198C22-FFCE-374A-B190-9F18CC99DAEA}" = Build Tools Language Resources - amd64
"{05FF8209-C4F1-4C77-BC28-791653156D20}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{220928A7-7A95-47D2-B13E-9A2811FFC3D4}" = Microsoft SQL Server 2008R2 Product (no databases) SR1 Samples (x64)
"{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}" = Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS
"{26A24AE4-039D-4CA4-87B4-2F86417045FF}" = Java 7 Update 45 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86418000FF}" = Java 8 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2F884A17-E051-3DB7-B093-6274C98740F6}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩
"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
"{33540558-5647-4ED7-8682-62CE971CEE62}" = Windows Azure Libraries for .NET – v2.0
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3674F088-9B90-473A-AAC3-20A00D8D810C}" = Microsoft Web Deploy 3.5
"{36B98E65-CA52-348C-9ED7-77B926A16C2D}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket
"{376949D9-0B10-4E7A-9AA5-16AC38F9E843}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}" = Microsoft VSS Writer for SQL Server 2012
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}" = Microsoft SQL Server 2012 Management Objects  (x64)
"{46E637E2-AC34-4B45-B5DF-D20903A3DB61}" = Microsoft Online Services Sign-in Assistant
"{4AE29B5C-87B1-3C4E-8E15-17B83BA745CB}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{54C5041B-0E91-4E92-8417-AAA12493C790}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{58FED865-4F13-408D-A5BF-996019C4B936}" = Microsoft SQL Server 2012 Command Line Utilities
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60391499-BB97-3FC7-9F17-2BF560DCE231}" = Microsoft Visual Studio 2013 Express Prerequisites x64 - ENU
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{62B64BEE-182F-4B1D-8D92-905FA8737AFE}" = Windows Azure Authoring Tools - v2.0
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{64A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0180000}" = Java SE Development Kit 8 (64-bit)
"{65C91666-C3E8-3A42-BDA8-87932DD34F89}" = Microsoft Team Foundation Server 2013 Object Model (x64)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6C026A91-640F-4A23-8B68-05D589CC6F18}" = Microsoft SQL Server 2012 Express LocalDB
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA
"{73A64813-E631-3807-8E78-BA679EDA09A8}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{789579C8-FDDE-4FE6-8A84-366F9152B63E}" = Windows Azure Emulator - v2.0
"{79A2C6E8-C727-4D12-B4B3-19790C181DEA}" = Microsoft SQL Server 2008 R2 Native Client
"{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}" = IIS 8.0 Express
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8F882A28-F74E-4AFC-A737-37BC1ADE768B}" = SQL Server 2012 SSIS 64Bit For SSDTBI VS2012
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb" = IIS Express Application Compatibility Database for x64
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A67C75DE-BED6-4F1B-97EB-30CD1D40FFED}" = Microsoft SQL Server 2012 T-SQL Language Service
"{A6BA243E-85A3-4635-A269-32949C98AC7F}" = Microsoft SQL Server 2012 Data-Tier App Framework  (x64)
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{B3192F55-2CE8-4C8E-9E40-D3B4998276B2}" = SQL Server 2012 Documentation Components
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B74B199A-EDD4-B657-E055-327D454402D2}" = Windows Software Development Kit DirectX x64 Remote
"{BA14C6F7-A633-3E88-831B-FCC197A5A17D}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support  - Module linguistique Français
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C41498FE-0BF8-3B22-9785-231CE53C728E}" = Microsoft Team Foundation Server 2013 Object Model Language Pack (x64) - ENU
"{C596D608-3E74-3232-8CA5-DF1DCB9F10DE}" = Microsoft Visual C++ 2013 x64 Debug Runtime - 12.0.21005
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9AEABC2-1DD6-3280-9A1A-11E1E8D34AAD}" = Windows Phone Emulator x64 - ENU
"{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}" = Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CECA0188-BD7A-43EF-B1F7-DDF719099C46}" = SQL Server 2012 Documentation Components
"{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}" = Microsoft SQL Server 2012 Native Client
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012  x64 Designtime - 11.0.50727
"{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN
"{E237254B-36A1-3D27-815E-B37C13BE0796}" = Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E6C44758-FF49-47D1-8182-65E3818ACE23}" = AuthenTec TrueSuite
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F39076D7-7168-44CD-A2C6-EBC1CDA7DC1C}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{F74753A3-C93C-34F5-A199-993CAF602B7D}" = Build Tools - amd64
"{FB501A6E-CA6D-36DA-8860-17F0E6D89155}" = Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件
"{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb" = IIS Express Application Compatibility Database for x86
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-glassfish-mod-4.0.0.89.0" = GlassFish Server Open Source Edition 4.0
"nbi-nb-base-7.4.0.0.201310111528" = NetBeans IDE 7.4
"nbi-nb-base-8.0.0.0.201403101706" = NetBeans IDE 8.0
"O365ProPlusRetail - en-us" = Microsoft Office 365 ProPlus - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Titanium Studio" = Titanium Studio
"Windows Azure Emulator - v2.0" = Windows Azure Emulator - v2.0
"WinRAR archiver" = WinRAR 4.10 beta 4 (64-bit)
"Zune" = Zune
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{012D26C3-E12A-3BDA-8ECE-DF14E721A507}" = Microsoft Visual Studio 2010 Shell (Integrated) - ENU
"{01C79EF3-DE84-4B56-B638-8BEA0D507506}" = Microsoft XNA Game Studio 4.0 (XnaLiveProxy)
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{03077B58-6ACF-32CA-B42A-EAA458C295A1}" = Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{034A32D5-699E-4AED-A2EB-2CCB6E7F37F1}" = Microsoft Research Mesh Virtual WIFI
"{0398BFBC-991B-3275-9463-D2BF91B3C80B}" = Microsoft Help Viewer 2.1
"{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}" = Microsoft SQL Server 2012 T-SQL Language Service
"{05CDC06E-4C55-4EAE-9401-8EF62F60CB69}" = Microsoft XNA Game Studio 4.0 Refresh (Visual Studio)
"{070C38AC-05CE-43DF-9A20-141332F6AB2B}" = Microsoft System CLR Types for SQL Server 2012
"{08AEF86A-1956-4846-B906-B01350E96E30}" = Entity Framework Tools for Visual Studio 2013
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{09427BFD-9960-4C19-BFF0-45C6958BA201}" = Microsoft Visual Studio 2013 Preparation
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B698858-DAB0-4F9E-A10A-125B274EDA06}" = Microsoft Visual C++  x64 Libraries
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix online plug-in (Web)
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0C524D20-0409-0060-8A9E-0C4C490E4E54}" = Microsoft Dynamics CRM 2013 for Microsoft Office Outlook
"{0C524DF0-0409-0050-BF3E-80D80B490D53}" = Microsoft Dynamics CRM Report Authoring Extension
"{0D1EAF91-ACD4-4212-ADE9-2658C1A3A1ED}" = SQL Server 2012 Reporting Services
"{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}" = Microsoft SQL Server Data Tools - enu (12.0.30919.1)
"{0F3C9093-6C13-484D-8385-93AA21BEC025}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}" = Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{124D51A1-F3C2-45AE-B812-D3CA71247093}" = SQL Server 2012 Common Files
"{12B8E200-99CC-4203-A8D1-4145FC4D0192}" = Microsoft Expression Blend SDK for Windows Phone OS 7.1
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{143203CB-9E09-4D9D-91F1-D000EC6E1F87}" = SQL Server 2008 R2 SP2 BI Development Studio
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1577D582-7472-49B7-8427-47E52BDAD542}" = Renesas RX Compiler V2.00.01
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{16DD6E8B-E10B-4B6D-BC2D-B2BF631094F2}" = Microsoft Visual Studio 2012 Preparation
"{17c2e197-cf26-443b-8beb-53151940df3f}" = Microsoft Visual Studio Professional 2012
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{191A6F65-6878-398D-A272-EF011B80F371}" = Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{1A7CB653-7A96-47CA-8234-2FD88E3ED103}" = Windows Azure Tools for Microsoft Visual Studio 2012 Core
"{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1D3F5D17-BAD3-4D33-9F4E-AFCC44238626}" = Microsoft Visual Studio 2012 Preparation
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1F1AA110-D758-30C1-A1B4-5484C72BCACE}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F8E06E2-BA93-40DC-B183-E024CBD853A8}" = Microsoft Visual C++ 2012 Compilers
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{222DFC5F-6C45-3266-869F-0270B3B66F5C}" = Microsoft Visual Studio Tools for Applications 2012 設計階段 - 繁體中文語言套件
"{23F70562-02F4-4805-ACF5-6E52BAD167C2}" = SQL Server 2008 R2 SP2 Reporting Services
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28A5C315-7C44-44F1-947A-45DF8F916846}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.31203.1)
"{28DA3304-9EC2-4097-BC64-B59A1958841F}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{29F259D7-C517-3EED-84B4-237573CFD39C}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{2B39D995-8210-3C4D-92AA-5A8FD762C169}" = Microsoft Visual Studio Tools for Applications 2012 Language Support Finalizer
"{2BF7DF19-F716-4986-AD4A-3AF6ACFEEE14}" = SQL Server 2008 R2 SP2 BI Development Studio
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2DCA4ECC-657F-38DE-A2E6-A4A78A85118E}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - 한국어 언어 팩
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F7DBBE6-8EBC-495C-9041-46A772F4E311}" = Microsoft SQL Server 2012 Management Objects
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++  Compilers 2010 Standard - enu - x86
"{30CA21F2-901A-44DB-A43F-FC31CD0F2493}" = Sql Server Customer Experience Improvement Program
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{3371699A-C1EF-3AC3-B094-D338191FA6E9}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}" = Prerequisites for SSDT
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{37464E70-B0B9-9DFF-649A-CBE169BAD657}" = Windows Software Development Kit for Windows Store Apps
"{383D452B-CF30-3023-897A-4FED9716122F}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - ENU Language Pack
"{3864353C-C450-4BF6-AB99-9B58F0FF431E}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio Express 2013 for Web - ENU
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3BC1AB78-2D98-4906-84B5-4230B5420DCC}" = Offline Course Player
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3e544097-53d1-4252-98a6-93cc12a6d487}" = Microsoft Visual Studio Express 2013 for Web - ENU
"{40E796AC-F3D6-4A57-BDAA-2FD9AB09F3A8}" = SQL Server 2012 Reporting Services
"{417A3FEE-BDB8-3CAA-819C-766E79CD2E0F}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{41EB0401-8D3B-30E1-8321-AA4832EC5121}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - Language Pack ITA
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{44774b10-3e2b-443c-899b-56c46b370aa7}" = Microsoft Visual Studio Tools for Applications 2012 Language Support
"{44a1c35f-b33f-49b8-af68-788815ccc611}" = Microsoft SQL Server Data Tools 2012
"{46171987-379B-4F5D-9098-DC55AF4C2F1A}" = Proteus 7 Lite
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{492FCC0B-45E1-383A-A2CF-9E7F305AC200}" = Microsoft Visual Studio 2013 Team Explorer Language Pack - ENU
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{49E98741-B7A4-4A44-A536-6AFCA23106FE}" = SQL Server 2008 R2 Reporting Services
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AE57014-05C4-4864-A13D-86517A7E1BA4}" = Microsoft .NET Framework 4.5 SDK
"{4B9E6EB0-0EED-4E74-9479-F982C3254F71}" = SQL Server Browser for SQL Server 2012
"{4C4FEB30-6A9F-402F-8E17-6C4C67AB3498}" = AzureTools.Notifications.VwdExpress
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{503336C5-965C-415B-B535-CD42C0FD013E}" = Microsoft ASP.NET MVC 4 - Visual Studio Express 2012 for Web - ENU
"{5268600F-1B2F-3273-A335-EFD9D1698385}" = Языковой пакет для среды разработки набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 - RUS
"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
"{5411060C-8F8C-393D-8D3B-26AF2C92FABB}" = Microsoft Visual Studio 2013 Shell (Minimum)
"{54E297F1-C05D-4502-B58E-CDCD83BF7E2C}" = SQL Server 2012 Full text search
"{54F84805-0116-467F-8713-899DFC472235}" = SQL Server 2012 Database Engine Shared
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix online plug-in (USB)
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56C43B1B-3387-45B3-A53A-ABAA5B4667D6}" = Microsoft SQL Server Data Tools - enu (10.3.31009.2)
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{57110ACC-BA87-3443-8B12-B749DC15B7A7}" = Microsoft Visual Studio Tools for Applications 2012 Language Support - ENU Language Pack
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5950473A-825B-3019-AF86-55F2F9A95FCB}" = Microsoft Visual Studio Tools for Applications 2012 Finalizer
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5A03C202-08B4-3F1D-9A60-A4F53EF1B636}" = Microsoft Visual Studio Tools for Applications Design-Time 3.0
"{5A10A311-A2BE-4C44-A47E-AC61DCD83178}" = Windows Azure Shared Components for Microsoft Visual Studio 2013 - v1.0
"{5A8751A2-684E-4D42-846C-3A58CE36C1F9}" = Messaging API and Collaboration Data Objects 1.2.1
"{5C3CB1F8-B3C2-3D50-A4A1-CFD4A3549DB4}" = Microsoft Visual Studio Express 2013 for Web - ENU
"{5D5CFAD6-9F93-8C63-3EB0-B6A0D3D4BD12}" = Windows Software Development Kit
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
"{5E994A95-9388-4D10-8E68-54B8CBF894D3}" = Microsoft Application Error Reporting
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F1C0FD3-A92C-4A91-B817-2EE086186A89}" = SQL Server 2012 Data Tools - BI for Visual Studio 2012
"{623ABB38-F593-3706-B799-EEEC72ED96F4}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{62BC36B2-F9FB-405F-94B4-F2D3A71C402D}" = Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2012 for Web - ENU
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Harmony Browser Plug-in
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64484316-E4BA-38B3-8954-0358522A8D40}" = Microsoft Visual Studio Express 2013 for Windows Desktop
"{656458ED-DA77-4C82-AF2F-1640C191A2A7}" = Microsoft Advertising SDK for Windows Phone - ENU
"{662DA7D2-33F0-42A5-9103-93E6E2903A0D}" = Microsoft Web Developer Tools - Visual Studio Express 2012 for Web
"{6781FF9B-E87D-4A03-9373-A55A288B83FA}" = Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1)
"{678800C0-D94E-4513-89CB-478F2B781A0B}" = Microsoft Visual C++ 2013 x86-x64 Compilers
"{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}" = Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS
"{69E11501-75F7-4ACE-8103-52513DDCFE26}" = Microsoft Expression Blend SDK for Windows Phone 7
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6A7387C0-B74F-47D0-A217-B384E55FE0C9}" = Microsoft XNA Game Studio 4.0 Refresh (Redists)
"{6C06FEE9-C64E-453F-B8A5-D9E9B79ED040}" = Microsoft Visual C++ 2013 32bit Compilers - ENU Resources
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{6F33C2E2-5E02-4344-90BC-ED55C48341D2}" = WCF Data Services SDK for Windows Phone
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714F43AB-052E-457D-9C8E-1DF58564DA50}" = Microsoft Web Developer Tools 2012.2.1 - Visual Studio 2012
"{71a40c60-27c2-443a-b7c7-6e4f3aad1d5a}" = Microsoft ASP.NET and Web Frameworks 2012.2
"{71BE9045-6113-4FAE-89DB-E116688E51C0}" = MPLAB Tools v8.89
"{71C8577C-B482-46A0-A89A-2527D5968A6C}" = Microsoft Web Developer Tools 2013 - Visual Studio Express 2013 for Web
"{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}" = Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{731C183B-86A0-3442-BE55-68A7C92581E9}" = Microsoft Visual C++ 2012 Extended Libraries
"{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}" = Microsoft SQL Server 2008 R2 Setup (English)
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{75CAD500-A544-35A4-A741-C40F78D88966}" = Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 Design-Time - PTB
"{76CA0F9D-9E77-11D5-B0FC-00C04FC0E932}" = High-performance Embedded Workshop
"{786D445C-F3D7-35D2-81AA-60DB61F9F552}" = Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{7A81DEF8-92E5-4561-98FD-A60C50C3AA81}" = Microsoft SQL Server Data Tools Build Utilities - enu (10.3.31009.2)
"{7D29ED63-84F9-4EC7-B49F-994A3A3195B2}" = SQL Server 2012 Common Files
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix online plug-in (HDX)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}" = Microsoft SQL Server 2008 R2 Management Objects
"{84D88F57-4130-30FE-A0B6-1E04428FE1F6}" = Microsoft Visual C++ 2013 Core Libraries
"{859C7535-6862-3867-B97E-816795E8AB65}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack
"{89690B51-2E21-4E93-914E-F9CAC5B24A84}" = Microsoft XNA Game Studio Platform Tools
"{89B4532E-19CE-4FA9-9692-10BFD5A38532}" = Visual Studio Extensions for Windows Library for JavaScript
"{8A9A1840-AE5C-4721-8F18-E629465A92DE}" = SQL Server 2012 BI Development Studio
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{8C6A5AF9-5A6F-4E24-AEA0-4921D832FE70}" = LibreOffice 4.2 Help Pack (English (United States))
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{91150000-00BA-0000-0000-0000000FF1CE}" = Microsoft OneDrive for Business 2013
"{91D5025C-139A-4977-82FD-9E2A8A32269A}" = SQL Server 2012 Documentation Components
"{933a3e46-6a1b-4881-8190-1b71f21e4002}" = Microsoft SQL Server Data Tools 2010
"{9347889B-C22A-3905-901F-C05D8F73C929}" = Build Tools Language Resources - x86
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{955E1388-E1F1-320A-A018-24616ED60F95}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{96F50F87-0F15-4F93-9FE6-387DD9CFB077}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
"{984022F2-9BCA-A41D-6A38-1AE658F01415}" = Windows Software Development Kit
"{985EF141-95DD-3934-8F23-7C2C4C61E5F7}" = Microsoft Visual Studio 2013 Shell (Minimum) Resources
"{99873375-8776-349B-8C99-9527B9536BC8}" = Microsoft Visual Studio Tools for Applications 2012 设计时 - 简体中文语言包
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A456DFB-5404-471D-8C7B-0E2A155E999B}" = Microsoft ASP.NET Visual Studio 2012 Uninstall Finalizer
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9B646DA5-D671-4767-96D0-70808544E5DE}" = SQL Server 2012 BI Development Studio
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CCE40CE-A9E6-4916-8729-B008558EEF3F}" = Microsoft Report Viewer 2012 Runtime
"{9CF99D28-E9CB-4DE5-8893-1A5AB019F4E1}" = Microsoft Visual Studio 2012 Shell (Isolated)
"{9E2F2BAC-A9FD-35BC-B8E0-253FEBED0F9B}" = Windows Phone SDK 7.1 Assemblies
"{9E7DE17D-A9E2-4762-8C10-1E80F5976F4A}" = Microsoft Visual Studio 2013 Preparation
"{A093C19A-1A62-3EDA-A211-9BBA5136274D}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - DEU-Sprachpaket
"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{A240191E-4302-435E-86FC-A5717EF0CF38}" = Microsoft XNA Game Studio 4.0 Refresh (Shared Components)
"{A2CCB3C1-3DF9-4E3E-8D3F-DDBBCDDB28B5}" = Microsoft C++ REST SDK for Visual Studio 2013
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A3B8D9FB-CA7D-4487-8CA2-A6A2C8AD1077}" = Microsoft Visual C++  x86 Libraries
"{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN
"{A4366F69-CE22-4DB7-9C8C-46A5845AF997}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{A4CC18F6-DB05-4B03-B724-4128322FA85F}" = Windows Phone SDK 7.1 Extensions for XNA Game Studio 4.0
"{A5DD7359-5EB4-4D35-BBAF-E6A88269790B}" = League of Legends
"{A6030DAD-1600-F767-C8DD-C722ADFE8FBC}" = Windows Software Development Kit DirectX x86 Remote
"{A721BC43-E63E-3531-B1BF-6A405F9530BD}" = Windows Phone SDK 7.1 Add-in for Visual Studio 2010 - ENU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CA25A2-4171-4289-B9D3-78A012A3A340}" = SQL Server 2012 SQL Data Quality Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AC7E7905-8C59-4806-A96D-30936A2B1FC5}" = Citrix Online Launcher
"{AD15759F-488D-442C-A8B4-C4FEEACFA939}" = SQL Server 2012 Management Studio
"{AD1AEE2A-D9C0-3FAC-8D6B-B5E07B47257B}" = Microsoft Visual C++ 2012 Core Libraries
"{AE937DBA-FEFD-3BFE-9860-0591C0F91D61}" = Microsoft Visual Studio 2013 Shell (Minimum) Interop Assemblies
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF42CC8A-A9F5-33B0-8AE2-10E77CEEB4CD}" = Microsoft Visual Studio Express 2013 for Web - ENU
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{afbbbda2-1dd7-11e3-ae37-080027022fbf}_is1" = Mono for Windows 3.2.3
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B2B6859A-AEB5-4191-B62A-58EDC8739CB5}" = TestKing Questions and Answers
"{B362A397-B38A-3A23-A190-611F9C7EB4F9}" = Microsoft Visual C++ 2012 Core Libraries
"{B40E950B-300A-41B5-A6C1-2FEBEEA1BEEA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B536762B-1047-4B51-8ECF-46D5686E5416}" = Microsoft ASP.NET Web Pages 2 Runtime
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B707F963-5944-4EA1-AF99-EB898C861FB3}" = Microsoft Visual Studio 2012 Shell (Isolated) Resources
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA
"{B92C2C6C-F70E-497B-88A7-1FEF9888272B}" = Adobe AIR
"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
"{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}" = Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BCEBC40A-16A1-4CCD-A917-887749706088}" = Microsoft ASP.NET MVC 3 - Visual Studio Express 2012 for Web
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BE6E2B88-3379-3D19-A097-DD281A678319}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - 日本語 Language Pack
"{bec3d87e-1d6d-4b15-8383-29068c86b888}" = Microsoft Visual Studio Express 2013 for Windows Desktop - ENU
"{BFE16218-BBA6-4FE3-BE07-505AA7C418C7}" = Microsoft NuGet - Visual Studio Express 2012 for Web
"{C0770F76-6923-4EC4-A062-E688B99DCE40}" = Microsoft ASP.NET Visual Studio 2012 Finalizer
"{C0B98C23-F130-4EC5-87DE-AF6ECD8227CB}" = Microsoft SQL Server Data Tools - enu (11.1.31203.1)
"{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}" = Microsoft ReportViewer 2010 SP1 Redistributable
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C2B4A0FD-14FF-46DF-86DA-2ECF051B1861}" = Windows Azure Tools for Microsoft Visual Studio 2012 - v2.0
"{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}" = Microsoft SQL Server System CLR Types
"{C4CAD994-6EA2-3121-8352-DA593150B322}" = Microsoft Portable Library Multi-Targeting Pack
"{C4CBD722-258D-4367-B3D7-9D11FBACB44A}" = Microsoft NuGet - Visual Studio Express 2013 for Web
"{C5A17590-8CBE-3581-965D-EF183BE07920}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer Core
"{C622026F-6461-4C8F-9A92-1EF8D5290EF3}" = Node.js
"{C75EF0A9-F228-40E9-AA20-B832F8350A4C}" = Microsoft ASP.NET Web Pages - Visual Studio Express 2012 for Web
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{C9E7751E-88ED-36CF-B610-71A1D262E906}" = Team Explorer for Microsoft Visual Studio 2013
"{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 SP2 Common Files
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CB1177DD-0316-4C93-A5AE-BBF1E2B7F07E}" = SQL Server 2012 Management Studio
"{CDB2EAAE-87B3-3AB7-952D-B666E755CB27}" = Microsoft Visual Studio Tools for Applications 2012 Language Support
"{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix online plug-in (DV)
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D0F44C37-A22B-4733-BBA7-86C9F4988725}" = SQL Server 2012 Database Engine Shared
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{d2e0df0f-bf0a-4a89-9530-ebf93842c393}" = Microsoft Visual Studio 2012 Shell (Isolated)
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{D3BEBB1F-822E-49D9-9FF8-A53FF0739F16}" = Microsoft SQL Server 2012 Setup (English)
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D544D9C1-D49C-3F83-8E84-8162E6BAF843}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - Module linguistique Français
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DA5931FD-7F75-49CA-A405-85D230DE29D8}_is1" = Full DVD Ripper 9 Free
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DCE79FAE-6AC4-4718-A5BB-DA41F1740784}" = SQL Server 2012 Database Engine Services
"{DD354117-4E49-3DB5-8F51-C20A9CD24BDF}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time - Paquete de idioma ESN
"{DDB0DF50-10B1-4E06-A847-C21D4D8650DC}" = SQL Server 2012 Data Tools - BI for Visual Studio 2012
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DFB059F4-DBB2-497F-999E-AD86FA90E6DD}" = Microsoft SQL Server 2012 RsFx Driver
"{E0012154-D166-4FDF-96BF-ECFF4AA367B5}" = SQL Server 2012 Database Engine Services
"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{e20d88d6-6150-4602-b4ef-49e138467d4d}" = Microsoft Visual Studio Tools for Applications 2012
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E5CAE8D2-9F9F-3BEA-AA0F-B5B40611C704}" = Microsoft Visual C++ 2013 x86 Debug Runtime - 12.0.21005
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E84E1EB4-1E17-44D9-BF43-1452213E684B}" = Microsoft ASP.NET Web Pages 2 - Visual Studio Express 2013 for Web - ENU
"{E88F7D1B-497A-48C6-94C3-0CBE398166D8}" = Microsoft ASP.NET MVC 4 - Visual Studio Express 2013 for Web - ENU
"{EB25848D-AADC-40D7-914E-CB2E25AB5E59}" = Microsoft ASP.NET MVC 4 Runtime
"{EB514FFD-5FBA-3C53-94F8-3A2B96C5E7A8}" = Microsoft Visual Studio Ultimate 2013 XAML UI Designer enu Resources
"{ED780CA9-0687-3C12-B439-3369F224941F}" = Microsoft Visual Studio 2010 Service Pack 1
"{ED885463-044B-436D-9DD9-B486A4FFF964}" = Microsoft NuGet - Visual Studio Express 2013 for Windows Desktop
"{EE3A5B79-C147-4BD9-952A-E894298C2ACA}" = Microsoft XNA Game Studio 4.0 Refresh (ARP entry)
"{EFBBD030-48F0-43B3-A8AD-789894DAD0B5}" = Microsoft Expression Blend 4 Add-in for Adobe FXG Import
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F3BBC56F-2282-4464-952F-A89772181F30}" = Microsoft SQL Server Data Tools – Database Projects – Web installer entry point
"{f41037c2-b163-40b7-8aeb-95997a5b87b8}" = Windows Azure Tools for Microsoft Visual Studio 2012 - v2.0
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{f56bac4b-ef69-49d9-b010-1d7de651418d}" = Microsoft Visual Studio Express 2012 for Web - ENU
"{F7C53520-2CE5-4A56-ADB1-C1ACA584B5A4}" = SQL Server Report Builder 3 for SQL Server 2012
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FB3A15FD-FC67-3A2F-892B-6890B0C56EA9}" = Build Tools - x86
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 SP2 Common Files
"{FD58E95D-588C-3276-A9AC-5E3D5E005646}" = Microsoft Visual Studio Tools for Applications 2012 Design-Time
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"912138fe-a986-4780-ad7a-24960030e414" = PassShow
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Anki" = Anki
"Aptana Studio 3" = Aptana Studio 3
"Belarc Advisor" = Belarc Advisor 8.4
"Blend_4.0.30816.0" = Microsoft Expression Blend 4
"Bluefish" = Bluefish 2.2.4
"Browser Tab Search by Ask_IE" = Browser Tab Search by Ask for Internet Explorer
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dia" = Dia (remove only)
"EaseUS Data Recovery Wizard 7.0_is1" = EaseUS Data Recovery Wizard 7.0
"EFLVWVE_is1" = EasyFLV Web Video Encoder ver 4 build 0.0.4
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Foxit PDF Editor" = Foxit PDF Editor 2.2.1.1119
"Foxit Reader_is1" = Foxit Reader
"Free Download Manager_is1" = Free Download Manager 3.9.3
"GanttProject" = GanttProject
"gedit_is1" = gedit 2.30.1
"Google Chrome" = Google Chrome
"HewInstMan" = High-performance Embedded Workshop(Multiple Install)
"hMailServer_is1" = hMailServer 5.3.3-B1879
"InboxAce_1gbar Uninstall" = InboxAce Toolbar
"InstallShield_{71BE9045-6113-4FAE-89DB-E116688E51C0}" = MPLAB Tools v8.89
"Microsoft CRM Client" = Microsoft Dynamics CRM 2013 for Microsoft Office Outlook
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.1" = Microsoft Help Viewer 2.1
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 11" = Microsoft SQL Server 2012
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server SQLServer2012" = Microsoft SQL Server 2012
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Microsoft Visual Studio 2010 Express for Windows Phone 7.1 - ENU" = Windows Phone SDK 7.1 - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"MoSync" = MoSync
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"Mozilla Thunderbird 24.5.0 (x86 en-US)" = Mozilla Thunderbird 24.5.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPLAB XC8 C Compiler v1.12" = MPLAB XC8 C Compiler
"MSCRMBidsExtensions" = Microsoft Dynamics CRM Report Authoring Extension
"Notepad++" = Notepad++
"Office15.GROOVER" = Microsoft SkyDrive Pro 2013
"Opera 21.0.1432.67" = Opera Stable 21.0.1432.67
"Phpnuke Downloader Adobe Acrobat Professional" = Phpnuke Downloader Adobe Acrobat Professional
"Picasa 3" = Picasa 3
"PICC 9.83" = HI-TECH C Compiler for the PIC10/12/16 MCUs V9.83PL0
"SearchProtect" = Search Protect
"Speed Test 127" = Speed Test 127
"Spiceworks" = Spiceworks
"TeamViewer 9" = TeamViewer 9
"VirtualCloneDrive" = VirtualCloneDrive
"VMware_Player" = VMware Player
"WampServer 2_is1" = WampServer 2.4
"xampp" = XAMPP
"XNA Game Studio 4.0" = Microsoft XNA Game Studio 4.0 Refresh
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"1db4f4d27b7fb13c" = Application
"5f7eb300e2ea4ebf" = GitHub
"b711bd532a44454e" = ContactsX
"BitTorrent" = BitTorrent
"CodeBlocks" = CodeBlocks
"DesktopWeatherAlerts" = DesktopWeatherAlerts
"GoToMeeting" = GoToMeeting 6.3.0.1415
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25/05/2014 3:50:54 a.m. | Computer Name = Waipareira-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> (OS 10013)An
 attempt was made to access a socket in a way forbidden by its access permissions.
  : AH00072: make_sock: could not bind to address [::]:80     .
 
Error - 25/05/2014 3:50:54 a.m. | Computer Name = Waipareira-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> (OS 10013)An
 attempt was made to access a socket in a way forbidden by its access permissions.
  : AH00072: make_sock: could not bind to address 0.0.0.0:80     .
 
Error - 25/05/2014 3:50:54 a.m. | Computer Name = Waipareira-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> AH00451:
 no listening sockets available, shutting down     .
 
Error - 25/05/2014 3:50:54 a.m. | Computer Name = Waipareira-PC | Source = Apache Service | ID = 3299
Description = The Apache service named  reported the following error:  >>> AH00015:
 Unable to open logs     .
 
Error - 25/05/2014 3:50:58 a.m. | Computer Name = Waipareira-PC | Source = SQLAgent$SQLEXPRESS | ID = 324
Description = OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).
 
Error - 25/05/2014 3:50:58 a.m. | Computer Name = Waipareira-PC | Source = SQLAgent$SQLEXPRESS | ID = 324
Description = OpenSQLServerInstanceRegKey:GetRegKeyAccessMask failed (reason: 2).
 
Error - 25/05/2014 3:51:05 a.m. | Computer Name = Waipareira-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 25/05/2014 3:53:15 a.m. | Computer Name = Waipareira-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 25/05/2014 3:53:16 a.m. | Computer Name = Waipareira-PC | Source = .NET Runtime Optimization Service | ID = 1111
Description =
 
Error - 25/05/2014 3:54:55 a.m. | Computer Name = Waipareira-PC | Source = Application Hang | ID = 1002
Description = The program Skype.exe version 6.14.0.104 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: bc4    Start
 Time: 01cf77ede25d2b61    Termination Time: 10    Application Path: C:\Program Files (x86)\Skype\Phone\Skype.exe

Report
 Id:  
 
[ OSession Events ]
Error - 14/09/2013 3:44:47 a.m. | Computer Name = Waipareira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/09/2013 7:13:47 a.m. | Computer Name = Waipareira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14/09/2013 1:33:53 p.m. | Computer Name = Waipareira-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 24/05/2014 11:02:14 p.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7031
Description = The VMware USB Arbitration Service service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
10000 milliseconds: Restart the service.
 
Error - 24/05/2014 11:02:16 p.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error:   %%126
 
Error - 24/05/2014 11:02:48 p.m. | Computer Name = Waipareira-PC | Source = HTTP | ID = 15005
Description =
 
Error - 24/05/2014 11:02:48 p.m. | Computer Name = Waipareira-PC | Source = HTTP | ID = 15005
Description =
 
Error - 25/05/2014 3:49:08 a.m. | Computer Name = Waipareira-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:34:03 PM on ?5/?25/?2014 was unexpected.
 
Error - 25/05/2014 3:49:23 a.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7024
Description = The Apache service terminated with service-specific error %%1.
 
Error - 25/05/2014 3:49:23 a.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7000
Description = The Cron service service failed to start due to the following error:
   %%2
 
Error - 25/05/2014 3:50:54 a.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7024
Description = The wampapache service terminated with service-specific error %%1.
 
Error - 25/05/2014 3:51:06 a.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7034
Description = The named service terminated unexpectedly.  It has done this 1 time(s).
 
Error - 25/05/2014 3:51:22 a.m. | Computer Name = Waipareira-PC | Source = Service Control Manager | ID = 7023
Description = The WinDefend service terminated with the following error:   %%126
 
 
< End of report >



#9 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 25 May 2014 - 03:31 AM

Hello AndreasNHagen,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 27 May 2014 - 03:01 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 27 May 2014 - 03:52 AM

Hi thanks for your post.

I need to find time to complete these current items.

I have been working late, taking care of my family and

last weekend I lost Internet connectivity and with only one laptop

had to figure how to resolve issue myself.  After reseting the firewall connectivity was restored (late last night).

I will let you know how it goes.

Regards,

Andreas



#12 AndreasNHagen

AndreasNHagen
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 02 June 2014 - 04:07 AM

Hi Jo*,

Malware Bytes anti rootkit, did not find anything.

Just an observation, after running AdwCleaner the system ran faster.

Br,

Andreas

 

 

# AdwCleaner v3.211 - Report created 03/06/2014 at 21:02:45
# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Whanau - WAIPAREIRA-PC
# Running from : C:\Users\Whanau\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : F06DEFF2-5B9C-490D-910F-35D3A91196222
Service Found : SafetyNutManager

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\Ask.xml
File Found : C:\Users\Whanau\AppData\Roaming\LiveSupport.exe_log.txt
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\Ask.xml
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\bingp.xml
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\searchplugins\conduit-search.xml
File Found : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\user.js
File Found : C:\Users\Whanau\AppData\Roaming\regsvr32.exe_log.txt
File Found : C:\Users\Whanau\daemonprocess.txt
File Found : C:\Windows\System32\roboot64.exe
Folder Found : C:\Program Files (x86)\Common Files\Tencent
Folder Found : C:\Program Files (x86)\MyPC Backup
Folder Found : C:\Program Files (x86)\PC Speed Maximizer
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\Speed Test 127
Folder Found : C:\Program Files (x86)\Tencent
Folder Found : C:\Program Files\Tencent
Folder Found : C:\ProgramData\BitGuard
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\BrowserProtect
Folder Found : C:\ProgramData\Registry Helper
Folder Found : C:\ProgramData\SafetyNut
Folder Found : C:\ProgramData\speedypc software
Folder Found : C:\ProgramData\Tencent
Folder Found : C:\ProgramData\wincert
Folder Found : C:\Users\Whanau\AppData\Local\genienext
Folder Found : C:\Users\Whanau\AppData\Local\jZip
Folder Found : C:\Users\Whanau\AppData\Local\Temp\apn
Folder Found : C:\Users\Whanau\AppData\Local\Temp\jZip
Folder Found : C:\Users\Whanau\AppData\Local\Temp\mt_ffx
Folder Found : C:\Users\Whanau\AppData\Local\Temp\Tencent
Folder Found : C:\Users\Whanau\AppData\LocalLow\DataMngr
Folder Found : C:\Users\Whanau\AppData\Roaming\DriverCure
Folder Found : C:\Users\Whanau\AppData\Roaming\newnext.me
Folder Found : C:\Users\Whanau\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Whanau\AppData\Roaming\speedypc software
Folder Found : C:\Users\Whanau\AppData\Roaming\Tencent
Folder Found : C:\Users\Whanau\Documents\Tencent

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKCU\Software\SafetyNut
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\speedypc software
Key Found : HKCU\Software\TENCENT
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\SafetyNut
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\speedypc software
Key Found : [x64] HKCU\Software\TENCENT
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\APN
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{75CC1BBE-D96F-45DF-A622-D60BFA8AF49E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E09EF104-3849-47F4-B005-A120558F3FEF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FB61B649-3FC8-4754-89A2-501456130AB5}
Key Found : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.BackgroundHostObject
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.BackgroundHostObject.1
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.Navbar
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.Navbar.1
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.ScriptHostObject
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.ScriptHostObject.1
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.Tool
Key Found : HKLM\SOFTWARE\Classes\Speed Test 127.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsemngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsermngr.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundlesweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cltmngsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta babylon.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta tb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\delta2.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltainstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltasetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deltatb_2501-c733154b.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iminentsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rjatydimofu.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweetimsetup.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbdelta.exetoolbar783881609.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11C8C9C0-D918-44C0-8B5E-D297DA42F2C7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Speed Test 127
Key Found : HKLM\Software\Registry Helper
Key Found : HKLM\Software\SafetyNut
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\speedypc software
Key Found : HKLM\Software\TENCENT
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Registry Helper]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x64]
Value Found : HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls [x86]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Users\ping\AppData\Roaming\Mozilla\Firefox\Profiles\7idq6dx0.default\prefs.js ]

[ File : C:\Users\Whanau\AppData\Roaming\Mozilla\Firefox\Profiles\2iem13dr.default\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "Ask.com");
Line Found : user_pref("browser.search.order.1", "Ask.com");
Line Found : user_pref("browser.search.selectedEngine", "Ask.com");
Line Found : user_pref("browser.startup.homepage", "hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-101&v=a12834-299&t=4");
Line Found : user_pref("extensions.APN_TB.first-previous-keyword-url", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=215&systemid=448&v=n10781-218&apn_dtid=TCH001&apn_ptnrs=AGI&apn_uid=7130430203754928&o=APN1[...]
Line Found : user_pref("extensions.SGT-V7.previous-keyword-url", "\"hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=215&systemid=448&v=n10781-218&apn_dtid=TCH001&apn_ptnrs=AGI&apn_uid=7130430203754928&o=APN10648[...]
Line Found : user_pref("keyword.URL", "hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=101&systemid=488&v=a12834-299&apn_dtid=TCH001&apn_ptnrs=AG1&apn_uid=0837710009844045&o=APN11459&q=");

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\Whanau\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP3052A862-B660-4374-8D53-DC4AB35C17B9&q={searchTerms}&SSPV=
Found [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=101&systemid=488&v=a12834-299&apn_uid=0837710009844045&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
Found [Startup_urls] : hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-101&v=a12834-299&t=4
Found [Homepage] : hxxp://www.search.ask.com/?o=APN11459&gct=hp&d=488-101&v=a12834-299&t=4

*************************

AdwCleaner[R5].txt - [16871 octets] - [03/06/2014 21:02:45]

########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [16932 octets] ##########



#13 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 02 June 2014 - 04:21 AM

Hello AndreasNHagen,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 04 June 2014 - 04:04 AM

Hi,

it has been several days since I sent my last set of instructions to help with your computer problem.

Please let me know if you are having problems and still need help.

Note: Threads will be closed if no response after 3 days.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:30 PM

Posted 13 June 2014 - 02:57 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users