Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Help! Am being plagued by adware.

2»

Comments

  • Registered Users Posts: 840 ✭✭✭jsa112


    na wouldn't be a hardware problem id say. not sure much more advice I can give.

    where are the popups sending to you, and what sites give you them ?


  • Registered Users Posts: 102 ✭✭WildSaffron


    The popups are gone now - just the problem morphed into weird changes on my computer and not being able to download files.

    Thanks for all your help with this - it is a headscratcher, alright.


  • Registered Users Posts: 282 ✭✭The Bogman


    Apologies for jumping on this thread,but I'm having similar problems.
    Only in the last few hours, started having problems with ads. If it makes any difference,I use chrome. Some open tabs just randomly change to ads, as well as tabs with ads just opening by themselves. I've attached a pic of other ads that come up when I hover on words in text.
    Any help would be appreciated. Never had bother before and completely clueless here


  • Registered Users Posts: 840 ✭✭✭jsa112


    either of you use RSS reader or things like that ?


    bogman, do this


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users Posts: 282 ✭✭The Bogman


    OTL Extras logfile created on: 4/6/2014 10:57:07 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.65% Memory free
    7.87 Gb Paging File | 6.29 Gb Available in Paging File | 80.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 179.00 Gb Total Space | 101.56 Gb Free Space | 56.74% Space Free | Partition Type: NTFS
    Drive D: | 266.10 Gb Total Space | 69.53 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0BB92B6A-D134-483F-9AFB-0EB1FC6EF27B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{1553C6EE-FE58-4F82-BA14-7F9A06013E68}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{20EF9453-0E6C-4155-A661-CA33309BE21E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{21353298-517D-444A-AB7D-8C3D0FB11D9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{29DC7B12-6E4B-49D7-83B1-CDF1B49BC90A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
    "{2D0D0625-9109-4E9A-86EA-C13DC210F824}" = rport=445 | protocol=6 | dir=out | app=system |
    "{2DCC6B5F-5688-4BF3-84A7-D7F59EBBE6B8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3164B168-A04A-4FA6-995B-59FD2E4ACB79}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{33D796DC-201E-4FDB-8859-710CE2EE064E}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3868D673-E363-4C38-B2E9-050AEB14E115}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{3E2B1AF3-C7D6-4757-B761-E0BE0A3EEF95}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{430C60C2-DC7B-4D54-B855-1811C9A8A863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4FCF4013-02CE-4A73-BFF2-A2DEDD7D8560}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6D3A6760-C0AB-4DB2-A948-59BC4013945A}" = lport=445 | protocol=6 | dir=in | app=system |
    "{7718908E-FF59-4EDF-8D3F-EB3925CC4120}" = lport=139 | protocol=6 | dir=in | app=system |
    "{7B118E41-53BF-462C-AD17-81ED57ECE91F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{89BF4CA6-BBE7-4FC7-9AFF-C6AC153405B8}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A244EFBF-8524-483B-A537-5B7615BD1486}" = lport=137 | protocol=17 | dir=in | app=system |
    "{A55B1AF4-0D73-44F0-BE69-33942CE21F6F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B9821193-5E6C-4423-B3BE-85B633FF6F59}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BA0979BC-963C-477C-AE22-00459F2DAFC9}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C175D50B-3B2C-4BB7-91CF-9362053EE623}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C77357C6-FDA2-4F1E-B8BA-9F180D7EDC62}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CE953274-3481-4246-807C-D188B703EBA8}" = lport=138 | protocol=17 | dir=in | app=system |
    "{D8B9A211-0A7B-434B-8A83-7045F35D8169}" = rport=137 | protocol=17 | dir=out | app=system |
    "{FBA63F90-E3D1-4FA3-8E92-AC741B6E8C8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{051790AB-2B0F-4E7F-88E3-9FB0466FE248}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{084BB337-01E0-42B8-9767-F663C4E90EEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{0E7373F9-C582-4DCE-9EA4-256088A05D8E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{168B0EEB-C93B-45DA-8381-9DA1CCC36622}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1ECF6828-9558-437D-A223-1C430966192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{23EF260C-B286-4C61-9637-A0964A4ED774}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{3679D30D-5F47-4FEB-B2FC-8A5B36EEF781}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{3C39381E-C1A7-42C6-ABA9-491552C1B4A9}" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\rpds\bin\rpdsvc.exe |
    "{444EEEEB-52E5-4B48-A83C-6EBEBE34ECED}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{452006E6-A965-412B-8603-67ED0E8A1CE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{4C6821C4-BB13-4FFE-9E61-E8D9FA987C0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5ACD761B-1539-4796-93D0-2DD8BF8BDA5C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{68A2A602-30C3-406F-8258-9243DD094E1B}" = protocol=6 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
    "{69E0FA1E-8206-43B7-8976-8929B1C6C5FD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6FD5E9FF-B76A-4194-8E31-206F2583BB4D}" = protocol=17 | dir=in | app=c:\program files\solidworks corp\solidworks\swscheduler\dtscoordinatorservice.exe |
    "{7ACA7E61-80FB-4B03-B807-2FB259E9D3E3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{87A59B10-49C3-4CF8-A6FC-6BF7FEE92D15}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{8E69605F-BC0D-4E75-8D46-76C49D479950}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{94996B2F-FD22-466F-80A3-FF9B1FC397EE}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{96153E15-5DD1-4FA0-B705-1CA9F6264D07}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9D3D41E8-ED8C-46A5-AB71-8CAC64B9D1CA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{9F4E6C9B-57F2-4E24-A006-AEEBC413A95A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A09C4E52-03B9-4ACE-8435-11F7B5C18028}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{A5371150-19B2-4C03-9425-30868E5457A9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{B0530D48-366B-4D53-BD84-977F19F919C8}" = protocol=6 | dir=out | app=system |
    "{B435673E-91F1-482E-A168-4E49F8697445}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C615D0C6-6D42-48D8-83EB-C90FDC3D63B0}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
    "{D2CF65B6-851B-4CED-AD04-C4882A997414}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
    "{DDEF0D20-AB52-4B53-90FF-DA69230DFB15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E1151F1F-BBE3-48A5-96C1-03F027C90E02}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{E647434F-DCBE-4CEA-8EFB-65FFFA7C20B9}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
    "{EA9918C2-2FBF-4279-9580-83D90C02AA63}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{FEDE767F-99B6-4A25-9CAC-67E9533472CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "TCP Query User{62DB7519-C886-4CB1-AC2A-032FD57AA33D}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "TCP Query User{D380EC51-F027-4C83-9203-170094BA9910}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{983CC25E-6DD9-413D-B721-F939C50D11DC}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{A44EDB59-BBA9-4B89-9039-3A8AB2214BBB}C:\users\user\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources
    "{215D88B7-661F-4C71-A7F9-75E53E9A5061}" = SolidWorks eDrawings 2012 x64 Edition SP02
    "{21E47F47-C9A7-4454-BA48-388327B0EA00}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{27F3F8DE-AC95-4E10-90A6-EBA999DDBCAF}" = Windows Live Remote Service Resources
    "{29CFD07F-4971-41B0-B14D-621ACCC264AC}" = Windows Live Remote Service Resources
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{3B12A1AA-A3FB-4047-9520-A8584425FF8F}" = DraftSight x64
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{4C66F076-D3AB-49C8-85D4-BAA6D82FCAE2}" = SolidWorks 2012 x64 Edition SP02
    "{4C9845D5-9FAD-4C52-B389-CAEF0F216215}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{641B32DB-8226-4250-86C9-34671162F5D5}" = Windows Live Remote Client Resources
    "{6498E673-B9C2-4544-A722-1E854B5B573E}_is1" = Cold Turkey version 0.9
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6A2482BC-733A-404A-939A-2D5BC636E6F9}" = Windows Live Remote Service Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{78654366-5889-4A70-90D9-04B00709EEE0}" = Windows Live Remote Client Resources
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{811D5159-D798-491F-B9C6-9BDBF6B02D06}" = Windows Live Remote Service Resources
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F0793412-6407-4870-9A8C-6FE198A4EB12}" = Windows Live Remote Client Resources
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
    "Elantech" = ETDWare PS/2-X64 8.0.7.0_WHQL
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "McAfee Security Scan" = McAfee Security Scan Plus
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{0119B342-476F-4F5A-B712-144B5CFA781F}" = Windows Live Movie Maker
    "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{0765012B-51F6-4868-875E-9C14755B338C}" = RealDownloader
    "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
    "{07E15DDE-CAD9-434D-B24D-35708E3BEA09}" = Windows Live 필수 패키지
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{142D8CA7-2C6F-45A7-83E3-099AAFD99133}" = Samsung Update Plus
    "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19ADD3BF-C42B-47DC-81C6-5E9731B668C4}" = „Windows Live Essentials“
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1DF9729D-2A51-4CA1-B4CE-2B432D7ABA7C}" = Samsung AnyWeb Print
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{26513CE5-7A51-478D-93BD-AC1D38103463}" = Windows Live Messenger
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{2720009D-9566-45A7-A370-0E6DAC313F3F}" = „Windows Live Mail“
    "{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2CC0789D-D31B-445F-8970-6E058BE39754}" = Windows Live UX Platform Language Pack
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
    "{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
    "{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34AB675C-1965-44B5-B5A7-B02EE6196AD3}" = Windows Live Messenger
    "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B8F240C-B75E-4A1E-BDCC-6C7F033078A3}" = Windows Live UX Platform Language Pack
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{442032CB-900C-49C7-B4B4-2B76525DD403}" = Windows Live Photo Common
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4F35DF91-F834-41F7-A287-0E377D55C486}" = Windows Live Photo Common
    "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{517EAAB9-C35E-4949-B8C2-20C241162BBB}" = Windows Live Pošta
    "{51FFAC89-B6B0-4E6E-B76F-6D4E2E83086A}" = Windows Live 메일
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{532802A1-6DD5-4D70-ACBD-CDF88AFFAE88}" = iMindMap 7
    "{539A0CEA-17E4-4FE4-A5E8-EC5D40610A79}" = „Windows Live Messenger“
    "{545192D4-E817-4EAA-834D-623EA50CF268}" = Windows Live UX Platform Language Pack
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D163056-96B7-440F-A836-89BA5D3CFF2F}" = Windows Live Photo Common
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61506B53-EE02-46CE-8464-3F806947978F}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B3BAE39-4ED1-4EEB-9769-A3AA0AA58CB4}" = Windows Live Movie Maker
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
    "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
    "{6DCE9C3E-3DB7-4C3C-8B80-BC55781BB7B6}" = Windows Live Writer Resources
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
    "{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}" = savinshoP
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
    "{71684DFF-CDED-450C-AF0C-4A1A6438A1A5}" = Windows Live Essentials
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7780682A-47C9-480D-90BE-247539342595}" = Windows Live UX Platform Language Pack
    "{77BC9EAF-14C7-4338-9B1C-D5A3E142C0B8}" = Windows Live Photo Common
    "{77DAF553-291A-4471-988C-5677D90DB57E}" = Windows Live Writer Resources
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7BCAC0EB-3993-2416-0531-848C39DF8B65}" = ExtraShouppEr
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{829CDAAD-5AF1-482F-978B-591C16A34ACC}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86E6D3A7-3ADC-44C0-B94E-85D2A9DD36B0}" = Windows Live Writer
    "{8732818E-CA78-4ACB-B077-22311BF4C0E4}" = Easy Network Manager
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}" = Facebook Video Calling 2.0.0.447
    "{8EB62C87-AAA6-4850-A5BC-64155884B973}" = SketchUp 8
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E771D5B-C429-4CBC-8730-3EBD9EC99E4C}" = Windows Live Movie Maker
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A1668729-C4D2-49AE-877B-FB608362FFF1}" = Windows Live Essentials
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B4712CB7-27D7-4F61-8805-BCF9BE1CFC4A}" = Windows Live Writer Resources
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{B81722D3-0A95-4BDE-AA1A-A2A5D12FCDB2}" = Windows Live Foto-galerija
    "{B9B66F77-9D00-4CA4-BDF1-BBA8236B4DB6}" = Windows Live Writer
    "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C877E454-FA36-409A-A00E-1240CEC61BBD}" = „Windows Live“ fotogalerija
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C8A2793D-EFF2-4069-95BF-A28192E39DEB}" = Windows Live Writer
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{CF936193-C584-458C-B793-15FA945621AF}" = Windows Live fotoattēlu galerija
    "{CF9DEFAA-12CD-4D04-AA45-F9F667D21E2E}" = Windows Live Movie Maker
    "{D06F10C5-3EDD-4B29-A3B5-16BBB9A047F8}" = Windows Live Mesh
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D27DF849-C8C7-4892-A7F1-E0B381A1BD01}" = Windows Live Writer
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
    "{D57D43BF-699A-429F-AF8C-AF1867222800}" = Windows Live 사진 갤러리
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{D987098B-3AD4-4E88-B80E-CF27A32D1955}" = Windows Live Writer Resources
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
    "{E3AE96D6-E196-45B4-AF62-2B41998B9E37}" = UpdateService
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{EAB1BDF2-734A-4D44-9169-7615D185C974}" = Windows Live Mesh
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC20FB81-9B5E-4B97-92A2-8DC52548EFCE}" = Windows Live Mesh
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F66430D8-08E6-4C96-B9B7-90E66E27D58C}" = Windows Live Mail
    "{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
    "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}" = Bing Bar
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "Marvell Miniport Driver" = Marvell Miniport Driver
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "NIS" = Norton Internet Security
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Optimizer Pro_is1" = Optimizer Pro v3.2
    "QuickTime" = QuickTime
    "RealPlayer 17.0" = RealPlayer Cloud
    "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
    "Samsung Universal Print Driver" = Samsung Universal Print Driver
    "SolidWorks Installation Manager 20120-40200-1100-100" = SolidWorks 2012 x64 Edition SP02
    "WinLiveSuite" = Windows Live 程式集
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 4/2/2014 2:47:06 PM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/2/2014 7:03:35 PM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/3/2014 8:01:00 AM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/3/2014 2:52:08 PM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/3/2014 5:47:05 PM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/4/2014 5:08:45 AM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/5/2014 7:11:42 AM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/5/2014 11:43:27 AM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/5/2014 3:15:06 PM | Computer Name = user-PC | Source = Google Update | ID = 20
    Description =

    Error - 4/6/2014 5:48:34 AM | Computer Name = user-PC | Source = Application Virtualization Client | ID = 2005
    Description = The Application Virtualization Core Service could not contact the
    Service Control Dispatcher.

    [ Media Center Events ]
    Error - 9/12/2013 4:46:23 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 21:46:23 - Error connecting to the internet. 21:46:23 - Unable
    to contact server..

    Error - 9/12/2013 4:46:30 PM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 21:46:29 - Error connecting to the internet. 21:46:29 - Unable
    to contact server..

    Error - 9/27/2013 7:43:06 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 12:43:06 - Error connecting to the internet. 12:43:06 - Unable
    to contact server..

    Error - 9/27/2013 7:44:27 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 12:43:15 - Error connecting to the internet. 12:43:15 - Unable
    to contact server..

    Error - 10/8/2013 8:41:39 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 13:41:39 - Error connecting to the internet. 13:41:39 - Unable
    to contact server..

    Error - 10/8/2013 8:41:50 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 13:41:44 - Error connecting to the internet. 13:41:44 - Unable
    to contact server..

    Error - 10/8/2013 9:41:55 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 14:41:55 - Error connecting to the internet. 14:41:55 - Unable
    to contact server..

    Error - 10/8/2013 9:42:01 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 14:42:00 - Error connecting to the internet. 14:42:00 - Unable
    to contact server..

    Error - 10/8/2013 10:42:06 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 15:42:06 - Error connecting to the internet. 15:42:06 - Unable
    to contact server..

    Error - 10/8/2013 10:42:12 AM | Computer Name = user-PC | Source = MCUpdate | ID = 0
    Description = 15:42:11 - Error connecting to the internet. 15:42:11 - Unable
    to contact server..

    [ System Events ]
    Error - 4/5/2014 7:12:33 AM | Computer Name = user-PC | Source = Tcpip | ID = 4199
    Description = The system detected an address conflict for IP address 192.168.1.100
    with the system having network hardware address 84-7A-88-1D-09-3D. Network operations
    on this system may be disrupted as a result.

    Error - 4/5/2014 8:13:09 PM | Computer Name = user-PC | Source = DCOM | ID = 10010
    Description =

    Error - 4/5/2014 8:15:41 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the CTService
    service to connect.

    Error - 4/5/2014 8:15:41 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
    Description = The CTService service failed to start due to the following error:
    %%1053

    Error - 4/6/2014 5:47:34 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the RealPlayer
    Update Service service to connect.

    Error - 4/6/2014 5:48:07 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
    Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
    Detection service which failed to start because of the following error: %%1058

    Error - 4/6/2014 5:48:20 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7001
    Description = The Client Virtualization Handler service depends on the Application
    Virtualization Client service which failed to start because of the following error:
    %%0

    Error - 4/6/2014 5:48:23 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    PxHlpa64

    Error - 4/6/2014 5:53:08 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the eventlog service.

    Error - 4/6/2014 5:55:51 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7022
    Description = The Windows Update service hung on starting.


    < End of report >


  • Advertisement
  • Registered Users Posts: 282 ✭✭The Bogman


    OTL logfile created on: 4/6/2014 10:57:07 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 65.65% Memory free
    7.87 Gb Paging File | 6.29 Gb Available in Paging File | 80.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 179.00 Gb Total Space | 101.56 Gb Free Space | 56.74% Space Free | Partition Type: NTFS
    Drive D: | 266.10 Gb Total Space | 69.53 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    PRC - [2014/03/30 16:45:30 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    PRC - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
    PRC - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    PRC - [2014/02/06 18:17:45 | 000,296,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2014/01/28 17:13:54 | 000,418,808 | ---- | M] (PC Utilities Software Limited) -- C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
    PRC - [2014/01/19 00:50:34 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
    PRC - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
    PRC - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2012/02/03 13:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2010/08/27 02:52:12 | 002,782,064 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe
    PRC - [2010/08/09 10:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2010/07/27 06:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/03/13 13:11:57 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
    MOD - [2014/03/13 13:11:33 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/03/13 13:11:20 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/03/13 13:11:04 | 001,947,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a627e2bfb55b5f583da237b214097f34\Microsoft.VisualBasic.ni.dll
    MOD - [2014/03/13 13:10:52 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/03/13 13:10:41 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/03/13 13:10:30 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
    MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2011/03/08 15:23:54 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2011/03/08 15:23:52 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2011/03/08 15:23:52 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
    SRV:64bit: - [2013/12/08 02:04:20 | 000,062,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Cold Turkey\CTService.exe -- (CTService)
    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/03/08 23:18:41 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/12/27 14:59:14 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
    SRV:64bit: - [2012/01/20 05:00:10 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV:64bit: - [2009/07/14 02:39:31 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\windows\SysNative\rundll32.exe -- (70e6ca8c)
    SRV - [2014/03/13 13:44:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
    SRV - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
    SRV - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/03/08 23:14:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2013/03/08 23:14:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
    SRV - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/04/18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/04/18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/04/06 10:24:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/05 12:03:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/10 03:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/07/08 09:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/08 21:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2012/05/05 15:50:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\ex64.sys -- (NAVEX15)
    DRV - [2012/05/05 15:50:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\eng64.sys -- (NAVENG)
    DRV - [2012/04/28 01:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/04/05 20:16:18 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/04/05 20:16:18 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/04/03 00:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/08/26 08:47:41 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBIE464
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/06 09:42:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/06 10:48:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{10E4285F-D79B-4147-9447-81DFF109A394}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/06 18:19:29 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2014/03/26 18:30:46 | 000,001,273 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    O2:64bit: - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.x64.dll ()
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.x64.dll ()
    O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.dll ()
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O2 - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [{532802A1-6DD5-4D70-ACBD-CDF88AFFAE88}] C:\Users\user\Downloads\imindmap7_windows_7.0.2.exe (ThinkBuzan)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
    O4 - HKCU..\Run: [Spotify] C:\Users\user\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap7 Preloader.lnk = C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1106A272-521F-470E-9981-77C73794F130}: DhcpNameServer = 10.220.1.10 10.220.1.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D64DDFE7-E070-425E-B87A-025EF1D5EAB4}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Optimizer Pro\OptProCrash_x64.dll) - C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll ()
    O20 - AppInit_DLLs: (c:\progra~2\optimizer pro\optprocrash.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/06 10:55:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2014/04/05 00:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\savinshoP
    [2014/04/04 23:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\977078e4f2aec587
    [2014/04/04 23:30:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages
    [2014/04/04 23:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ExtraShouppEr
    [2014/03/30 11:42:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/03/27 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
    [2014/03/27 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDDC42E4-D929-4D6A-B277-6CA4B6D2807D}
    [2014/03/25 20:46:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYPFYPFYP
    [2014/03/25 20:24:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\****
    [2014/03/19 19:55:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYP Done
    [2014/03/11 13:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2014/03/09 20:11:36 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Optimizer Pro
    [2014/03/09 20:11:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Optimizer Pro
    [2014/03/09 20:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
    [2014/03/09 20:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
    [1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/04/06 11:01:21 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/06 11:01:21 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2014/04/06 10:54:47 | 000,783,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/04/06 10:54:47 | 000,667,564 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/04/06 10:54:47 | 000,126,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/04/06 10:51:51 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/06 10:48:38 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
    [2014/04/06 10:48:23 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/04/06 10:47:50 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
    [2014/04/06 10:47:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/04/06 01:15:31 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/06 01:14:41 | 4224,303,104 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/05 19:13:11 | 000,000,284 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
    [2014/04/05 16:47:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
    [2014/04/05 12:11:39 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
    [2014/04/01 23:24:08 | 000,000,000 | ---- | M] () -- C:\Users\user\Desktop\1396391048115.jpg
    [2014/03/30 11:44:18 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
    [2014/03/20 23:20:40 | 000,434,096 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2014/03/15 10:57:56 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
    [2014/03/13 13:02:21 | 000,767,774 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2014/03/11 13:08:42 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/04/02 11:09:46 | 000,000,000 | ---- | C] () -- C:\Users\user\Desktop\1396391048115.jpg
    [2014/03/25 11:41:46 | 003,500,720 | ---- | C] () -- C:\Users\user\Desktop\FYP Eoghan O Connor.pdf
    [2014/03/11 13:08:42 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/03/10 13:46:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Temptable.xml
    [2013/03/08 23:28:34 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
    [2012/04/19 19:02:20 | 001,384,448 | ---- | C] () -- C:\Users\user\s-1-5-21-1964744218-1090075281-1278556077-1001.rrr
    [2012/04/05 19:48:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/08 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DassaultSystemes
    [2013/03/10 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DraftSight
    [2013/03/10 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EDrawings
    [2012/01/11 00:41:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FloodLightGames
    [2012/07/03 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
    [2012/07/03 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2014/03/09 20:11:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Optimizer Pro
    [2012/02/24 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
    [2012/04/17 19:01:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic
    [2011/12/28 15:58:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
    [2013/10/02 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
    [2014/04/06 10:52:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spotify
    [2014/02/18 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ThinkBuzan
    [2011/12/28 18:29:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
    [2012/06/01 08:58:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >


  • Registered Users Posts: 840 ✭✭✭jsa112


    this should help. go to add/remove programs and uninstall these

    "{7BCAC0EB-3993-2416-0531-848C39DF8B65}" = ExtraShouppEr
    "{70BD2558-27DA-8B02-02D0-D8704ECD2EDF}" = savinshoP


    open OTL copy this into the box


    :OTL
    O2:64bit: - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.x64.dll ()
    O2:64bit: - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.x64.dll ()
    O2 - BHO: (savinshoP) - {36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} - C:\ProgramData\savinshoP\I1cfSLC.dll ()
    O2 - BHO: (ExtraShouppEr) - {B431C372-C536-F46E-C08B-D6750754D1B7} - C:\ProgramData\ExtraShouppEr\XhyGBA.dll ()
    [2014/04/05 00:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\savinshoP
    [2014/04/04 23:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ExtraShouppEr
    [2014/04/04 23:30:24 | 000,000,000 | ---D | C] -- C:\ProgramData\977078e4f2aec587
    [2014/04/04 23:30:18 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Packages

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click run fix post the log it gives


  • Registered Users Posts: 282 ✭✭The Bogman


    This might be a silly question, but how do I find add/remove programs to uninstall?






    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
    C:\ProgramData\savinshoP\I1cfSLC.x64.dll moved successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
    C:\ProgramData\ExtraShouppEr\XhyGBA.x64.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A}\ deleted successfully.
    C:\ProgramData\savinshoP\I1cfSLC.dll moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B431C372-C536-F46E-C08B-D6750754D1B7}\ deleted successfully.
    C:\ProgramData\ExtraShouppEr\XhyGBA.dll moved successfully.
    C:\ProgramData\savinshoP folder moved successfully.
    C:\ProgramData\ExtraShouppEr folder moved successfully.
    C:\ProgramData\977078e4f2aec587 folder moved successfully.
    C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\{B431C372-C536-F46E-C08B-D6750754D1B7} folder moved successfully.
    C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC\{36A4A454-904F-B5FF-EBCA-88EA8E98CA1A} folder moved successfully.
    C:\Users\user\AppData\Local\Packages\windows_ie_ac_001\AC folder moved successfully.
    C:\Users\user\AppData\Local\Packages\windows_ie_ac_001 folder moved successfully.
    C:\Users\user\AppData\Local\Packages folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user
    ->Temp folder emptied: 563292 bytes
    ->Temporary Internet Files folder emptied: 115874277 bytes
    ->Flash cache emptied: 58570 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 25506 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17884493 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
    RecycleBin emptied: 832512 bytes

    Total Files Cleaned = 169.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: user
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: user

    Total Java Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\user\Desktop\cmd.bat deleted successfully.
    C:\Users\user\Desktop\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.69.0 log created on 04062014_114652

    Files\Folders moved on Reboot...
    C:\Users\user\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


  • Registered Users Posts: 840 ✭✭✭jsa112


    i'm not too familiar with your operating system, don't worry if you cant find it


    are you still getting the pop ups ?


  • Registered Users Posts: 282 ✭✭The Bogman


    I actually fond it and when I clicked on the two programs it told me they had already been deleted. Yep, still happening. Havent had any new tabs pop up or change, but I still have the ones like in the image attached above, aswell as a couple of others. Like when I open adverts.ie I get two different pop-ups for ebay.


  • Advertisement
  • Registered Users Posts: 840 ✭✭✭jsa112


    run adwcleaner, delete what it finds, and post the log here

    http://www.bleepingcomputer.com/download/adwcleaner/


  • Registered Users Posts: 282 ✭✭The Bogman


    # AdwCleaner v3.023 - Report created 06/04/2014 at 12:48:36
    # Updated 01/04/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : user - USER-PC
    # Running from : C:\Users\user\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    Service Deleted : 70e6ca8c

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Premium
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
    Folder Deleted : C:\Program Files (x86)\Optimizer Pro
    Folder Deleted : C:\users\user\AppData\Local\CrashRpt
    Folder Deleted : C:\users\user\AppData\Roaming\Optimizer Pro
    Folder Deleted : C:\users\user\AppData\Roaming\registry mechanic
    Folder Deleted : C:\users\user\Documents\Optimizer Pro

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_draftsight_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_draftsight_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - pro\optprocrash.dll
    Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Pro\OptProCrash_x64.dll

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16521


    *************************

    AdwCleaner[R0].txt - [4376 octets] - [06/04/2014 12:47:26]
    AdwCleaner[S0].txt - [4253 octets] - [06/04/2014 12:48:36]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4313 octets] ##########


  • Registered Users Posts: 840 ✭✭✭jsa112


    hows it running, issue still there ? if so, download malwarebytes, update it and run a quick scan

    http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html


  • Registered Users Posts: 282 ✭✭The Bogman


    Issues are still there. Updated and ran the scan. Gives me the option to quarantine, add exclusion, or ignore 4 detected items


    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 06/04/2014
    Scan Time: 13:53:07
    Logfile: a.txt
    Administrator: Yes

    Version: 2.00.1.1004
    Malware Database: v2014.04.06.05
    Rootkit Database: v2014.03.27.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Chameleon: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: user

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 258236
    Time Elapsed: 14 min, 20 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Shuriken: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.Installcore, C:\Users\user\Downloads\google-sketchup.exe, , [da43bd6a7b007abcc94fe70ab84b6f91],
    PUP.Optional.Topmedia, C:\Users\user\Downloads\Star_Trek_Into_Darkness_2013_HDCAM_Version_2_Pimp4003_(PimpRG)_secure.exe, , [3ae3fe290c6f8caa0b688d55ab5837c9],
    Adware.IBryte, C:\Users\user\Downloads\mplayer_Setup.exe, , [6cb16cbb314ada5c051c348e2ad68080],
    PUP.Optional.Softonic, C:\Users\user\Downloads\SoftonicDownloader_for_draftsight.exe, , [b96458cfb2c9072f68dadf1ee818ff01],

    Physical Sectors: 0
    (No malicious items detected)


    (end)


  • Registered Users Posts: 840 ✭✭✭jsa112


    you can quarantine those

    then open OTL click quickscan and post that log


  • Registered Users Posts: 282 ✭✭The Bogman


    OTL logfile created on: 4/6/2014 2:05:06 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16521)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    3.93 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.99% Memory free
    7.87 Gb Paging File | 5.59 Gb Available in Paging File | 71.01% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 179.00 Gb Total Space | 103.96 Gb Free Space | 58.08% Space Free | Partition Type: NTFS
    Drive D: | 266.10 Gb Total Space | 69.53 Gb Free Space | 26.13% Space Free | Partition Type: NTFS

    Computer Name: USER-PC | User Name: user | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    PRC - [2014/03/30 16:45:30 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
    PRC - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
    PRC - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    PRC - [2014/02/06 18:17:45 | 000,296,008 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2014/01/19 00:50:34 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE
    PRC - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    PRC - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2013/10/27 11:04:40 | 000,557,056 | ---- | M] () -- C:\Program Files\Cold Turkey\CTConfigServer.exe
    PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
    PRC - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2012/02/03 13:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    PRC - [2011/02/07 10:55:24 | 001,757,264 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
    PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2010/08/09 10:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    PRC - [2010/07/27 06:28:38 | 004,382,312 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
    PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
    PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/03/15 01:50:40 | 013,637,448 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
    MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
    MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll
    MOD - [2014/03/15 01:50:35 | 000,716,616 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll
    MOD - [2014/03/15 01:50:34 | 000,100,168 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll
    MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
    MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Users\user\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
    MOD - [2014/03/13 13:11:57 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
    MOD - [2014/03/13 13:11:33 | 012,894,208 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
    MOD - [2014/03/13 13:11:20 | 001,644,544 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
    MOD - [2014/03/13 13:11:04 | 001,947,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.V9921e851#\a627e2bfb55b5f583da237b214097f34\Microsoft.VisualBasic.ni.dll
    MOD - [2014/03/13 13:10:52 | 006,990,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
    MOD - [2014/03/13 13:10:41 | 010,060,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
    MOD - [2014/03/13 13:10:30 | 016,953,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
    MOD - [2014/02/18 15:56:51 | 000,727,040 | ---- | M] () -- C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe
    MOD - [2012/05/25 05:25:00 | 000,921,600 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
    MOD - [2011/03/08 15:23:54 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    MOD - [2011/03/08 15:23:54 | 000,516,599 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\sqlite3.dll
    MOD - [2011/03/08 15:23:52 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetect.dll
    MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDisk.dll
    MOD - [2011/03/08 15:23:52 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcDetectLegend.dll
    MOD - [2011/03/08 15:23:52 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync 3.0\fdHttpd.dll
    MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
    MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2014/01/16 01:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
    SRV:64bit: - [2013/12/08 02:04:20 | 000,062,976 | ---- | M] () [Auto | Running] -- C:\Program Files\Cold Turkey\CTService.exe -- (CTService)
    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/03/08 23:18:41 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2012/12/27 14:59:14 | 000,123,392 | ---- | M] (Dassault Systèmes) [Auto | Running] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
    SRV:64bit: - [2012/01/20 05:00:10 | 000,089,160 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service)
    SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2014/03/13 13:44:40 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2014/02/06 18:17:53 | 001,141,336 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
    SRV - [2013/12/16 20:34:22 | 000,247,968 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE -- (BBUpdate)
    SRV - [2013/12/16 20:34:22 | 000,193,696 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE -- (BBSvc)
    SRV - [2013/12/16 18:44:52 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
    SRV - [2013/12/14 16:48:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/03/08 23:14:55 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2013/03/08 23:14:54 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2012/06/16 03:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
    SRV - [2012/02/03 13:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2010/06/01 07:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2014/04/06 14:01:36 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
    DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
    DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2012/07/06 03:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/07/06 03:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/06/07 05:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
    DRV:64bit: - [2012/05/22 02:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/04/18 03:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/04/18 02:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/04/06 10:24:28 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/08/05 12:03:48 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/07/25 19:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/11 20:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/10 03:01:56 | 000,111,616 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/07/08 09:28:46 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010/06/25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/08 21:08:36 | 000,121,800 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HtcVComV64.sys -- (HtcVCom32)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
    DRV - [2012/05/05 15:50:28 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\ex64.sys -- (NAVEX15)
    DRV - [2012/05/05 15:50:28 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120504.033\eng64.sys -- (NAVENG)
    DRV - [2012/04/28 01:18:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120505.001\IDSviA64.sys -- (IDSVia64)
    DRV - [2012/04/05 20:16:18 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/04/05 20:16:18 | 000,138,360 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/04/03 00:38:04 | 001,160,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120413.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2011/08/26 08:47:41 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2004/09/23 02:03:00 | 000,026,720 | ---- | M] (Sonic Solutions) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\PxHlpa64.sys -- (PxHlpa64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung.msn.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_en-GBIE464
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.7.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.4.61: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/04/06 09:42:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/06 14:03:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{10E4285F-D79B-4147-9447-81DFF109A394}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/02/06 18:19:29 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/02/06 18:19:29 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2014/04/06 11:48:00 | 000,000,098 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll (RealDownloader)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
    O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKCU..\Run: [{532802A1-6DD5-4D70-ACBD-CDF88AFFAE88}] C:\Users\user\Downloads\imindmap7_windows_7.0.2.exe (ThinkBuzan)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - HKCU..\Run: [Spotify] C:\Users\user\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\user\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iMindMap7 Preloader.lnk = C:\Users\user\.thinkbuzan\imindmap7\preload\iMindMap7_Preloader.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll ()
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1106A272-521F-470E-9981-77C73794F130}: DhcpNameServer = 10.220.1.10 10.220.1.11
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D64DDFE7-E070-425E-B87A-025EF1D5EAB4}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Optimizer) - File not found
    O20 - AppInit_DLLs: (c:\progra~2\optimizer) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/04/06 13:35:11 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/06 13:34:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    [2014/04/06 13:34:24 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/06 13:34:23 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
    [2014/04/06 13:34:23 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2014/04/06 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
    [2014/04/06 13:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/04/06 12:47:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/04/06 11:46:52 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/04/06 10:55:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2014/03/30 11:42:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2014/03/27 21:31:45 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Windows Live
    [2014/03/27 21:30:50 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{DDDC42E4-D929-4D6A-B277-6CA4B6D2807D}
    [2014/03/25 20:46:50 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYPFYPFYP
    [2014/03/25 20:24:42 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\****
    [2014/03/19 19:55:34 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\FYP Done
    [2014/03/11 13:08:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/04/06 14:08:55 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/04/06 14:08:55 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/04/06 14:03:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
    [2014/04/06 14:01:36 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/04/06 14:00:18 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/04/06 14:00:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/04/06 13:59:58 | 4224,303,104 | -HS- | M] () -- C:\hiberfil.sys
    [2014/04/06 13:51:13 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/04/06 13:47:05 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001UA.job
    [2014/04/06 13:44:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/04/06 13:37:59 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/06 11:48:00 | 000,000,098 | R--- | M] () -- C:\windows\SysNative\drivers\etc\Hosts
    [2014/04/06 11:03:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
    [2014/04/06 10:55:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
    [2014/04/06 10:54:47 | 000,783,464 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/04/06 10:54:47 | 000,667,564 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/04/06 10:54:47 | 000,126,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/04/05 19:13:11 | 000,000,284 | ---- | M] () -- C:\windows\tasks\RMSchedule.job
    [2014/04/05 16:47:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1964744218-1090075281-1278556077-1001Core.job
    [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
    [2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
    [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2014/04/01 23:24:08 | 000,000,000 | ---- | M] () -- C:\Users\user\Desktop\1396391048115.jpg
    [2014/03/30 11:44:18 | 000,002,155 | ---- | M] () -- C:\windows\epplauncher.mif
    [2014/03/20 23:20:40 | 000,434,096 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2014/03/15 10:57:56 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk
    [2014/03/13 13:02:21 | 000,767,774 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2014/03/11 13:08:42 | 000,002,178 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [1 C:\Users\user\Desktop\*.tmp files -> C:\Users\user\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/04/06 13:34:36 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/04/02 11:09:46 | 000,000,000 | ---- | C] () -- C:\Users\user\Desktop\1396391048115.jpg
    [2014/03/25 11:41:46 | 003,500,720 | ---- | C] () -- C:\Users\user\Desktop\FYP Eoghan O Connor.pdf
    [2014/03/11 13:08:42 | 000,002,178 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/03/10 13:46:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\Temptable.xml
    [2013/03/08 23:28:34 | 000,000,000 | ---- | C] () -- C:\windows\eDrawingOfficeAutomator.INI
    [2012/04/19 19:02:20 | 001,384,448 | ---- | C] () -- C:\Users\user\s-1-5-21-1964744218-1090075281-1278556077-1001.rrr
    [2012/04/05 19:48:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/08 23:26:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DassaultSystemes
    [2013/03/10 21:38:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DraftSight
    [2013/03/10 13:09:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EDrawings
    [2012/01/11 00:41:22 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\FloodLightGames
    [2012/07/03 20:32:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC
    [2012/07/03 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
    [2012/02/24 23:07:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PlayFirst
    [2011/12/28 15:58:58 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Samsung
    [2013/10/02 21:02:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client
    [2014/04/06 14:03:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Spotify
    [2014/02/18 15:52:17 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ThinkBuzan
    [2011/12/28 18:29:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP
    [2012/06/01 08:58:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\WildTangent

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720
    @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >


  • Registered Users Posts: 840 ✭✭✭jsa112


    can you go into the extension and add-on part of firefox and see if you can find anything relating to

    savinshoP
    ExtraShouppEr

    remove them if they are there


  • Registered Users Posts: 282 ✭✭The Bogman


    Yep. Both were enabled as extensions. Deleted them and all seems to be running smoothly again. Thanks for all your help!


Advertisement