[A] CPU 100% constantly... Hijack log

Inactive
By xionnokia
Jan 12, 2012
Topic Status:
Not open for further replies.
  1. Hello I am new to this site, but lately for about a week I have been having problems with Compaq Presario CQ56 laptop. As soon as i turn it on the CPU is at 100%. The PC slows befoe I even log in. I have norton internet secuirty, but i also just installed malwarebytes and regcure to see if that helped but nothing worked. did the latest windows update which also did not help. I learned that experts could help if i scaned with Hijack and presentd a log which led me hear, Can anyone assist me in this matter?
    EDIT: also my norton internet security is also unsecribed when I boot my ps

    [HJT log removed by Broni]

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. xionnokia

    xionnokia Newcomer, in training Topic Starter

    Thank you Broni, Here are the logs from the programs you suggested

    DDS only worked in safe mod due to cpu
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: H - No File
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - No File
    uRun: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [ZumoDrive] "C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    StartupFolder: C:\Users\vado\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6A33C25C-FF4D-447C-8F82-44BDAB47153F} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6A33C25C-FF4D-447C-8F82-44BDAB47153F}\14E64627F69646455647865627 : DhcpNameServer = 192.168.2.254
    TCP: Interfaces\{6A33C25C-FF4D-447C-8F82-44BDAB47153F}\2375942554232363 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6A33C25C-FF4D-447C-8F82-44BDAB47153F}\2375942554737333 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{6A33C25C-FF4D-447C-8F82-44BDAB47153F}\755626449637369607C65637 : DhcpNameServer = 10.84.2.4 10.84.2.25
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll
    BHO-X64: Browser Defender BHO - No File


    DDS ATTACH
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/1/2011 1:46:13 PM
    System Uptime: 1/13/2012 5:52:49 PM (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 1605
    Processor: Intel(R) Celeron(R) CPU 900 @ 2.20GHz | CPU | 2194/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 214 GiB total, 91.707 GiB free.
    D: is FIXED (NTFS) - 19 GiB total, 2.738 GiB free.
    E: is CDROM ()
    F: is FIXED (NTFS) - 0 GiB total, 0.161 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: avast! Network Shield Support
    Device ID: ROOT\LEGACY_ASWTDI\0000
    Manufacturer:
    Name: avast! Network Shield Support
    PNP Device ID: ROOT\LEGACY_ASWTDI\0000
    Service: aswTdi
    .
    ==== System Restore Points ===================
    .
    RP179: 1/10/2012 2:40:03 PM - Installed Java(TM) 6 Update 30
    RP183: 1/12/2012 8:59:58 AM - Windows Update
    RP184: 1/12/2012 9:54:22 AM - Removed ooVoo
    RP185: 1/12/2012 5:29:55 PM - Windows Update
    RP186: 1/13/2012 12:39:34 AM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acoustica Effects Pack
    Acoustica Mixcraft 5
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader 9.5.0 MUI
    Adobe Shockwave Player 11.5
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Software Update
    Ares 2.1.7
    ASIO4ALL
    Atheros Driver Installation Program
    avast! Internet Security
    Bejeweled 2 Deluxe
    Bing Bar
    Bing Rewards Client Installer
    Blackhawk Striker 2
    Blasterball 3
    Blio
    Bounce Symphony
    Browser Defender 3.0
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Click to Call with Skype
    Compaq Setup Manager
    ConvertXtoDVD 3.0.0.7
    CopyTrans Suite Remove Only
    Coupon Printer for Windows
    CyberLink DVD Suite
    CyberLink MediaShow
    CyberLink PowerDVD 9
    CyberLink YouCam
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Energy Star Digital Logo
    Escape Rosecliff Island
    ESU for Microsoft Windows 7
    Farm Frenzy
    FATE
    ffdshow v1.1.3800 [2011-03-28]
    FileZilla Client 3.5.2
    Final Drive Nitro
    FL Studio 9
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hardcore
    Heroes of Hellas 2 - Olympia
    Hewlett-Packard ACLM.NET v1.1.1.0
    High-Definition Video Playback 10
    HiJackThis
    HP CloudDrive
    HP Customer Experience Enhancements
    HP Deskjet 1050 J410 series Help
    HP Documentation
    HP Game Console
    HP Games
    HP MovieStore
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Software Framework
    HP Update
    IL Download Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 30
    Jewel Quest Solitaire 2
    Junk Mail filter update
    K-Lite Codec Pack 7.0.0 (Full)
    LabelPrint
    LibUSB-Win32-0.1.10.1
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.60.0.1800
    Media Go
    Media Go Video Playback Engine 1.84.102.07010
    Microsoft Corporation
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 10.0 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Mystery P.I. - The London Caper
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero MediaHub 10
    Nero MediaHub 10 Help (CHM)
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    Norton Online Backup
    PASW Statistics Student Version 18.0
    PDF Settings CS5
    Penguins!
    PhotoNow!
    Picasa 3
    Plants vs. Zombies
    PlayReady PC Runtime x86
    PlayStation(R)Network Downloader
    PlayStation(R)Store
    PoiZone
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Power2Go
    PowerDirector
    QuickTime
    Realtek Ethernet Controller Driver For Windows 7
    Realtek High Definition Audio Driver
    Recovery Manager
    RegCure
    RoxioNow Player
    Sawer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Serif WebPlus X4
    Serif WebPlus X4 Resources
    Skype™ 5.5
    SPSS Inc. Data Access Pack 6.0 for Windows
    swMSM
    The Weather Channel Desktop 6
    Times Reader
    Toxic Biohazard
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Virtual DJ Pro Full - Atomix Productions
    Virtual Families
    Virtual Villagers 4 - The Tree of Life
    Vuze
    Vuze Remote Toolbar
    WBFS Manager 2.5
    Wheel of Fortune 2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinRAR 4.00 beta 7 (32-bit)
    Zero Assumption Recovery Version 9
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/9/2012 11:14:17 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/8/2012 6:54:12 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    1/8/2012 6:48:20 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
    1/8/2012 6:45:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    1/8/2012 6:43:04 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    1/8/2012 6:41:07 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    1/8/2012 6:31:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer CORYWILLIAMS-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6A33C25C-FF4D-447C-8F82-44BDAB47153F}. The master browser is stopping or an election is being forced.
    1/8/2012 6:10:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    1/8/2012 6:10:30 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/8/2012 6:10:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    1/8/2012 6:09:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    1/8/2012 6:04:30 PM, Error: Service Control Manager [7022] - The Server service hung on starting.
    1/8/2012 3:33:50 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/7/2012 7:05:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    1/7/2012 7:05:09 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2012 7:04:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    1/7/2012 7:04:09 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2012 7:03:09 AM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2012 11:14:57 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/7/2012 11:13:46 AM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/7/2012 11:13:37 AM, Error: Service Control Manager [7022] - The Application Virtualization Client service hung on starting.
    1/13/2012 7:36:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    1/13/2012 7:34:06 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    1/13/2012 5:53:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/13/2012 5:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/13/2012 5:53:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/13/2012 5:53:38 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    1/13/2012 5:53:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/13/2012 5:53:21 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache spldr SymSMR130 TfFsMon TFSysMon Wanarpv6
    1/13/2012 5:53:19 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    1/13/2012 5:51:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PhoneMyPC_Helper service to connect.
    1/13/2012 5:51:38 PM, Error: Service Control Manager [7000] - The PhoneMyPC_Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/13/2012 5:51:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Online Backup service to connect.
    1/13/2012 5:51:07 PM, Error: Service Control Manager [7000] - The Norton Online Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/13/2012 5:50:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LightScribeService Direct Disc Labeling Service service to connect.
    1/13/2012 5:50:19 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    1/13/2012 5:49:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HPWMISVC service to connect.
    1/13/2012 5:49:48 PM, Error: Service Control Manager [7000] - The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start due to the following error: The system cannot find the file specified.
    1/13/2012 5:49:48 PM, Error: Service Control Manager [7000] - The HPWMISVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/13/2012 5:48:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    1/13/2012 5:48:25 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/13/2012 3:22:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
    1/13/2012 2:44:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    1/13/2012 2:44:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    1/13/2012 2:44:25 AM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/13/2012 12:09:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TFSysMon
    1/13/2012 1:49:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/13/2012 1:14:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    1/13/2012 1:14:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
    1/13/2012 1:14:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    1/12/2012 9:43:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS TfFsMon TFSysMon Wanarpv6
    1/12/2012 9:21:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Windows Malicious Software Removal Tool x64 - January 2012 (KB890830).
    1/12/2012 9:06:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
    1/12/2012 9:06:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.
    1/12/2012 9:04:33 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 9:04:32 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    1/12/2012 9:04:32 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 9:03:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    1/12/2012 9:03:54 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:59:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
    1/12/2012 8:59:37 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:59:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    1/12/2012 8:57:13 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    1/12/2012 8:57:13 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:55:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
    1/12/2012 8:55:25 AM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:46:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
    1/12/2012 8:46:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Installer service to connect.
    1/12/2012 8:46:09 AM, Error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:46:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/12/2012 8:44:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the p2psvc service.
    1/12/2012 8:44:50 AM, Error: Service Control Manager [7000] - The Peer Networking Grouping service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:39:15 AM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/12/2012 8:38:51 AM, Error: Service Control Manager [7022] - The Peer Name Resolution Protocol service hung on starting.
    1/12/2012 8:34:07 AM, Error: Service Control Manager [7023] -
    1/12/2012 8:32:17 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PC Tools Security Service service to connect.
    1/12/2012 8:32:17 AM, Error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:29:03 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.
    1/12/2012 8:28:30 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.
    1/12/2012 8:22:28 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/12/2012 8:20:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service hpqwmiex with arguments "" in order to run the server: {F5539356-2F02-40D4-999E-FA61F45FE12E}
    1/12/2012 8:20:57 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    1/12/2012 8:14:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    1/12/2012 8:14:37 AM, Error: Service Control Manager [7022] - The IPsec Policy Agent service hung on starting.
    1/12/2012 8:10:37 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    1/12/2012 8:10:37 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:03:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    1/12/2012 8:03:51 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 8:03:51 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/12/2012 7:49:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    1/12/2012 7:49:24 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 6:49:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.
    1/12/2012 6:49:58 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 5:48:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 PCTSD spldr SRTSPX SymIRON SymNetS TfFsMon TFSysMon Wanarpv6
    1/12/2012 5:27:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    1/12/2012 12:22:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the RtVOsdService Installer service to connect.
    1/12/2012 12:22:15 AM, Error: Service Control Manager [7000] - The RtVOsdService Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 12:21:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Nero Update service to connect.
    1/12/2012 12:19:26 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMService service to connect.
    1/12/2012 12:19:26 AM, Error: Service Control Manager [7000] - The MBAMService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 12:17:45 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Wireless Assistant Service service to connect.
    1/12/2012 12:17:45 AM, Error: Service Control Manager [7000] - The HP Wireless Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 12:16:29 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
    1/12/2012 12:13:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    1/12/2012 12:13:21 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 12:10:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    1/12/2012 12:10:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
    1/12/2012 12:10:04 AM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2012 12:09:03 AM, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/12/2012 10:23:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
    1/12/2012 10:23:51 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/11/2012 4:19:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/11/2012 4:15:22 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 PCTSD spldr SRTSPX SymIRON SymNetS Wanarpv6
    1/11/2012 4:09:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
    1/11/2012 4:07:33 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
    1/11/2012 4:01:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the IPsec Policy Agent service to connect.
    1/11/2012 4:01:47 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/11/2012 3:57:01 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.
    1/11/2012 3:57:01 AM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/11/2012 3:53:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Client Services service to connect.
    1/11/2012 3:52:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Browser Defender Update Service service to connect.
    1/11/2012 3:52:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bonjour Service service to connect.
    1/11/2012 3:52:08 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/11/2012 11:28:55 AM, Error: Service Control Manager [7034] - The ThreatFire service terminated unexpectedly. It has done this 1 time(s).
    1/11/2012 11:19:57 AM, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    1/11/2012 11:19:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Apple Mobile Device service.
    1/11/2012 1:22:40 AM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
    1/10/2012 12:37:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
    .
    ==== End Of File ===========================
  4. xionnokia

    xionnokia Newcomer, in training Topic Starter

    GMR only worked in safe mod, but attempted in normal found 3files in normal but only 2 in safe
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-13 19:33:09
    Windows 6.1.7601 Service Pack 1
    Running: ig5uo8mb.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B04D494-B01C-31C0-1307-FBCC2E679E85}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B04D494-B01C-31C0-1307-FBCC2E679E85}@oadmifdknegchgjdnljpdolljnadlk 0x69 0x61 0x67 0x63 ...

    ---- EOF - GMER 1.0.15 ----


    MBAM

    Malwarebytes Anti-Malware (PRO) 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.11.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    vado :: VADO-HP [administrator]

    Protection: Enabled

    1/13/2012 1:55:04 PM
    mbam-log-2012-01-13 (13-55-04).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227167
    Time elapsed: 16 minute(s), 41 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)



    [HJT log removed by Broni]
  5. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Please don't post any logs I don't ask for.
    We don't use HJT around here anymore.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  6. xionnokia

    xionnokia Newcomer, in training Topic Starter

    ComboFix 12-01-13.05 - vado 01/14/2012 17:09:02.1.1 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1979.641 [GMT -5:00]
    Running from: c:\users\vado\Desktop\ComboFix.exe
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\CouponAlert_2pEI
    c:\users\vado\AppData\Local\Temp\libsqlitejdbc-2090731477903882771.lib
    c:\users\vado\AppData\Local\Temp\swt-gdip-win32-3448.dll
    c:\users\vado\AppData\Local\Temp\swt-win32-3448.dll
    c:\users\vado\AppData\Local\Temp\WindowsAPI.dll6413826491349739371.lib
    c:\users\vado\AppData\Roaming\inst.exe
    c:\users\vado\AppData\Roaming\vso_ts_preview.xml
    c:\users\vado\Documents\ShopToWin
    c:\windows\system32\java.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-15 00:56 . 2012-01-15 00:56 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-01-15 00:56 . 2012-01-15 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-14 21:10 . 2012-01-15 01:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B028F2-24D3-4C68-B162-FB19C9A8DCBD}\offreg.dll
    2012-01-13 09:59 . 2011-11-30 07:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38B028F2-24D3-4C68-B162-FB19C9A8DCBD}\mpengine.dll
    2012-01-13 05:40 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2012-01-13 05:40 . 2012-01-14 21:38 -------- d-----w- c:\programdata\AVAST Software
    2012-01-13 05:40 . 2012-01-13 05:40 -------- d-----w- c:\program files\AVAST Software
    2012-01-13 03:11 . 2012-01-13 03:36 -------- d-----w- c:\programdata\RegCure
    2012-01-13 03:11 . 2012-01-13 03:27 -------- d-----w- c:\program files (x86)\RegCure
    2012-01-12 20:04 . 2012-01-12 20:04 -------- d-----w- C:\HP_TOOLS_mountHPSF
    2012-01-12 05:53 . 2012-01-12 05:53 388096 ----a-r- c:\users\vado\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-01-12 05:53 . 2012-01-12 05:53 -------- d-----w- c:\program files (x86)\Trend Micro
    2012-01-11 16:29 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-01-11 16:28 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-01-11 16:28 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-11 16:28 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-11 16:28 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-11 16:28 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-11 16:28 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-11 16:28 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-01-11 09:30 . 2012-01-11 09:30 -------- d-----w- c:\users\vado\AppData\Roaming\Malwarebytes
    2012-01-11 09:30 . 2012-01-11 09:30 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-11 09:30 . 2012-01-11 09:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-01-11 09:30 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-11 06:48 . 2012-01-11 06:49 -------- d-----w- C:\d7bc5afb50e8b23e36af8883cd7864cb
    2012-01-10 20:39 . 2012-01-10 20:52 -------- d-----w- c:\users\Shawn
    2012-01-10 20:16 . 2012-01-10 20:16 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-01-10 06:20 . 2011-07-01 20:36 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2012-01-10 06:20 . 2011-07-01 20:36 2029520 ----a-w- c:\windows\PCTBDCore.dll
    2012-01-10 06:20 . 2011-07-01 20:36 767952 ----a-w- c:\windows\BDTSupport.dll
    2012-01-10 06:20 . 2011-07-01 20:36 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2012-01-10 06:02 . 2012-01-12 22:57 -------- d-----w- c:\program files (x86)\PC Tools Security
    2012-01-10 06:02 . 2012-01-12 22:57 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-01-07 16:44 . 2012-01-07 16:44 -------- d-----w- c:\users\vado\AppData\Roaming\Tific
    2012-01-07 12:06 . 2012-01-07 12:06 -------- d-----w- c:\users\vado\AppData\Local\Symantec
    2012-01-03 16:22 . 2012-01-03 16:22 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    2011-12-22 06:19 . 2011-12-22 06:19 -------- d-----w- c:\program files\WBFS
    2011-12-22 06:15 . 2011-12-22 06:20 -------- d-----w- c:\users\vado\AppData\Local\WBFSManager
    2011-12-22 06:08 . 2011-12-22 06:08 -------- d-----w- c:\program files (x86)\WBFS
    2011-12-16 03:24 . 2011-12-16 03:24 0 ----a-w- c:\windows\SysWow64\sho924C.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-07 21:22 . 2011-12-07 21:22 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-24 04:52 . 2011-12-14 18:28 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-11-15 19:29 . 2011-03-01 19:03 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-10 20:27 . 2011-11-10 20:27 0 ----a-w- c:\windows\SysWow64\shoDD38.tmp
    2011-11-10 10:54 . 2010-10-16 19:35 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-11-09 12:41 . 2011-11-09 12:41 0 ----a-w- c:\windows\SysWow64\sho9A0E.tmp
    2011-11-05 05:32 . 2011-12-14 18:27 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 04:26 . 2011-12-14 18:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-11-04 01:53 . 2011-12-15 08:02 2309120 ----a-w- c:\windows\system32\jscript9.dll
    2011-11-04 01:44 . 2011-12-15 08:02 1390080 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 01:44 . 2011-12-15 08:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 01:34 . 2011-12-15 08:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-11-03 22:47 . 2011-12-15 08:02 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-11-03 22:40 . 2011-12-15 08:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39 . 2011-12-15 08:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-11-03 22:31 . 2011-12-15 08:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-10-26 05:21 . 2011-12-14 18:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-20 16:24 . 2011-10-20 16:24 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-01-17 20:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-10-05 2080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216]
    "ZumoDrive"="c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2011-10-05 2080]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "PCTools FGuard"="c:\program files (x86)\PC Tools Security\BDT\FGuard.exe" [2011-07-01 247760]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
    .
    c:\users\vado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    R1 SymSMR130;SMR Utility Service 1.3.0;c:\windows\System32\drivers\SymSMR130.SYS [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 136176]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 136176]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\PC Tools Security\BDT\BDTUpdateService.exe [2011-07-01 337872]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe [2011-05-12 31232]
    S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
    S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-08-16 21:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 04:56]
    .
    2012-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-30 04:56]
    .
    2012-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-621498516-1995836217-3892805127-1002Core.job
    - c:\users\vado\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 00:01]
    .
    2012-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-621498516-1995836217-3892805127-1002UA.job
    - c:\users\vado\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-03 00:01]
    .
    2012-01-12 c:\windows\Tasks\HPCeeScheduleForvado.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-01-13 c:\windows\Tasks\RegCure Program Check.job
    - c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 17:45]
    .
    2012-01-13 c:\windows\Tasks\RegCure.job
    - c:\program files (x86)\RegCure\RegCure.exe [2010-05-19 17:45]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-09-23 04:53 2210304 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 410648]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-09-22 6489704]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=2159&gct=hp
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=2159&gct=hp
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Akamai]
    "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_b427739.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-621498516-1995836217-3892805127-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5B04D494-B01C-31C0-1307-FBCC2E679E85}*]
    "oadmifdknegchgjdnljpdolljnadlk"=hex:69,61,67,63,66,69,6a,6c,6c,62,67,63,68,68,
    6b,6e,70,6a,00,00
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
    "value"="?\0a\04\0d\08\1f\13e"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
    c:\program files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-14 20:11:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-15 01:11
    .
    Pre-Run: 87,944,380,416 bytes free
    Post-Run: 92,527,906,816 bytes free
    .
    - - End Of File - - F768734412FB34E3F6E8A3234E02B8E6
    rkill safe mode
    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 01/14/2012 at 21:12:19.
    Operating System: Windows 7 Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Windows\SysWOW64\rundll32.exe


    Rkill completed on 01/14/2012 at 21:12:23.
  7. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Looks good now.

    How is computer doing?

    Uninstall RegCure.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ===============================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. xionnokia

    xionnokia Newcomer, in training Topic Starter

    The computer is running perfect. I uninstalled norton internet security as the subscription was messing and instantly the computer ran fine with the cpu under 100. I tried reinstalling norton and the cpu shot straight to 100. I believe norton internet security was the problem I uninstalled regcure as you stated it to be dangerous if miss used
  9. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Go on.......
  10. xionnokia

    xionnokia Newcomer, in training Topic Starter

    I have the malbytes program still installed but i feel like my computer is valnerable to an attack with out an internet security program as I always thought them to be more secure then the standard anti virus. Do you believe the computer is secure because I read on here that just because the pc works fine does not mean it is completely uninfected
  11. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    What do you mean?
    I can see Avast running.

    Go ahead with OTL.
     
  12. xionnokia

    xionnokia Newcomer, in training Topic Starter

    EXTRAS
    OTL Extras logfile created on: 1/24/2012 3:53:02 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\vado\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 51.22% Memory free
    3.87 Gb Paging File | 1.81 Gb Available in Paging File | 46.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 213.72 Gb Total Space | 72.74 Gb Free Space | 34.04% Space Free | Partition Type: NTFS
    Drive D: | 18.87 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

    Computer Name: VADO-HP | User Name: vado | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{091A0130-A82F-4A6D-9C61-3BBBB3289030}" = RtVOsd
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
    "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
    "{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86416021FF}" = Java(TM) 6 Update 21 (64-bit)
    "{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
    "{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
    "{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
    "{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
    "{5848A26C-E4BC-4A13-AA8D-810BA344475A}" = HP Deskjet 1050 J410 series Product Improvement Study
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
    "{7122C33D-356D-4F2D-BA9E-7E87EF6A5D19}" = PhoneMyPC
    "{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
    "{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
    "{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
    "{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
    "{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{9DADBA45-2B06-4F7F-970B-E854ABC8917A}" = WBFS Manager 2.5
    "{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
    "{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
    "{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
    "{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BB94D541-A747-4A5D-B0ED-72FA5C158EA5}" = HP Deskjet 1050 J410 series Basic Device Software
    "{BCF07271-A853-4D3A-B668-4B752174CAA8}" = iTunes
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
    "{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
    "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
    "{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Zune" = Zune

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B6AC7AE-2C15-4F1F-9179-24BA055F82E7}" = SPSS Inc. Data Access Pack 6.0 for Windows
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
    "{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{167A1F6A-9BF2-4B24-83DB-C6D659F680EA}" = Media Go
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1AF23A65-F2B5-469C-AA51-DA5FB74CA856}" = HP Documentation
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34EF7358-ABC7-8469-5FB6-C5C0146F099E}" = Media Go Video Playback Engine 1.84.102.07010
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
    "{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{53469506-A37E-4314-A9D9-38724EC23A75}" = HP Setup
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
    "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{705B639E-FAAF-40D7-AD58-C445321C7C3F}" = LightScribe System Software
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.7
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
    "{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96CFF0DB-C3C3-44B8-930C-1121EC68A3BF}" = Serif WebPlus X4 Resources
    "{97174E88-52F9-445A-A28E-704A45332D19}" = HP Software Framework
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9ADA45A0-8043-470A-8E8B-02EA7D95F896}" = Serif WebPlus X4
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A5B5B6D8-DE44-44A3-90C4-8C07A1E0FAD4}" = WBFS Manager 2.5
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
    "{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
    "{AF306BD8-F9D1-4627-89B9-246E59074A05}" = HP Power Manager
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
    "{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics Student Version 18.0
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}" = Adobe Flash Player 10 ActiveX
    "{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "8461-7759-5462-8226" = Vuze
    "Acoustica Effects Pack" = Acoustica Effects Pack
    "Acoustica Mixcraft 5" = Acoustica Mixcraft 5
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Akamai" = Akamai NetSession Interface Service
    "Ares" = Ares 2.1.7
    "ASIO4ALL" = ASIO4ALL
    "avast" = avast! Free Antivirus
    "Browser Defender_is1" = Browser Defender 3.0
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ffdshow_is1" = ffdshow v1.1.3800 [2011-03-28]
    "FileZilla Client" = FileZilla Client 3.5.2
    "FL Studio 9" = FL Studio 9
    "Hardcore" = Hardcore
    "HP Photo Creations" = HP Photo Creations
    "IL Download Manager" = IL Download Manager
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
    "KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
    "LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Mozilla Firefox 10.0 (x86 en-US)" = Mozilla Firefox 10.0 (x86 en-US)
    "My HP Game Console" = HP Game Console
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Picasa 3" = Picasa 3
    "PoiZone" = PoiZone
    "RegCure" = RegCure
    "Sawer" = Sawer
    "The Weather Channel Desktop 6" = The Weather Channel Desktop 6
    "Toxic Biohazard" = Toxic Biohazard
    "Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
    "Vuze_Remote Toolbar" = Vuze Remote Toolbar
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 beta 7 (32-bit)
    "WT087328" = Blackhawk Striker 2
    "WT087330" = Bounce Symphony
    "WT087335" = Build-a-lot 2
    "WT087343" = Dora's World Adventure
    "WT087360" = Escape Rosecliff Island
    "WT087361" = FATE
    "WT087362" = Final Drive Nitro
    "WT087372" = Heroes of Hellas 2 - Olympia
    "WT087379" = Jewel Quest Solitaire 2
    "WT087394" = Penguins!
    "WT087395" = Poker Superstars III
    "WT087396" = Polar Bowler
    "WT087397" = Polar Golfer
    "WT087414" = Virtual Families
    "WT087415" = Wheel of Fortune 2
    "WT087428" = Bejeweled 2 Deluxe
    "WT087453" = Chuzzle Deluxe
    "WT087501" = Plants vs. Zombies
    "WT087533" = Zuma Deluxe
    "WT087536" = Diner Dash 2 Restaurant Rescue
    "WT089299" = Mystery P.I. - The London Caper
    "WT089307" = Virtual Villagers 4 - The Tree of Life
    "WT089308" = Blasterball 3
    "WT089328" = Farm Frenzy
    "WT089359" = Cake Mania
    "WT089362" = Agatha Christie - Peril at End House
    "Zero Assumption Recovery_is1" = Zero Assumption Recovery Version 9
    "ZumoDrive" = HP CloudDrive

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/8/2011 11:50:43 PM | Computer Name = vado-HP | Source = Windows Installer 3.1 | ID = 921877
    Description =

    Error - 11/10/2011 3:44:36 AM | Computer Name = vado-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: CVV2 Generator.EXE, version: 0.0.0.0, time
    stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e211319 Exception code: 0x0eedface Fault offset: 0x0000b9bc Faulting
    process id: 0x1994 Faulting application start time: 0x01cc9f7c92b755ca Faulting application
    path: C:\Users\vado\Desktop\Vuze Downloads\Credit Card Generators\Credit Card Generators\CVV2
    Generator.EXE Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id:
    d610f6ba-0b6f-11e1-a867-984be19446aa

    Error - 11/10/2011 3:44:51 AM | Computer Name = vado-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: CVV2 Generator.EXE, version: 0.0.0.0, time
    stamp: 0x2a425e19 Faulting module name: KERNELBASE.dll, version: 6.1.7601.17651,
    time stamp: 0x4e211319 Exception code: 0x0eedface Fault offset: 0x0000b9bc Faulting
    process id: 0x16ac Faulting application start time: 0x01cc9f7ca08d8f78 Faulting application
    path: C:\Users\vado\Desktop\Vuze Downloads\Credit Card Generators\Credit Card Generators\CVV2
    Generator.EXE Faulting module path: C:\Windows\syswow64\KERNELBASE.dll Report Id:
    df11a169-0b6f-11e1-a867-984be19446aa

    Error - 11/10/2011 4:03:44 AM | Computer Name = vado-HP | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Application or service 'Media Go' could not be shut down.

    Error - 11/10/2011 4:03:44 AM | Computer Name = vado-HP | Source = Microsoft-Windows-RestartManager | ID = 10006
    Description = Application or service 'Media Go' could not be shut down.

    Error - 11/12/2011 5:34:44 PM | Computer Name = vado-HP | Source = Application Hang | ID = 1002
    Description = The program OUTLOOK.EXE version 12.0.6607.1000 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d78 Start
    Time: 01cca182a9529d86 Termination Time: 134 Application Path: C:\PROGRA~2\MICROS~1\Office12\OUTLOOK.EXE

    Report
    Id: f96a4d4a-0d75-11e1-adfb-984be19446aa

    Error - 11/13/2011 1:05:55 AM | Computer Name = vado-HP | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 19c4 Start
    Time: 01cca1689682e707 Termination Time: 488 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: 1f35e96c-0db5-11e1-adfb-984be19446aa

    Error - 11/13/2011 1:05:58 AM | Computer Name = vado-HP | Source = Application Error | ID = 1000
    Description = Faulting application name: plugin-container.exe, version: 9.0.0.4330,
    time stamp: 0x4ebafe32 Faulting module name: unknown, version: 0.0.0.0, time stamp:
    0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
    0xee8 Faulting application start time: 0x01cca1979c53edaa Faulting application path:
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module path:
    unknown Report Id: 2c1192ce-0db5-11e1-adfb-984be19446aa

    Error - 11/21/2011 4:39:58 PM | Computer Name = vado-HP | Source = Microsoft Office 12 | ID = 2000
    Description = Accepted Safe Mode action : Microsoft Office Outlook.

    Error - 11/28/2011 2:40:43 PM | Computer Name = vado-HP | Source = Application Hang | ID = 1002
    Description = The program PowerDVD9.exe version 9.0.3328.0 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 22f0 Start
    Time: 01ccadfcc037571a Termination Time: 44 Application Path: C:\Program Files (x86)\Cyberlink\PowerDVD9\PowerDVD9.exe

    Report
    Id: 675b795a-19f0-11e1-8bea-984be19446aa

    [ Hewlett-Packard Events ]
    Error - 12/22/2011 3:25:17 PM | Computer Name = vado-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 1/5/2012 3:08:37 PM | Computer Name = vado-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 1/5/2012 3:10:48 PM | Computer Name = vado-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 1/7/2012 12:47:07 PM | Computer Name = vado-HP | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Provider load failure StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 1978 Ram
    Utilization: 60 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 1/7/2012 12:51:41 PM | Computer Name = vado-HP | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146959355HPSFMsgr.exe at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    StackTrace: at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    WinMgmt Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 1978 Ram
    Utilization: 60 TargetSite: Void ThrowExceptionForHRInternal(Int32, IntPtr)

    Error - 1/8/2012 7:49:25 PM | Computer Name = vado-HP | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 1978 Ram
    Utilization: 60 TargetSite: Void SetWMISysInformation()

    Error - 1/11/2012 2:50:00 AM | Computer Name = vado-HP | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2147467261 at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Object reference not set to an instance of an object. StackTrace: at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    HPSFMsgr Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 1978 Ram
    Utilization: 70 TargetSite: Void SetWMISysInformation()

    Error - 1/12/2012 9:36:21 AM | Computer Name = vado-HP | Source = HPSFMsgr.exe | ID = 2000
    Description = HP Error ID: -2146233087 at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Message:
    Provider load failure StackTrace: at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode) at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()

    at HPSA_Messenger.MessengerManager.CommonMessengerStatusTask.SetWMISysInformation()
    Source:
    System.Management Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP
    Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 1978 Ram
    Utilization: 50 TargetSite: Void ThrowWithExtendedInfo(System.Management.ManagementStatus)


    Error - 1/12/2012 3:47:38 PM | Computer Name = vado-HP | Source = HPSF.exe | ID = 4000
    Description =

    Error - 1/12/2012 3:47:38 PM | Computer Name = vado-HP | Source = HPSF.exe | ID = 2000
    Description = HP Error ID: -2146233088 at HPSFConfigReader.ConfigHelper.loadXML()

    at HPSFConfigReader.ConfigHelper..ctor() at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
    isOnAppLoad) Message: Exception of type 'System.Exception' was thrown. StackTrace:
    at HPSFConfigReader.ConfigHelper.loadXML() at HPSFConfigReader.ConfigHelper..ctor()

    at HP.SupportAssistant.Engine.Resources.ResourceTasks.LoadApplicationResources(Boolean
    isOnAppLoad) Source: HPSFConfigReader Name: HPSF.exe Version: 06.00.01.01 Path: C:\Program
    Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 1978
    Ram
    Utilization: 70 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
    System.Runtime.Remoting.Messaging.IMessage)

    [ HP Wireless Assistant Events ]
    Error - 1/11/2012 5:08:33 AM | Computer Name = vado-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 1/12/2012 1:15:08 AM | Computer Name = vado-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 1/12/2012 1:35:46 AM | Computer Name = vado-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 1/12/2012 8:48:26 AM | Computer Name = vado-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 1/12/2012 9:10:18 AM | Computer Name = vado-HP | Source = HP WA Application | ID = 0
    Description = HardwareAccess.UnableToConnectException Application.ApplicationStartup;
    failed to create hardware layer Error in the application. at HardwareAccess.Hardware..ctor(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HardwareAccess.Hardware.Create(Dispatcher
    dispatcher, ServicePort port, Int32 timeout) at HPWA_Main.App.ApplicationStartup(Object
    sender, StartupEventArgs args)

    Error - 1/12/2012 9:25:28 AM | Computer Name = vado-HP | Source = HP WA Application | ID = 0
    Description = MainWindow.ShowImpl; not initialized, closing application...

    Error - 1/12/2012 9:30:30 AM | Computer Name = vado-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 1/12/2012 9:48:33 AM | Computer Name = vado-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 1/12/2012 9:52:42 AM | Computer Name = vado-HP | Source = HP WA Service | ID = 0
    Description = System.Exception GetDeviceInfo() failed : 597 at HP_Common.CaslWrapper.GetDeviceInfo(List`1&
    radioList) at HPPA_Service.CurrentConfiguration.ReloadRadioList()

    Error - 1/12/2012 4:20:57 PM | Computer Name = vado-HP | Source = HP WA Service | ID = 0
    Description = System.Runtime.InteropServices.COMException at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
    errorCode, IntPtr errorInfo) at System.Management.ManagementObject.Initialize(Boolean
    getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
    propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

    [ Media Center Events ]
    Error - 5/25/2011 2:53:04 PM | Computer Name = vado-HP | Source = MCUpdate | ID = 0
    Description = 2:53:04 PM - Failed to retrieve Directory (Error: Unable to connect
    to the remote server)

    [ System Events ]
    Error - 11/28/2011 5:33:06 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:06 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:07 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:07 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:07 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:08 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:08 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:08 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:08 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.

    Error - 11/28/2011 5:33:08 AM | Computer Name = vado-HP | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\DR32, has a bad block.


    < End of report >
  13. xionnokia

    xionnokia Newcomer, in training Topic Starter

    OTL logfile created on: 1/24/2012 3:53:02 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\vado\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.93 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 51.22% Memory free
    3.87 Gb Paging File | 1.81 Gb Available in Paging File | 46.85% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 213.72 Gb Total Space | 72.74 Gb Free Space | 34.04% Space Free | Partition Type: NTFS
    Drive D: | 18.87 Gb Total Space | 2.74 Gb Free Space | 14.51% Space Free | Partition Type: NTFS

    Computer Name: VADO-HP | User Name: vado | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/24 02:19:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vado\Desktop\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/07/01 15:36:48 | 000,247,760 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe
    PRC - [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe
    PRC - [2011/05/12 12:04:51 | 000,128,000 | ---- | M] (SoftwareForMe Inc) -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC.exe
    PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2010/11/09 17:16:22 | 000,154,816 | ---- | M] (Zecter Inc.) -- C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\zumodrive.exe
    PRC - [2010/11/09 15:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    PRC - [2010/03/26 09:52:24 | 001,234,216 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/01/16 04:26:01 | 000,379,904 | ---- | M] () -- C:\Users\vado\AppData\Local\Temp\libsqlitejdbc-2552132787719801223.lib
    MOD - [2012/01/16 04:25:53 | 000,199,168 | ---- | M] () -- C:\Users\vado\AppData\Local\Temp\WindowsAPI.dll4173509306341884432.lib
    MOD - [2011/05/26 12:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2011/08/05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV:64bit: - [2011/08/05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV:64bit: - [2011/08/05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV:64bit: - [2011/05/12 12:04:51 | 000,031,232 | ---- | M] (SoftwareForMe Inc) [Auto | Running] -- C:\Program Files\SoftwareForMe Inc\PhoneMyPC\PhoneMyPC_Helper.exe -- (PhoneMyPC_Helper)
    SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/07/21 16:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
    SRV:64bit: - [2010/06/24 18:24:12 | 000,315,392 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe -- (RtVOsdService)
    SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/13 14:30:10 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b427739.dll -- (Akamai)
    SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
    SRV - [2011/07/01 15:36:44 | 000,337,872 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
    SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2005/03/09 19:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/07/06 15:33:18 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/18 16:03:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV:64bit: - [2011/01/11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/09/29 02:55:54 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/09/26 23:15:22 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2010/09/13 13:00:08 | 001,390,640 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/21 00:54:34 | 010,300,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/01/29 00:04:38 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/CQNOT/1
    IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=2159&gct=hp
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=2159&gct=hp"

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@photoproduct.rocketlife.com/RocketLife App Viewer;version=0.8: File not found
    FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
    FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\vado\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\vado\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files (x86)\PC Tools Security\BDT\Firefox\ [2012/01/10 01:20:50 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/19 23:25:15 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/21 04:46:58 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\vado\AppData\Roaming\IDM\idmmzcc3

    [2011/03/02 18:51:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vado\AppData\Roaming\Mozilla\Extensions
    [2012/01/23 02:49:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\extensions
    [2012/01/11 03:33:35 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    [2011/12/20 17:35:41 | 000,000,000 | ---D | M] (ShopToWin18) -- C:\Users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\extensions\{fb320179-bf62-4606-9d75-5e82785ed1bf}
    [2012/01/12 08:57:35 | 000,002,576 | ---- | M] () -- C:\Users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\searchplugins\askcom.xml
    [2012/01/21 04:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/01/20 02:55:55 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/01/21 04:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
    () (No name found) -- C:\USERS\VADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PM254MCV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\VADO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PM254MCV.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
    [2012/01/21 04:46:57 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/01/21 04:46:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/21 04:46:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z022&form=ZGACDF
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\vado\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\vado\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\vado\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
    CHR - plugin: PlaySushi Textlinks Plugin (Enabled) = C:\Users\vado\AppData\Local\Google\Chrome\User Data\Default\Extensions\fncciponkgfpkhdpcnllnbkmocnajkcf\nppstl.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\vado\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\npSkypeChromePlugin.dll
    CHR - plugin: Authorware Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\vado\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
    CHR - Extension: Google Search = C:\Users\vado\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
    CHR - Extension: avast! WebRep = C:\Users\vado\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: Gmail = C:\Users\vado\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2010/05/13 17:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 activate.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
    O1 - Hosts: 127.0.0.1 wip3.adobe.com
    O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
    O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
    O1 - Hosts: 127.0.0.1 practivate.adobe.com
    O1 - Hosts: 127.0.0.1 ereg.adobe.com
    O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
    O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
    O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
    O1 - Hosts: ::1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PCTools FGuard] C:\Program Files (x86)\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
    O4 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
    O4 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002..\Run: [ZumoDrive] C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
    O4 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
    O7 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} http://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A33C25C-FF4D-447C-8F82-44BDAB47153F}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
  14. xionnokia

    xionnokia Newcomer, in training Topic Starter

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/24 02:18:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\vado\Desktop\OTL.exe
    [2012/01/23 20:58:33 | 000,000,000 | ---D | C] -- C:\Users\vado\Desktop\Chip Tha Ripper - Independence Day (DatPiff.com)
    [2012/01/23 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\vado\Desktop\Chip Tha Ripper - From Me To You The Prelude To G (DatPiff.com)
    [2012/01/22 06:07:07 | 000,000,000 | ---D | C] -- C:\Users\vado\Desktop\New folder
    [2012/01/20 20:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
    [2012/01/20 20:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\{A8DA1505-E615-42BB-BB77-74D5CC91FE7E}
    [2012/01/19 23:26:14 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2012/01/19 23:26:14 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2012/01/19 23:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2012/01/19 23:26:12 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2012/01/19 23:26:12 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2012/01/19 23:26:11 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2012/01/19 23:26:10 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2012/01/19 23:25:09 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2012/01/19 23:25:09 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2012/01/16 04:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2012/01/16 04:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
    [2012/01/16 04:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
    [2012/01/16 04:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PCSettings
    [2012/01/14 22:09:23 | 000,000,000 | ---D | C] -- C:\Users\vado\Desktop\LOG FILES
    [2012/01/14 20:20:06 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/01/14 20:18:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/14 16:44:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/14 16:44:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/14 16:44:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/14 16:41:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/14 16:27:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/13 22:06:09 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\vado\Desktop\ComboFix.exe
    [2012/01/13 00:40:49 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2012/01/13 00:40:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2012/01/13 00:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2012/01/12 22:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
    [2012/01/12 22:11:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
    [2012/01/12 22:11:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCure
    [2012/01/12 00:53:59 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2012/01/12 00:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2012/01/11 04:30:17 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Roaming\Malwarebytes
    [2012/01/11 04:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/11 04:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/01/11 04:30:12 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/01/11 04:30:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/01/11 01:48:35 | 000,000,000 | ---D | C] -- C:\d7bc5afb50e8b23e36af8883cd7864cb
    [2012/01/10 15:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012/01/10 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\{1000E7C4-3510-45FD-B9B9-138FF8C6ACF6}
    [2012/01/10 14:35:17 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\{F9609818-E7C9-4D11-87C7-E55723839561}
    [2012/01/10 01:20:50 | 002,029,520 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
    [2012/01/10 01:20:50 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
    [2012/01/10 01:20:49 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
    [2012/01/10 01:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2012/01/10 01:02:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/01/09 23:58:45 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\{946B8DE6-FD3F-4C99-A33F-5A453DC686BB}
    [2012/01/09 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\{0D359C36-35D5-4E12-A098-6D1F3420E68E}
    [2012/01/08 00:53:47 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\{3659F081-60F0-46DC-8BFC-360BBC230FCE}
    [2012/01/08 00:53:24 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\{BFF1574A-8156-45C0-9425-CA191A492506}
    [2012/01/07 11:44:18 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Roaming\Tific
    [2012/01/07 07:06:50 | 000,000,000 | ---D | C] -- C:\Users\vado\AppData\Local\Symantec
    [2011/03/18 16:03:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\vado\AppData\Roaming\pcouffin.sys
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/24 03:38:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-621498516-1995836217-3892805127-1002UA.job
    [2012/01/24 03:38:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-621498516-1995836217-3892805127-1002Core.job
    [2012/01/24 03:24:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/01/24 02:19:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vado\Desktop\OTL.exe
    [2012/01/23 19:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/23 15:30:41 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/01/20 20:23:52 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForvado.job
    [2012/01/20 20:14:22 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/01/19 23:26:15 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/19 23:26:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2012/01/19 23:16:49 | 000,000,668 | ---- | M] () -- C:\Users\vado\AppData\Roaming\vso_ts_preview.xml
    [2012/01/19 06:23:39 | 000,731,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/01/19 06:23:39 | 000,627,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/01/19 06:23:39 | 000,107,824 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/01/17 01:35:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/17 01:35:05 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/16 04:24:48 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/14 21:09:02 | 001,008,141 | ---- | M] () -- C:\Users\vado\Desktop\rkill.exe
    [2012/01/13 22:07:09 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\vado\Desktop\ComboFix.exe
    [2012/01/13 18:00:19 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2012/01/13 18:00:19 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
    [2012/01/12 22:13:49 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
    [2012/01/12 22:13:49 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure.job
    [2012/01/12 22:11:57 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
    [2012/01/12 21:41:42 | 000,000,000 | ---- | M] () -- C:\Users\vado\AppData\Local\{DC18F0F6-507E-49A9-B100-9C84201DAA5C}
    [2012/01/12 07:47:01 | 000,000,000 | ---- | M] () -- C:\Users\vado\AppData\Local\{F2F29FC5-CD66-4F2D-846B-7FB404E0BB07}
    [2012/01/12 00:54:05 | 000,002,971 | ---- | M] () -- C:\Users\vado\Desktop\HiJackThis.lnk
    [2012/01/11 04:30:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/10 15:18:33 | 000,007,598 | ---- | M] () -- C:\Users\vado\AppData\Local\resmon.resmoncfg
    [2012/01/07 01:39:12 | 000,002,391 | ---- | M] () -- C:\Users\vado\Desktop\Google Chrome.lnk
    [2012/01/02 08:07:08 | 000,001,848 | ---- | M] () -- C:\Users\vado\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2012/01/02 08:07:08 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
    [3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/20 20:14:22 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
    [2012/01/19 23:26:15 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2012/01/19 19:48:21 | 000,000,668 | ---- | C] () -- C:\Users\vado\AppData\Roaming\vso_ts_preview.xml
    [2012/01/14 21:08:58 | 001,008,141 | ---- | C] () -- C:\Users\vado\Desktop\rkill.exe
    [2012/01/14 16:44:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/14 16:44:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/14 16:44:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/14 16:44:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/14 16:44:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/13 00:40:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2012/01/12 22:13:49 | 000,000,412 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
    [2012/01/12 22:13:49 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\RegCure.job
    [2012/01/12 22:11:57 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
    [2012/01/12 21:41:42 | 000,000,000 | ---- | C] () -- C:\Users\vado\AppData\Local\{DC18F0F6-507E-49A9-B100-9C84201DAA5C}
    [2012/01/12 14:52:45 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForvado.job
    [2012/01/12 07:47:01 | 000,000,000 | ---- | C] () -- C:\Users\vado\AppData\Local\{F2F29FC5-CD66-4F2D-846B-7FB404E0BB07}
    [2012/01/12 00:54:05 | 000,002,971 | ---- | C] () -- C:\Users\vado\Desktop\HiJackThis.lnk
    [2012/01/11 04:30:13 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/11 01:59:49 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2012/01/11 01:59:49 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
    [2012/01/10 01:20:50 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
    [2012/01/10 01:20:50 | 000,002,125 | ---- | C] () -- C:\Windows\UDB.zip
    [2012/01/10 01:20:50 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
    [2012/01/10 01:20:50 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
    [2012/01/10 01:20:50 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
    [2011/12/18 07:14:02 | 000,000,132 | ---- | C] () -- C:\Users\vado\AppData\Roaming\Adobe PNG Format CS5 Prefs
    [2011/12/07 12:24:50 | 000,000,000 | ---- | C] () -- C:\Users\vado\AppData\Local\{70442F13-B957-458D-8F92-D38892C12F5C}
    [2011/08/28 11:40:48 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2011/08/28 11:40:48 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2011/08/11 17:22:12 | 000,003,584 | ---- | C] () -- C:\Users\vado\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/11 01:40:23 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
    [2011/03/24 16:44:51 | 000,001,854 | ---- | C] () -- C:\Users\vado\AppData\Roaming\GhostObjGAFix.xml
    [2011/03/22 19:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/03/21 02:24:32 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2011/03/20 16:52:37 | 000,744,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/03/18 16:03:56 | 000,007,859 | ---- | C] () -- C:\Users\vado\AppData\Roaming\pcouffin.cat
    [2011/03/18 16:03:56 | 000,001,167 | ---- | C] () -- C:\Users\vado\AppData\Roaming\pcouffin.inf
    [2011/03/09 19:08:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/03/09 19:08:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/03/09 19:08:50 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/03/09 19:08:50 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/03/09 19:08:50 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/03/03 13:16:38 | 000,007,598 | ---- | C] () -- C:\Users\vado\AppData\Local\resmon.resmoncfg
    [2010/12/01 03:36:53 | 000,000,282 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
    [2010/12/01 03:36:53 | 000,000,223 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
    [2010/10/16 14:40:15 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
    [2010/09/21 13:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
    [2010/02/21 00:52:24 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
    [2010/02/21 00:52:24 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
    [2010/02/21 00:52:24 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
    [2010/02/20 23:57:36 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010/02/20 23:57:36 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
    [2009/07/13 16:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/11/18 01:03:42 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ZumoDrive
    [2012/01/12 00:01:06 | 000,000,000 | ---D | M] -- C:\Users\Shawn\AppData\Roaming\ZumoDrive
    [2011/05/26 23:13:32 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Acoustica
    [2012/01/24 03:01:55 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Azureus
    [2011/05/02 23:44:51 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Blio
    [2011/05/17 21:29:29 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Canneverbe Limited
    [2011/06/30 01:37:30 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\DMCache
    [2012/01/04 05:44:25 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\FileZilla
    [2011/06/30 07:43:38 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\IDM
    [2011/03/22 19:10:48 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Netscape
    [2011/12/20 02:22:49 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\ooVoo Details
    [2011/10/20 06:23:18 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\SoftGrid Client
    [2011/06/28 01:57:36 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Sony
    [2011/05/26 23:39:36 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\SynthMaker
    [2012/01/07 11:44:22 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Tific
    [2011/03/20 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\TP
    [2011/09/03 03:18:37 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Twidium 3.1
    [2011/08/15 22:45:46 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\VOS
    [2012/01/19 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Vso
    [2011/03/22 22:49:15 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\Windows Live Writer
    [2011/08/04 22:14:18 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\WindSolutions
    [2012/01/23 01:50:47 | 000,000,000 | ---D | M] -- C:\Users\vado\AppData\Roaming\ZumoDrive
    [2012/01/12 22:13:49 | 000,000,412 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
    [2012/01/12 22:13:49 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
    [2009/07/14 00:08:49 | 000,025,670 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/08/16 02:01:09 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2012/01/16 04:24:48 | 1556,287,488 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/09 21:17:44 | 000,000,361 | ---- | M] () -- C:\log.txt
    [2012/01/16 04:25:17 | 2075,049,984 | -HS- | M] () -- C:\pagefile.sys
    [2012/01/15 04:29:43 | 000,000,395 | ---- | M] () -- C:\rkill.log
    [2011/10/03 22:51:39 | 000,238,280 | ---- | M] () -- C:\{BF09893D-02B1-408C-9028-06E8B3E70E6E}

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/05/13 15:42:24 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/07/24 22:14:27 | 000,000,221 | -HS- | M] () -- C:\Users\vado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/13 22:07:09 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\vado\Desktop\ComboFix.exe
    [2011/07/23 18:14:56 | 006,714,880 | ---- | M] (i-Funbox.com) -- C:\Users\vado\Desktop\iFunBox.exe
    [2012/01/24 02:19:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\vado\Desktop\OTL.exe
    [2012/01/14 21:09:02 | 001,008,141 | ---- | M] () -- C:\Users\vado\Desktop\rkill.exe
    [2011/10/13 04:20:44 | 000,577,536 | ---- | M] (S8onPC.com) -- C:\Users\vado\Desktop\S8onPC.exe
    [2010/10/13 18:41:50 | 022,738,669 | ---- | M] (Atomix Productions) -- C:\Users\vado\Desktop\Virtual DJ Pro.exe
    [2010/02/09 08:37:51 | 001,648,128 | ---- | M] () -- C:\Users\vado\Desktop\Wii Game Manager.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/11/09 12:05:49 | 000,000,402 | -HS- | M] () -- C:\Users\vado\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/12/01 03:52:04 | 000,000,032 | ---- | M] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
    [2010/10/16 14:31:45 | 000,000,109 | ---- | M] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
    [2010/12/01 03:51:37 | 000,000,032 | ---- | M] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
    [2010/10/16 14:25:13 | 000,000,105 | ---- | M] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
    [2010/12/01 03:51:05 | 000,000,032 | ---- | M] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
    [2010/12/01 03:51:54 | 000,000,032 | ---- | M] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
    [2010/10/16 14:23:57 | 000,000,107 | ---- | M] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    [2010/10/16 14:30:49 | 000,000,110 | ---- | M] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
    [2010/12/01 03:52:30 | 000,000,105 | ---- | M] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84

    < End of report >
  15. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Uninstall RegCure.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=2159&gct=hp
      FF - prefs.js..browser.search.defaultengine: "Ask.com"
      FF - prefs.js..browser.search.defaultenginename: "Ask.com"
      FF - prefs.js..browser.search.order.1: "Ask.com"
      FF - prefs.js..browser.search.selectedEngine: "Ask.com"
      FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?l=dis&o=2159&gct=hp"
      [2012/01/12 08:57:35 | 000,002,576 | ---- | M] () -- C:\Users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\searchplugins\askcom.xml
      O1 - Hosts: 127.0.0.1 activate.adobe.com
      O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
      O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
      O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
      O1 - Hosts: 127.0.0.1 wip3.adobe.com
      O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
      O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
      O1 - Hosts: 127.0.0.1 practivate.adobe.com
      O1 - Hosts: 127.0.0.1 ereg.adobe.com
      O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
      O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
      O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com 
      O3 - HKU\S-1-5-21-621498516-1995836217-3892805127-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      [2012/01/12 22:13:49 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
      [2012/01/12 22:13:49 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\RegCure.job
      [2012/01/12 22:11:57 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
      @Alternate Data Stream - 168 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==============================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  16. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Still with me?
  17. xionnokia

    xionnokia Newcomer, in training Topic Starter

    yes im still here sorry for the delay been buried in essays, but run another scan with OTL from the desktop
  18. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    I'm not sure what you just said, but in any case follow all steps from my previous reply.
     
  19. xionnokia

    xionnokia Newcomer, in training Topic Starter

    I did the otl scan like you said but when it finished it keeps not responding and shuts down, when i restart the pc no logs show up
  20. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Run OTL fix from safe mode.
  21. xionnokia

    xionnokia Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    HKU\S-1-5-21-621498516-1995836217-3892805127-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: "Ask.com" removed from browser.search.selectedEngine
    Prefs.js: "http://www.ask.com/?l=dis&o=2159&gct=hp" removed from browser.startup.homepage
    File C:\Users\vado\AppData\Roaming\Mozilla\Firefox\Profiles\pm254mcv.default\searchplugins\askcom.xml not found.
    Registry value HKEY_USERS\S-1-5-21-621498516-1995836217-3892805127-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
    File C:\Windows\tasks\RegCure Program Check.job not found.
    File C:\Windows\tasks\RegCure.job not found.
    File C:\Users\Public\Desktop\RegCure.lnk not found.
    Unable to delete ADS C:\ProgramData\Temp:DFC5A2B2 .
    Unable to delete ADS C:\ProgramData\Temp:430C6D84 .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Shawn
    ->Temp folder emptied: 613520 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: vado
    ->Temp folder emptied: 93036625 bytes
    ->Temporary Internet Files folder emptied: 255481075 bytes
    ->Java cache emptied: 517521 bytes
    ->FireFox cache emptied: 701794649 bytes
    ->Google Chrome cache emptied: 316474859 bytes
    ->Flash cache emptied: 296666 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 715642 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
    RecycleBin emptied: 3134669088 bytes

    Total Files Cleaned = 4,295.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Guest
    ->Java cache emptied: 0 bytes

    User: Public

    User: Shawn

    User: vado
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Shawn
    ->Flash cache emptied: 0 bytes

    User: vado
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 02032012_001755

    Files\Folders moved on Reboot...
    C:\Users\vado\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  22. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    Go on.........
  23. xionnokia

    xionnokia Newcomer, in training Topic Starter

    Farbar Service Scanner Version: 05-02-2012
    Ran by vado (administrator) on 07-02-2012 at 21:53:29
    Running from "C:\Users\vado\Desktop"
    Microsoft Windows 7 Home Premium Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****






    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    Norton Internet Security
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 30
    Adobe Flash Player 11.0.1.152
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Symantec Norton Online Backup NOBuAgent.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
  24. Broni

    Broni Malware Annihilator Posts: 46,169   +251

    I still need Eset scan results.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.