[A] Warning: possible TDL3 rootkit infection !

Inactive
By Reginald Hirsch
Aug 18, 2012
Topic Status:
Not open for further replies.
  1. As you can see infection started August 13 here are the logs requested and any help appreciated :
    First detected problem:

    2012/08/13 10:28:37 -0600REGINALD-PCReginaldIP-BLOCK109.163.227.72 (Type: incoming, Port: 3389)
    2012/08/13 10:28:46 -0600REGINALD-PCReginaldIP-BLOCK109.163.227.72 (Type: incoming, Port: 3389)
    2012/08/13 10:28:46 -0600REGINALD-PCReginaldIP-BLOCK109.163.227.72 (Type: incoming, Port: 3389)
    2012/08/13 14:28:50 -0600REGINALD-PCReginaldMESSAGEStopping IP protection
    2012/08/13 14:31:56 -0600REGINALD-PCReginaldMESSAGEIP Protection stopped
    2012/08/13 17:47:08 -0600REGINALD-PCReginaldDETECTIONC:\Users\Reginald\AppData\Local\Temp\013922622cb0.exeRootKit.0AccessALLOW
    2012/08/13 17:47:39 -0600REGINALD-PCReginaldDETECTIONC:\Windows\Installer\{f9ef26a6-5650-2172-7144-5aa984cc63b0}\U\800000cb.@Rootkit.0AccessALLOW
    2012/08/13 17:47:43 -0600REGINALD-PCReginaldDETECTIONC:\Users\Reginald\AppData\Local\Temp\013922622CB0.EXERootKit.0AccessALLOW
    2012/08/13 17:47:44 -0600REGINALD-PCReginaldDETECTIONC:\Windows\Installer\{f9ef26a6-5650-2172-7144-5aa984cc63b0}\U\800000cb.@Rootkit.0AccessALLOW
    2012/08/13 22:38:27 -0600REGINALD-PCReginaldDETECTIONC:\Users\Reginald\AppData\Local\{f9ef26a6-5650-2172-7144-5aa984cc63b0}\nRootKit.0AccessALLOW
    2012/08/13 22:39:07 -0600REGINALD-PCReginaldDETECTIONC:\Users\Reginald\AppData\Local\{f9ef26a6-5650-2172-7144-5aa984cc63b0}\nRootKit.0AccessALLOW
    2012/08/13 23:00:37 -0600REGINALD-PCReginaldDETECTIONC:\Users\Reginald\AppData\Local\{f9ef26a6-5650-2172-7144-5aa984cc63b0}\nRootKit.0AccessALLOW

    Then next log reported :
    2012/08/14 13:09:52 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/14 13:09:55 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/14 13:09:58 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/14 13:09:58 -0600REGINALD-PCReginaldERRORIP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/08/14 15:31:38 -0600REGINALD-PCReginaldDETECTIONC:\Users\Reginald\AppData\Local\{F9EF26A6-5650-2172-7144-5AA984CC63B0}\nRootKit.0AccessQUARANTINE
    2012/08/14 15:31:38 -0600REGINALD-PCReginaldERRORQuarantine failed: DeleteFile failed with error code 5
    2012/08/14 15:40:24 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/14 15:40:27 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/14 15:40:30 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/14 15:40:30 -0600REGINALD-PCReginaldERRORIP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/08/14 15:43:08 -0600REGINALD-PCReginaldMESSAGEStarting database refresh
    2012/08/14 15:43:10 -0600REGINALD-PCReginaldMESSAGEDatabase refreshed successfully
    2012/08/14 16:34:15 -0600REGINALD-PCReginaldDETECTIONC:\Windows\Installer\{f9ef26a6-5650-2172-7144-5aa984cc63b0}\U\800000cb.@Rootkit.0AccessQUARANTINE
    2012/08/14 19:06:59 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/14 19:07:08 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/14 19:07:11 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/14 19:07:11 -0600REGINALD-PCReginaldERRORIP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/08/14 20:01:14 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/14 20:01:17 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/14 20:01:20 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/14 20:01:20 -0600REGINALD-PCReginaldERRORIP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/08/14 21:03:29 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/14 21:03:32 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/14 21:03:35 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/14 21:03:35 -0600REGINALD-PCReginaldERRORIP protection failed: FwpmEngineOpen0 failed with error code 1753


    Then next log reported :
    2012/08/15 07:48:49 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/15 07:48:52 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/15 07:48:55 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/15 07:48:55 -0600REGINALD-PCReginaldERRORIP protection failed: FwpmEngineOpen0 failed with error code 1753
    2012/08/15 21:27:20 -0600REGINALD-PCReginaldMESSAGEExecuting scheduled update: Weekly | Silent
    2012/08/15 21:27:48 -0600REGINALD-PCReginaldMESSAGEScheduled update executed successfully: database updated from version v2012.08.14.07 to version v2012.08.16.02
    2012/08/15 22:30:00 -0600REGINALD-PCReginaldMESSAGEExecuting scheduled scan: Quick Scan | Weekly | -reboot
    2012/08/15 22:30:00 -0600REGINALD-PCReginaldMESSAGEScheduled scan executed successfully

    Next Log:
    012/08/16 07:53:54 -0600REGINALD-PCReginaldMESSAGEStarting protection
    2012/08/16 07:54:05 -0600REGINALD-PCReginaldMESSAGEProtection started successfully
    2012/08/16 07:54:08 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/16 07:54:09 -0600REGINALD-PCReginaldMESSAGEIP Protection started successfully

    Last log:
    2012/08/17 08:18:44 -0600REGINALD-PCReginaldMESSAGEStopping IP protection
    2012/08/17 08:18:44 -0600REGINALD-PCReginaldMESSAGEIP Protection stopped
    2012/08/17 13:01:51 -0600REGINALD-PCReginaldMESSAGEStarting database refresh
    2012/08/17 13:02:01 -0600REGINALD-PCReginaldMESSAGEDatabase refreshed successfully
    2012/08/17 13:02:21 -0600REGINALD-PCReginaldMESSAGEStarting IP protection
    2012/08/17 13:02:23 -0600REGINALD-PCReginaldMESSAGEIP Protection started successfully

    GMER:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-08-18 15:13:30
    Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST332062 rev.3.AD
    Running: cztdodz5.exe; Driver: C:\Users\Reginald\AppData\Local\Temp\pwlyikod.sys


    ---- Devices - GMER 1.0.15 ----

    Device \Driver\iaStor \Device\Ide\iaStor0 [8B900580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B900580] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device iaStor.sys (Intel Matrix Storage Manager driver - ia32/Intel Corporation)
    Device 85B891F8
    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice tdrpm273.sys (Acronis Try&Decide Volume Filter Driver/Acronis)

    Device 878541F8
    Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Ip kmodurl.sys
    AttachedDevice \Driver\tdx \Device\Tcp kmodurl.sys
    AttachedDevice \Driver\tdx \Device\Udp kmodurl.sys
    AttachedDevice \Driver\tdx \Device\RawIp kmodurl.sys
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys

    ---- EOF - GMER 1.0.15 ----

    DDS File:
    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_17
    Run by Reginald at 15:18:21 on 2012-08-18
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\Kingsoft\PcDoctor\KSafeSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\DebugDiag\DbgSvc.exe
    C:\Program Files\DU Meter\DUMeterSvc.exe
    C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Windows\vVX6000.exe
    C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\SysMetrix\SysMetrix.exe
    C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Kingsoft\PcDoctor\KSafeTray.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\AirPort\APAgent.exe
    C:\Program Files\AirVideoServer\AirVideoServer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\DU Meter\DUMeter.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    c:\Program Files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Xmarks\IE Extension\xmarkssync.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\TechSmith\Snagit 10\TSCHelp.exe
    C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Program Files\Active WebCam\WebCam.exe
    C:\Users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\vws\vws.exe
    C:\Program Files\WePrint\WePrint Server.exe
    C:\Program Files\TechSmith\Snagit 10\snagiteditor.exe
    C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer.exe
    C:\Program Files\Active WebCam\CompParams.exe
    C:\Program Files\Active WebCam\Watchdog.exe
    C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\dllhost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\System32\msdtc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    C:\Windows\system32\taskhost.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Dell Support Center\pcdrcui.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Reginald\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Reginald\Desktop\rootkit\dds.com
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\msfeedssync.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: FCToolbarURLSearchHook Class: {fa887e92-8f5f-4ec9-99ca-09be0e4120d6} - c:\program files\addthis toolbar\Helper.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ThumbnailsBHO Class: {1bd0befe-f697-4eee-b7e1-76b849a5cb84} - c:\program files\xmarks\thumbnails for ie\xmarksthumbnails.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    BHO: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - No File
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL
    BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome\application\21.0.1180.79\npchrome_frame.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
    uRun: [DU Meter] c:\program files\du meter\DUMeter.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [VX6000] c:\windows\vVX6000.exe
    mRun: [Bluetooth HCI Monitor] RunDll32 HCIMNTR.DLL,RunCheckHCIMode
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
    mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
    mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [SysMetrix] c:\program files\sysmetrix\SysMetrix.exe
    mRun: [SAOB Monitor] c:\program files\acronis\onlinebackupstandalone\TrueImageMonitor.exe
    mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
    mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
    mRun: [KSafeTray] "c:\program files\kingsoft\pcdoctor\KSafeTray.exe" -autorun
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [AirPort Base Station Agent] "c:\program files\airport\APAgent.exe"
    mRun: [Anvi Smart Defender] c:\program files\anvisoft\anvi smart defender\ASDTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\microsoft office\office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Open with WordPerfect - c:\program files\corel\wordperfect office x4\programs\WPLauncher.hta
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\microsoft office\office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    Trusted Zone: garmin.com\connect
    Trusted Zone: garmin.com\mygarmin
    Trusted Zone: garmin.com\www
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: zoombak.com\locate
    Trusted Zone: zoombak.com\shop
    DPF: CaptureClient - hxxp://192.168.1.110/CaptureClient.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} - hxxp://192.168.1.210/xplugxLiteTW.cab
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://I.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.111/WebSlingPlayer.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    TCP: DhcpNameServer = 72.19.128.53 72.19.128.99
    TCP: Interfaces\{297982DB-7F42-4718-8D4B-A71C72C5621A} : DhcpNameServer = 72.19.128.53 72.19.128.99
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome\application\21.0.1180.79\npchrome_frame.dll
    Handler: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\program files\skyline\terraexplorer\TerraExplorerX.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    AppInit_DLLs: acaptuser32.dll
    STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\microsoft office\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\reginald\appdata\roaming\mozilla\firefox\profiles\0gixnud9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://watch.slingbox.com/watch/sling_player
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? ACTIVEWEBCAM;Active WebCam
    R? ACTIVEWEBCAMWATCHDOG;Active WebCam Watchdog
    R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
    R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    R? BBSvc;Bing Bar Update Service
    R? btusbflt;Bluetooth USB Filter
    R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
    R? cpudrv;cpudrv
    R? DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver
    R? epmntdrv;epmntdrv
    R? EuGdiDrv;EuGdiDrv
    R? GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335
    R? gupdate;Google Update Service (gupdate)
    R? gupdatem;Google Update Service (gupdatem)
    R? libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0
    R? LMIRfsClientNP;LMIRfsClientNP
    R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
    R? MSSQLServerADHelper100;SQL Active Directory Helper Service
    R? NisDrv;Microsoft Network Inspection System
    R? NisSrv;Microsoft Network Inspection
    R? osppsvc;Office Software Protection Platform
    R? PLCNDIS5;PLCNDIS5 NDIS Protocol Driver
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? RsFx0103;RsFx0103 Driver
    R? SandraAgentSrv;SiSoftware Deployment Agent Service
    R? SBSDWSCService;SBSD Security Center Service
    R? SkypeUpdate;Skype Updater
    R? SQLAgent$MICROSOFTSCM;SQL Server Agent (MICROSOFTSCM)
    R? Synth3dVsc;Synth3dVsc
    R? TsUsbFlt;TsUsbFlt
    R? tsusbhub;tsusbhub
    R? VGPU;VGPU
    R? WatAdminSvc;Windows Activation Technologies Service
    R? XE102Mp5;XE102Mp5 NDIS Protocol Driver
    R? XE102Sp5;XE102Sp5 NDIS Protocol Driver
    S? !SASCORE;SAS Core Service
    S? afcdp;afcdp
    S? afcdpsrv;Acronis Nonstop Backup service
    S? AMD External Events Utility;AMD External Events Utility
    S? amdkmdag;amdkmdag
    S? amdkmdap;amdkmdap
    S? APC Data Service;APC Data Service
    S? asdrs;AntiMalware Host-based Intrusion Prevention System
    S? asdsrv;Anvi Smart Defender Realtime Guard Service
    S? asdws;AnviSmartDefender Web Guard
    S? BBUpdate;BBUpdate
    S? btwl2cap;Bluetooth L2CAP Service
    S? DbgSvc;Debug Diagnostic Service
    S? DUMeterSvc;DU Meter Service
    S? kmodurl;kmodurl
    S? KSafeSvc;KSafe service
    S? LMIGuardianSvc;LMIGuardianSvc
    S? LMIInfo;LogMeIn Kernel Information Provider
    S? LMIRfsDriver;LogMeIn Remote File System Driver
    S? MBAMProtector;MBAMProtector
    S? MBAMService;MBAMService
    S? MpFilter;Microsoft Malware Protection Driver
    S? MpKsl7ad2c85a;MpKsl7ad2c85a
    S? MSSQL$MICROSOFTSCM;SQL Server (MICROSOFTSCM)
    S? PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    S? silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver
    S? silabser;Silicon Labs CP210x USB to UART Bridge Driver
    S? SlingAgentService;SlingAgentService
    S? StarWindServiceAE;StarWind AE Service
    S? tdrpman273;Acronis Try&Decide and Restore Points filter (build 273)
    S? TeamViewer6;TeamViewer 6
    S? VST_DPV;VST_DPV
    S? VSTHWBS2;VSTHWBS2
    S? VX6000;Microsoft LifeCam VX-6000
    .
    =============== Created Last 30 ================
    .
    2012-08-18 14:28:5856200----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{d038ea17-3377-478b-b5ed-19b9e4cfa74b}\offreg.dll
    2012-08-18 14:27:54--------d-----w-c:\users\reginald\appdata\roaming\Anvisoft
    2012-08-18 14:27:4422864----a-w-c:\windows\system32\drivers\asdrs.sys
    2012-08-18 14:27:4416208----a-w-c:\windows\system32\drivers\asdrm.sys
    2012-08-18 14:27:4414160----a-w-c:\windows\system32\drivers\asdws.sys
    2012-08-18 14:27:43--------d-----w-c:\programdata\Anvisoft
    2012-08-18 14:27:36--------d-----w-c:\program files\Anvisoft
    2012-08-18 13:39:5729904----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{d038ea17-3377-478b-b5ed-19b9e4cfa74b}\MpKsl7ad2c85a.sys
    2012-08-18 12:45:35--------d-----w-c:\programdata\Safe
    2012-08-17 20:51:3622872----a-r-c:\windows\system32\AdobePDFUI.dll
    2012-08-17 20:47:02103904----a-w-c:\program files\mozilla firefox\plugins\nppdf32.dll
    2012-08-17 19:02:316891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{d038ea17-3377-478b-b5ed-19b9e4cfa74b}\mpengine.dll
    2012-08-17 16:23:48--------d-----w-c:\program files\ESET
    2012-08-17 15:11:25--------d-sh--w-C:\$RECYCLE.BIN
    2012-08-16 17:25:59--------d-----w-c:\users\reginald\appdata\roaming\ActiveWords 2.0
    2012-08-16 17:25:49--------d-----w-c:\programdata\Licenses
    2012-08-16 17:25:17232915----a-w-c:\windows\ActiveWords Uninstaller.exe
    2012-08-16 17:25:16--------d-----w-c:\program files\common files\orangequava
    2012-08-16 17:25:10--------d-----w-c:\program files\ActiveWords
    2012-08-16 13:42:396891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-08-16 13:13:20393728----a-w-c:\windows\system32\drivers\bthport.sys
    2012-08-16 13:09:562345984----a-w-c:\windows\system32\win32k.sys
    2012-08-16 13:09:54400896----a-w-c:\windows\system32\srcore.dll
    2012-08-16 13:09:2741984----a-w-c:\windows\system32\browcli.dll
    2012-08-16 13:09:27102912----a-w-c:\windows\system32\browser.dll
    2012-08-16 13:09:25769024----a-w-c:\windows\system32\localspl.dll
    2012-08-15 23:44:51--------d-----w-c:\program files\AirPort
    2012-08-15 15:23:34--------d-----w-C:\Backreg
    2012-08-15 14:56:0398816----a-w-c:\windows\sed.exe
    2012-08-15 14:56:03518144----a-w-c:\windows\SWREG.exe
    2012-08-15 14:56:03256000----a-w-c:\windows\PEV.exe
    2012-08-15 14:56:03208896----a-w-c:\windows\MBR.exe
    2012-08-15 12:10:46691696----a-w-c:\windows\system32\drivers\sptd.sys
    2012-08-15 12:10:06--------d-----w-c:\program files\LSoft Technologies
    2012-08-15 03:59:39--------d-----w-c:\windows\RestoreSafeDeleted
    2012-08-15 03:52:59--------d-----w-c:\program files\UnHackMe
    2012-08-15 03:28:262--shatr-c:\windows\winstart.bat
    2012-08-15 03:28:16--------d-----w-c:\program files\Greatis
    2012-08-15 03:23:05--------d-----w-c:\programdata\RegRun
    2012-08-15 02:08:43--------d-----w-c:\programdata\HitmanPro
    2012-08-15 01:14:14713784------w-c:\programdata\microsoft\microsoft antimalware\definition updates\{93354889-7ea1-40c7-ac78-80f571619cc8}\gapaengine.dll
    2012-08-15 01:13:24100864----a-w-C:\pwlyikod.sys
    2012-08-15 01:08:28--------d-----w-c:\program files\Microsoft Security Client
    2012-08-15 00:41:12--------d-----w-c:\programdata\Sophos
    2012-08-15 00:41:0473728----a-r-c:\users\reginald\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-08-15 00:41:0473728----a-r-c:\users\reginald\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-08-15 00:41:0473728----a-r-c:\users\reginald\appdata\roaming\microsoft\installer\{b829e117-d072-41ea-9606-9826a38d34c1}\ARPPRODUCTICON.exe
    2012-08-15 00:41:01--------d-----w-c:\program files\Sophos
    2012-08-15 00:19:33--------d-----w-C:\TDSSKiller_Quarantine
    2012-07-21 11:43:40--------d-----w-c:\users\reginald\appdata\roaming\SUPERAntiSpyware.com
    2012-07-21 11:43:26--------d-----w-c:\programdata\SUPERAntiSpyware.com
    2012-07-21 11:43:26--------d-----w-c:\program files\SUPERAntiSpyware
    .
    ==================== Find3M ====================
    .
    2012-08-16 16:11:15848--sha-w-c:\programdata\KGyGaAvL.sys
    2012-08-15 07:17:43426184----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 07:17:4270344----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-15 00:20:37259072----a-w-c:\windows\system32\services.exe
    2012-07-12 09:36:3483392----a-w-c:\windows\system32\LMIRfsClientNP.dll
    2012-07-12 09:36:3352128----a-w-c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2012-07-12 09:36:3330624----a-w-c:\windows\system32\LMIport.dll
    2012-07-12 09:36:3287456----a-w-c:\windows\system32\LMIinit.dll
    2012-07-03 19:46:4422344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-29 00:16:581800704----a-w-c:\windows\system32\jscript9.dll
    2012-06-29 00:09:011129472----a-w-c:\windows\system32\wininet.dll
    2012-06-29 00:08:591427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-29 00:04:43142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-29 00:00:452382848----a-w-c:\windows\system32\mshtml.tlb
    2012-06-06 14:49:521070152----a-w-c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05:521390080----a-w-c:\windows\system32\msxml6.dll
    2012-06-06 05:05:521236992----a-w-c:\windows\system32\msxml3.dll
    2012-06-06 05:03:06805376----a-w-c:\windows\system32\cdosys.dll
    2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 21:19:42171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 21:12:2033792----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 04:45:0467440----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45:03134000----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40:59369336----a-w-c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40:39225280----a-w-c:\windows\system32\schannel.dll
    2012-06-02 04:39:10219136----a-w-c:\windows\system32\ncrypt.dll
    2012-05-22 19:16:2183360----a-w-c:\windows\system32\LMIRfsClientNP.dll.000.bak
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7601 Disk: ST332062 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    .
    device: opened successfully
    user: MBR read successfully
    .
    Disk trace:
    called modules: >>UNKNOWN [0x83000000]<< >>UNKNOWN [0x8C188000]<< >>UNKNOWN [0x8C177000]<< >>UNKNOWN [0x8B8BB000]<< >>UNKNOWN [0x8B6AD000]<< >>UNKNOWN [0x83412000]<< >>UNKNOWN [0x85B5C938]<<
    _asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
    1 ntkrnlpa!IofCallDriver[0x8303755A] -> \Device\Harddisk0\DR0[0x874134B0]
    \Driver\Disk[0x87412388] -> IRP_MJ_CREATE -> 0x8C18C39F
    3 [0x8C18C59E] -> ntkrnlpa!IofCallDriver[0x8303755A] -> \Device\Ide\IAAStorageDevice-1[0x86ECB028]
    \Driver\iaStor[0x868EC770] -> IRP_MJ_CREATE -> 0x8B900580
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
    user & kernel MBR OK
    Warning: possible TDL3 rootkit infection !
    .
    ============= FINISH: 15:23:00.94 ===============
    Attach:

    NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    32 bit Windows Card Reader Driver
    7-Zip 4.65
    Acronis True Image Home 2011
    Active@ ISO Burner
    ActiveWords
    AddThis Toolbar
    Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    Adobe Acrobat 9.5.2 - CPSID_83708
    Adobe After Effects CS4 Third Party Content
    Adobe Anchor Service CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CSI CS4
    Adobe Dreamweaver CS4
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Photoshop Lightroom 3
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4 Codecs
    Adobe Update Manager CS4
    Air Video Server 2.4.3
    AirPort
    AMD Drag and Drop Transcoding
    Anvi Smart Defender 1.5
    Any Video Converter Professional 2.7.6
    APC PowerChute Personal Edition
    APC PowerChute Personal Edition 3.0
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Album Page
    ArcSoft Print Creations - Funhouse
    ArcSoft Print Creations - Greeting Card
    ArcSoft Print Creations - Photo Book
    ArcSoft Print Creations - Photo Calendar
    ArcSoft Print Creations - Scrapbook
    ArcSoft Print Creations - Slimline Card
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    Bing Bar
    BlackBerry Desktop Software 6.0
    BlackBerry® Media Sync
    Bonjour
    Browser Address Error Redirector
    BS.Player PRO
    Catalyst Control Center - Branding
    CCleaner
    CCScore
    Choice Guard
    Chromium
    Compatibility Pack for the 2007 Office system
    Connect
    CopyTrans Suite Remove Only
    Corel WordPerfect Office - iFilter
    Cumulus 1.9.2
    CuteFTP 8 Professional
    Debug Diagnostics 1.2 32-bit
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Driver Download Manager
    Dell Getting Started Guide
    Dell Support Center
    Digital Line Detect
    Dropbox
    DU Meter
    EASEUS Partition Master 9.0.0 Home Edition
    ESET Online Scanner v3
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    EVEREST Ultimate Edition v5.02
    Fences Pro
    fflink
    Garmin Communicator Plugin
    Garmin Lifetime Updater
    Garmin USB Drivers
    GoodSync
    Google Chrome
    Google Chrome Frame
    Google Desktop
    Google Earth
    Google Earth Pro
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMyPC
    HD Tune 2.55
    HijackThis 2.0.2
    HP Integrated Module with Bluetooth wireless technology
    iCloud
    InstallMgr
    Intel(R) Matrix Storage Manager
    Intel(R) Network Connections 15.2.89.0
    Intel(R) Processor ID Utility
    Ipswitch WS_FTP Pro
    IPView Pro 2.0
    iTunes
    Java(TM) 6 Update 17
    Jawbone Updater
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Kingsoft PC Doctor 3.3.1.9
    Kodak EasyShare software
    kuler
    Licensing Service Install
    LogMeIn
    Loki ActiveX Control
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft .NET Framework 4 Client Profile
    Microsoft Corporation
    Microsoft Default Manager
    Microsoft IntelliPoint 8.2
    Microsoft LifeCam
    Microsoft Mathematics Add-in (32-bit)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Compliance Manager 1.0
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2008
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 Native Client
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    MobileMe Control Panel
    Mozilla Firefox 11.0 (x86 en-US)
    MSN Toolbar
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music, Photos & Videos Launcher
    netbrdg
    NETGEAR XE102 Powerline Encryption Utility
    NETGEAR XE104 Powerline Encryption Utility
    NetWaiting
    NetworkView Version 3.60
    Nuance OmniPage 17
    Octoshape add-in for Adobe Flash Player
    OfotoXMI
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    Picasa 3
    Product Documentation Launcher
    QuickTime
    RegRun Reanimator
    RoboForm 7-7-9-9 (All Users)
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Media Manager
    Roxio Update Manager
    SABnzbd 0.6.10
    Safari
    Sanmaxi Outlook Password Recovery Trial Version 5.0.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Service Pack 1 for SQL Server 2008 (KB968369)
    Setup Wizard
    SetupWizard
    SFR
    SHASTA
    SigmaTel Audio
    Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
    SiSoftware Sandra Professional Business 2009.SP3c
    skin0001
    SKINXSDK
    Skype Toolbars
    Skype™ 5.10
    SlingPlayer
    Snagit 10
    Sophos Virus Removal Tool
    Spybot - Search & Destroy
    Sql Server Customer Experience Improvement Program
    StarDot Tools 1.5.3
    staticcr
    Suite Shared Configuration CS4
    SUPERAntiSpyware
    SysMetrix 3.44
    System Requirements Lab for Intel
    TeamViewer 6
    TerraExplorer
    The Lord of the Rings FREE Trial
    tooltips
    Uniblue DriverScanner 2009
    Uniblue PowerSuite 2009
    Uniblue RegistryBooster 2009
    Uniblue SpeedUpMyPC 2009
    Unity Web Player
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    User's Guides
    V CAST Music with Rhapsody
    ViewSonic Monitor Drivers
    Virtual Weather Station
    VLC media player 1.0.0
    VMware Workstation
    VNC Enterprise Edition E4.4.2
    VNC Mirror Driver 1.8.0
    VPRINTOL
    WeatherLink 5.8.3
    WebSlingPlayer ActiveX
    WePrint
    Windows 7 Upgrade Advisor
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    Windows Live ID Sign-in Assistant
    Windows Live Upload Tool
    Windows XP Mode
    WinRAR archiver
    WinZip 12.1
    WIRELESS
    WordPerfect Office X4
    WordPerfect Office X4 - Common
    WordPerfect Office X4 - Content
    WordPerfect Office X4 - EN
    WordPerfect Office X4 - Filters
    WordPerfect Office X4 - Graphics
    WordPerfect Office X4 - ICA
    WordPerfect Office X4 - IPM
    WordPerfect Office X4 - IPM EN
    WordPerfect Office X4 - MAIL
    WordPerfect Office X4 - Migration Manager
    WordPerfect Office X4 - PerfectExperts
    WordPerfect Office X4 - PR
    WordPerfect Office X4 - QP
    WordPerfect Office X4 - Skins
    WordPerfect Office X4 - System
    WordPerfect Office X4 - WP
    World of Warcraft FREE Trial
    Xmarks for IE
    Xmarks Thumbnails for IE
    XPS MiniView Gadget
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    I still need Malwarebytes log.

    When done with posting that....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  3. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    7:23:18.0608 7556 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
    17:23:19.0113 7556 ============================================================
    17:23:19.0113 7556 Current date / time: 2012/08/18 17:23:19.0113
    17:23:19.0113 7556 SystemInfo:
    17:23:19.0113 7556
    17:23:19.0113 7556 OS Version: 6.1.7601 ServicePack: 1.0
    17:23:19.0113 7556 Product type: Workstation
    17:23:19.0114 7556 ComputerName: REGINALD-PC
    17:23:19.0117 7556 UserName: Reginald
    17:23:19.0117 7556 Windows directory: C:\Windows
    17:23:19.0117 7556 System windows directory: C:\Windows
    17:23:19.0117 7556 Processor architecture: Intel x86
    17:23:19.0117 7556 Number of processors: 4
    17:23:19.0117 7556 Page size: 0x1000
    17:23:19.0117 7556 Boot type: Normal boot
    17:23:19.0117 7556 ============================================================
    17:23:19.0998 7556 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    17:23:20.0370 7556 Drive \Device\Harddisk3\DR3 - Size: 0x1D500000 (0.46 Gb), SectorSize: 0x200, Cylinders: 0x3B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:23:20.0391 7556 Drive \Device\Harddisk5\DR5 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    17:23:20.0415 7556 ============================================================
    17:23:20.0415 7556 \Device\Harddisk0\DR0:
    17:23:20.0415 7556 MBR partitions:
    17:23:20.0415 7556 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
    17:23:20.0415 7556 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x23616000
    17:23:20.0415 7556 \Device\Harddisk3\DR3:
    17:23:20.0417 7556 MBR partitions:
    17:23:20.0417 7556 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x1E9, BlocksNum 0xEA217
    17:23:20.0417 7556 \Device\Harddisk5\DR5:
    17:23:20.0418 7556 MBR partitions:
    17:23:20.0418 7556 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
    17:23:20.0418 7556 ============================================================
    17:23:20.0449 7556 C: <-> \Device\Harddisk0\DR0\Partition2
    17:23:20.0481 7556 D: <-> \Device\Harddisk0\DR0\Partition1
    17:23:20.0496 7556 K: <-> \Device\Harddisk5\DR5\Partition1
    17:23:20.0496 7556 ============================================================
    17:23:20.0496 7556 Initialize success
    17:23:20.0496 7556 ============================================================
    17:28:17.0454 9480 ============================================================
    17:28:17.0454 9480 Scan started
    17:28:17.0454 9480 Mode: Manual;
    17:28:17.0454 9480 ============================================================
    17:28:19.0294 9480 ================ Scan services =============================
    17:28:19.0400 9480 [ c0393eb99a6c72c6bef9bfc4a72b33a6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    17:28:19.0402 9480 !SASCORE - ok
    17:28:19.0833 9480 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    17:28:19.0858 9480 1394ohci - ok
    17:28:20.0007 9480 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    17:28:20.0019 9480 ACDaemon - ok
    17:28:20.0083 9480 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    17:28:20.0088 9480 ACPI - ok
    17:28:20.0127 9480 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    17:28:20.0128 9480 AcpiPmi - ok
    17:28:20.0293 9480 [ 42cbe4c6a7af1d590cf4125918dfae62 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    17:28:20.0313 9480 AcrSch2Svc - ok
    17:28:21.0208 9480 [ b62597678a02da3a05e586d744fcbc62 ] ACTIVEWEBCAM C:\Program Files\Active WebCam\WebCam.exe
    17:28:21.0369 9480 ACTIVEWEBCAM - ok
    17:28:21.0447 9480 [ 7fd05b030830eaa194dd62f24f4d1be8 ] ACTIVEWEBCAMWATCHDOG C:\Program Files\Active WebCam\Watchdog.exe
    17:28:21.0457 9480 ACTIVEWEBCAMWATCHDOG - ok
    17:28:21.0570 9480 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    17:28:21.0571 9480 AdobeFlashPlayerUpdateSvc - ok
    17:28:21.0639 9480 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    17:28:21.0647 9480 adp94xx - ok
    17:28:21.0676 9480 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    17:28:21.0687 9480 adpahci - ok
    17:28:21.0705 9480 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    17:28:21.0708 9480 adpu320 - ok
    17:28:21.0748 9480 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    17:28:21.0760 9480 AeLookupSvc - ok
    17:28:21.0809 9480 [ a27deeebf1b17a053aea3e2f1d6f9295 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
    17:28:21.0813 9480 afcdp - ok
    17:28:22.0014 9480 [ 149e8ca66ceade0d17ac4028a567499f ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    17:28:22.0197 9480 afcdpsrv - ok
    17:28:22.0252 9480 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
    17:28:22.0258 9480 AFD - ok
    17:28:22.0301 9480 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
    17:28:22.0307 9480 agp440 - ok
    17:28:22.0365 9480 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    17:28:22.0367 9480 aic78xx - ok
    17:28:22.0420 9480 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
    17:28:22.0422 9480 ALG - ok
    17:28:22.0463 9480 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
    17:28:22.0465 9480 aliide - ok
    17:28:22.0524 9480 [ 5320ff0fdec41faf9d5cb01318aefd6a ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    17:28:22.0527 9480 AMD External Events Utility - ok
    17:28:22.0558 9480 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    17:28:22.0574 9480 amdagp - ok
    17:28:22.0594 9480 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
    17:28:22.0596 9480 amdide - ok
    17:28:22.0639 9480 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    17:28:22.0641 9480 AmdK8 - ok
    17:28:22.0978 9480 [ 335ace2a8e97439733f0f6a1bbd818d5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:28:23.0157 9480 amdkmdag - ok
    17:28:23.0188 9480 [ 0b1b116d30f133dc918287fd8e212f1e ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    17:28:23.0192 9480 amdkmdap - ok
    17:28:23.0217 9480 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    17:28:23.0220 9480 AmdPPM - ok
    17:28:23.0276 9480 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
    17:28:23.0278 9480 amdsata - ok
    17:28:23.0318 9480 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    17:28:23.0322 9480 amdsbs - ok
    17:28:23.0339 9480 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    17:28:23.0341 9480 amdxata - ok
    17:28:23.0437 9480 [ 378a326ba649e01aac767355aab9e90c ] APC Data Service C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
    17:28:23.0438 9480 APC Data Service - ok
    17:28:23.0497 9480 [ 84a1a403d2dd63ef941674cc87ff503c ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    17:28:23.0538 9480 APC UPS Service - ok
    17:28:23.0596 9480 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
    17:28:23.0607 9480 AppID - ok
    17:28:23.0636 9480 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    17:28:23.0637 9480 AppIDSvc - ok
    17:28:23.0695 9480 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
    17:28:23.0706 9480 Appinfo - ok
    17:28:23.0769 9480 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    17:28:23.0771 9480 Apple Mobile Device - ok
    17:28:23.0827 9480 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
    17:28:23.0830 9480 AppMgmt - ok
    17:28:23.0884 9480 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    17:28:23.0886 9480 arc - ok
    17:28:23.0905 9480 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    17:28:23.0908 9480 arcsas - ok
    17:28:24.0095 9480 [ 16cde6977cc88433bf3767c4d42b22d3 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
    17:28:24.0097 9480 asdrm - ok
    17:28:24.0137 9480 [ 3e62e3122e534254dd314fa8a7b6bf48 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
    17:28:24.0139 9480 asdrs - ok
    17:28:24.0309 9480 [ 197eb3cde17b18c78e1b5324d2e0a451 ] asdsrv C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    17:28:24.0318 9480 asdsrv - ok
    17:28:24.0349 9480 [ 9afcf85708576f3ef6fb868b6c604c01 ] asdws C:\Windows\system32\DRIVERS\asdws.sys
    17:28:24.0350 9480 asdws - ok
    17:28:24.0385 9480 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    17:28:24.0387 9480 AsyncMac - ok
    17:28:24.0456 9480 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
    17:28:24.0458 9480 atapi - ok
    17:28:24.0789 9480 [ 335ace2a8e97439733f0f6a1bbd818d5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    17:28:24.0837 9480 atikmdag - ok
    17:28:24.0906 9480 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    17:28:24.0949 9480 AudioEndpointBuilder - ok
    17:28:24.0962 9480 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    17:28:24.0964 9480 Audiosrv - ok
    17:28:25.0015 9480 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    17:28:25.0018 9480 AxInstSV - ok
    17:28:25.0077 9480 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    17:28:25.0092 9480 b06bdrv - ok

    Current MBAM log:
    alwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.18.06

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Reginald :: REGINALD-PC [administrator]

    Protection: Disabled

    8/18/2012 5:33:48 PM
    mbam-log-2012-08-18 (17-33-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 243583
    Time elapsed: 17 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    TDSSKiller log is incomplete.
    Post entire log.
  5. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    Uploaded txt file to large to paste
  6. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    If you've read forum rules....

    Split the log between couple of replies.
  7. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    18:46:28.0837 8236 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
    18:46:29.0351 8236 ============================================================
    18:46:29.0351 8236 Current date / time: 2012/08/18 18:46:29.0351
    18:46:29.0351 8236 SystemInfo:
    18:46:29.0351 8236
    18:46:29.0351 8236 OS Version: 6.1.7601 ServicePack: 1.0
    18:46:29.0351 8236 Product type: Workstation
    18:46:29.0351 8236 ComputerName: REGINALD-PC
    18:46:29.0355 8236 UserName: Reginald
    18:46:29.0355 8236 Windows directory: C:\Windows
    18:46:29.0355 8236 System windows directory: C:\Windows
    18:46:29.0355 8236 Processor architecture: Intel x86
    18:46:29.0355 8236 Number of processors: 4
    18:46:29.0355 8236 Page size: 0x1000
    18:46:29.0355 8236 Boot type: Normal boot
    18:46:29.0355 8236 ============================================================
    18:46:30.0693 8236 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    18:46:30.0982 8236 Drive \Device\Harddisk3\DR3 - Size: 0x1D500000 (0.46 Gb), SectorSize: 0x200, Cylinders: 0x3B, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:46:31.0865 8236 Drive \Device\Harddisk5\DR5 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    18:46:31.0890 8236 ============================================================
    18:46:31.0890 8236 \Device\Harddisk0\DR0:
    18:46:31.0909 8236 MBR partitions:
    18:46:31.0909 8236 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18000, BlocksNum 0x1E00000
    18:46:31.0909 8236 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E18000, BlocksNum 0x23616000
    18:46:31.0909 8236 \Device\Harddisk3\DR3:
    18:46:31.0911 8236 MBR partitions:
    18:46:31.0911 8236 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x6, StartLBA 0x1E9, BlocksNum 0xEA217
    18:46:31.0911 8236 \Device\Harddisk5\DR5:
    18:46:31.0912 8236 MBR partitions:
    18:46:31.0912 8236 \Device\Harddisk5\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
    18:46:31.0912 8236 ============================================================
    18:46:31.0952 8236 C: <-> \Device\Harddisk0\DR0\Partition2
    18:46:31.0984 8236 D: <-> \Device\Harddisk0\DR0\Partition1
    18:46:31.0988 8236 K: <-> \Device\Harddisk5\DR5\Partition1
    18:46:31.0988 8236 ============================================================
    18:46:31.0988 8236 Initialize success
    18:46:31.0988 8236 ============================================================
    18:46:33.0768 7744 ============================================================
    18:46:33.0768 7744 Scan started
    18:46:33.0768 7744 Mode: Manual;
    18:46:33.0768 7744 ============================================================
    18:46:33.0978 7744 ================ Scan services =============================
    18:46:34.0093 7744 [ c0393eb99a6c72c6bef9bfc4a72b33a6 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    18:46:34.0095 7744 !SASCORE - ok
    18:46:34.0318 7744 [ 1b133875b8aa8ac48969bd3458afe9f5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:46:34.0320 7744 1394ohci - ok
    18:46:34.0425 7744 [ adc420616c501b45d26c0fd3ef1e54e4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    18:46:34.0427 7744 ACDaemon - ok
    18:46:34.0484 7744 [ cea80c80bed809aa0da6febc04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:46:34.0489 7744 ACPI - ok
    18:46:34.0529 7744 [ 1efbc664abff416d1d07db115dcb264f ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:46:34.0530 7744 AcpiPmi - ok
    18:46:34.0628 7744 [ 42cbe4c6a7af1d590cf4125918dfae62 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    18:46:34.0633 7744 AcrSch2Svc - ok
    18:46:34.0799 7744 [ b62597678a02da3a05e586d744fcbc62 ] ACTIVEWEBCAM C:\Program Files\Active WebCam\WebCam.exe
    18:46:34.0891 7744 ACTIVEWEBCAM - ok
    18:46:34.0958 7744 [ 7fd05b030830eaa194dd62f24f4d1be8 ] ACTIVEWEBCAMWATCHDOG C:\Program Files\Active WebCam\Watchdog.exe
    18:46:34.0966 7744 ACTIVEWEBCAMWATCHDOG - ok
    18:46:35.0038 7744 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    18:46:35.0040 7744 AdobeFlashPlayerUpdateSvc - ok
    18:46:35.0108 7744 [ 21e785ebd7dc90a06391141aac7892fb ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:46:35.0113 7744 adp94xx - ok
    18:46:35.0137 7744 [ 0c676bc278d5b59ff5abd57bbe9123f2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:46:35.0141 7744 adpahci - ok
    18:46:35.0174 7744 [ 7c7b5ee4b7b822ec85321fe23a27db33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:46:35.0176 7744 adpu320 - ok
    18:46:35.0225 7744 [ 8b5eefeec1e6d1a72a06c526628ad161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:46:35.0232 7744 AeLookupSvc - ok
    18:46:35.0278 7744 [ a27deeebf1b17a053aea3e2f1d6f9295 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
    18:46:35.0281 7744 afcdp - ok
    18:46:35.0430 7744 [ 149e8ca66ceade0d17ac4028a567499f ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    18:46:35.0588 7744 afcdpsrv - ok
    18:46:35.0662 7744 [ 9ebbba55060f786f0fcaa3893bfa2806 ] AFD C:\Windows\system32\drivers\afd.sys
    18:46:35.0667 7744 AFD - ok
    18:46:35.0704 7744 [ 507812c3054c21cef746b6ee3d04dd6e ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:46:35.0706 7744 agp440 - ok
    18:46:35.0759 7744 [ 8b30250d573a8f6b4bd23195160d8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
    18:46:35.0761 7744 aic78xx - ok
    18:46:35.0806 7744 [ 18a54e132947cd98fea9accc57f98f13 ] ALG C:\Windows\System32\alg.exe
    18:46:35.0808 7744 ALG - ok
    18:46:35.0849 7744 [ 0d40bcf52ea90fc7df2aeab6503dea44 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:46:35.0850 7744 aliide - ok
    18:46:35.0909 7744 [ 5320ff0fdec41faf9d5cb01318aefd6a ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    18:46:35.0912 7744 AMD External Events Utility - ok
    18:46:35.0936 7744 [ 3c6600a0696e90a463771c7422e23ab5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    18:46:35.0938 7744 amdagp - ok
    18:46:35.0997 7744 [ cd5914170297126b6266860198d1d4f0 ] amdide C:\Windows\system32\drivers\amdide.sys
    18:46:36.0011 7744 amdide - ok
    18:46:36.0050 7744 [ 00dda200d71bac534bf56a9db5dfd666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:46:36.0052 7744 AmdK8 - ok
    18:46:36.0319 7744 [ 335ace2a8e97439733f0f6a1bbd818d5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:46:36.0486 7744 amdkmdag - ok
    18:46:36.0540 7744 [ 0b1b116d30f133dc918287fd8e212f1e ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    18:46:36.0551 7744 amdkmdap - ok
    18:46:36.0586 7744 [ 3cbf30f5370fda40dd3e87df38ea53b6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:46:36.0598 7744 AmdPPM - ok
    18:46:36.0678 7744 [ d320bf87125326f996d4904fe24300fc ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:46:36.0680 7744 amdsata - ok
    18:46:36.0738 7744 [ ea43af0c423ff267355f74e7a53bdaba ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:46:36.0740 7744 amdsbs - ok
    18:46:36.0767 7744 [ 46387fb17b086d16dea267d5be23a2f2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:46:36.0770 7744 amdxata - ok
    18:46:36.0940 7744 [ 378a326ba649e01aac767355aab9e90c ] APC Data Service C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
    18:46:36.0949 7744 APC Data Service - ok
    18:46:37.0091 7744 [ 84a1a403d2dd63ef941674cc87ff503c ] APC UPS Service C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    18:46:37.0117 7744 APC UPS Service - ok
    18:46:37.0216 7744 [ aea177f783e20150ace5383ee368da19 ] AppID C:\Windows\system32\drivers\appid.sys
    18:46:37.0224 7744 AppID - ok
    18:46:37.0331 7744 [ 62a9c86cb6085e20db4823e4e97826f5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:46:37.0343 7744 AppIDSvc - ok
    18:46:37.0481 7744 [ fb1959012294d6ad43e5304df65e3c26 ] Appinfo C:\Windows\System32\appinfo.dll
    18:46:37.0493 7744 Appinfo - ok
    18:46:37.0722 7744 [ 7ef47644b74ebe721cc32211d3c35e76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:46:37.0732 7744 Apple Mobile Device - ok
    18:46:38.0047 7744 [ a45d184df6a8803da13a0b329517a64a ] AppMgmt C:\Windows\System32\appmgmts.dll
    18:46:38.0080 7744 AppMgmt - ok
    18:46:38.0178 7744 [ 2932004f49677bd84dbc72edb754ffb3 ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:46:38.0189 7744 arc - ok
    18:46:38.0225 7744 [ 5d6f36c46fd283ae1b57bd2e9feb0bc7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:46:38.0237 7744 arcsas - ok
    18:46:38.0323 7744 [ 16cde6977cc88433bf3767c4d42b22d3 ] asdrm C:\Windows\system32\DRIVERS\asdrm.sys
    18:46:38.0332 7744 asdrm - ok
    18:46:38.0381 7744 [ 3e62e3122e534254dd314fa8a7b6bf48 ] asdrs C:\Windows\system32\DRIVERS\asdrs.sys
    18:46:38.0395 7744 asdrs - ok
    18:46:38.0628 7744 [ 197eb3cde17b18c78e1b5324d2e0a451 ] asdsrv C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    18:46:38.0677 7744 asdsrv - ok
    18:46:38.0735 7744 [ 9afcf85708576f3ef6fb868b6c604c01 ] asdws C:\Windows\system32\DRIVERS\asdws.sys
    18:46:38.0738 7744 asdws - ok
    18:46:38.0780 7744 [ add2ade1c2b285ab8378d2daaf991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:46:38.0785 7744 AsyncMac - ok
    18:46:39.0125 7744 [ 338c86357871c167a96ab976519bf59e ] atapi C:\Windows\system32\drivers\atapi.sys
    18:46:39.0138 7744 atapi - ok
    18:46:39.0751 7744 [ 335ace2a8e97439733f0f6a1bbd818d5 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    18:46:39.0796 7744 atikmdag - ok
    18:46:39.0867 7744 [ ce3b4e731638d2ef62fcb419be0d39f0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:46:39.0873 7744 AudioEndpointBuilder - ok
    18:46:39.0883 7744 [ ce3b4e731638d2ef62fcb419be0d39f0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    18:46:39.0886 7744 Audiosrv - ok
    18:46:39.0959 7744 [ 6e30d02aac9cac84f421622e3a2f6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:46:39.0961 7744 AxInstSV - ok
    18:46:40.0045 7744 [ 1a231abec60fd316ec54c66715543cec ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
    18:46:40.0064 7744 b06bdrv - ok
    18:46:40.0085 7744 [ bd8869eb9cde6bbe4508d869929869ee ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    18:46:40.0089 7744 b57nd60x - ok
    18:46:40.0209 7744 [ 2ed050291bc1d7f9e322e328db3aaecf ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE
    18:46:40.0211 7744 BBSvc - ok
    18:46:40.0238 7744 [ 785de7abda13309d6065305542829e76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    18:46:40.0241 7744 BBUpdate - ok
    18:46:40.0278 7744 [ ee1e9c3bb8228ae423dd38db69128e71 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:46:40.0280 7744 BDESVC - ok
    18:46:40.0321 7744 [ 505506526a9d467307b3c393dedaf858 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:46:40.0322 7744 Beep - ok
    18:46:40.0409 7744 [ 1e2bac209d184bb851e1a187d8a29136 ] BFE C:\Windows\System32\bfe.dll
    18:46:40.0416 7744 BFE - ok
    18:46:40.0482 7744 [ e585445d5021971fae10393f0f1c3961 ] BITS C:\Windows\system32\qmgr.dll
    18:46:40.0492 7744 BITS - ok
    18:46:40.0528 7744 [ 2287078ed48fcfc477b05b20cf38f36f ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:46:40.0529 7744 blbdrive - ok
    18:46:40.0642 7744 [ db5bea73edaf19ac68b2c0fad0f92b1a ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:46:40.0659 7744 Bonjour Service - ok
    18:46:40.0717 7744 [ 8f2da3028d5fcbd1a060a3de64cd6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:46:40.0719 7744 bowser - ok
    18:46:40.0734 7744 [ 9f9acc7f7ccde8a15c282d3f88b43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:46:40.0735 7744 BrFiltLo - ok
    18:46:40.0752 7744 [ 56801ad62213a41f6497f96dee83755a ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:46:40.0754 7744 BrFiltUp - ok
    18:46:40.0805 7744 [ 77361d72a04f18809d0efb6cceb74d4b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    18:46:40.0807 7744 BridgeMP - ok
    18:46:40.0856 7744 [ 3daa727b5b0a45039b0e1c9a211b8400 ] Browser C:\Windows\System32\browser.dll
    18:46:40.0863 7744 Browser - ok
    18:46:40.0882 7744 [ 845b8ce732e67f3b4133164868c666ea ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:46:40.0886 7744 Brserid - ok
    18:46:40.0905 7744 [ 203f0b1e73adadbbb7b7b1fabd901f6b ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:46:40.0907 7744 BrSerWdm - ok
    18:46:40.0918 7744 [ bd456606156ba17e60a04e18016ae54b ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:46:40.0919 7744 BrUsbMdm - ok
    18:46:40.0932 7744 [ af72ed54503f717a43268b3cc5faec2e ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:46:40.0934 7744 BrUsbSer - ok
    18:46:40.0977 7744 [ 2865a5c8e98c70c605f417908cebb3a4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
    18:46:40.0978 7744 BthEnum - ok
    18:46:40.0998 7744 [ ed3df7c56ce0084eb2034432fc56565a ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:46:41.0000 7744 BTHMODEM - ok
    18:46:41.0036 7744 [ ad1872e5829e8a2c3b5b4b641c3eab0e ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
    18:46:41.0038 7744 BthPan - ok
    18:46:41.0129 7744 [ 1153de2e4f5941e10c399cb5592f78a1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
    18:46:41.0146 7744 BTHPORT - ok
    18:46:41.0199 7744 [ 1df19c96eef6c29d1c3e1a8678e07190 ] bthserv C:\Windows\system32\bthserv.dll
    18:46:41.0201 7744 bthserv - ok
    18:46:41.0216 7744 [ c81e9413a25a439f436b1d4b6a0cf9e9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
    18:46:41.0218 7744 BTHUSB - ok
    18:46:41.0268 7744 [ f549c3fb145a4928e40bb1518b2034dc ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
    18:46:41.0270 7744 btusbflt - ok
    18:46:41.0316 7744 [ f97a9c093e79bf117d9f26f2d31dca5e ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
    18:46:41.0317 7744 btwaudio - ok
    18:46:41.0373 7744 [ 143c4c1ee6d131eca8b4ab5f80b3f910 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
    18:46:41.0376 7744 btwavdt - ok
    18:46:41.0453 7744 [ b6c870ee321aa8678198ea003dcfbb02 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    18:46:41.0460 7744 btwdins - ok
    18:46:41.0507 7744 [ aafd7cb76ba61fbb08e302da208c974a ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
    18:46:41.0508 7744 btwl2cap - ok
    18:46:41.0522 7744 [ 97cf6c5d3b443344497f1f53e5d0ed50 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
    18:46:41.0524 7744 btwrchid - ok
    18:46:41.0698 7744 catchme - ok
    18:46:41.0735 7744 [ 77ea11b065e0a8ab902d78145ca51e10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:46:41.0737 7744 cdfs - ok
    18:46:41.0778 7744 [ be167ed0fdb9c1fa1133953c18d5a6c9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    18:46:41.0780 7744 cdrom - ok
    18:46:41.0830 7744 [ 319c6b309773d063541d01df8ac6f55f ] CertPropSvc C:\Windows\System32\certprop.dll
    18:46:41.0832 7744 CertPropSvc - ok
    18:46:41.0863 7744 [ 3fe3fe94a34df6fb06e6418d0f6a0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:46:41.0864 7744 circlass - ok
    18:46:41.0905 7744 [ 635181e0e9bbf16871bf5380d71db02d ] CLFS C:\Windows\system32\CLFS.sys
    18:46:41.0909 7744 CLFS - ok
    18:46:41.0978 7744 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:46:41.0980 7744 clr_optimization_v2.0.50727_32 - ok
    18:46:42.0068 7744 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:46:42.0070 7744 clr_optimization_v4.0.30319_32 - ok
    18:46:42.0083 7744 [ dea805815e587dad1dd2c502220b5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:46:42.0084 7744 CmBatt - ok
    18:46:42.0093 7744 [ c537b1db64d495b9b4717b4d6d9edbf2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:46:42.0095 7744 cmdide - ok
    18:46:42.0137 7744 [ 247b4ce2dab1160cd422d532d5241e1f ] CNG C:\Windows\system32\Drivers\cng.sys
    18:46:42.0142 7744 CNG - ok
    18:46:42.0151 7744 [ a6023d3823c37043986713f118a89bee ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:46:42.0152 7744 Compbatt - ok
    18:46:42.0202 7744 [ cbe8c58a8579cfe5fccf809e6f114e89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:46:42.0204 7744 CompositeBus - ok
    18:46:42.0226 7744 COMSysApp - ok
    18:46:42.0292 7744 [ d01f685f8b4598d144b0cce9ff95d8d5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
    18:46:42.0293 7744 cpudrv - ok
    18:46:42.0308 7744 [ 2c4ebcfc84a9b44f209dff6c6e6c61d1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:46:42.0310 7744 crcdisk - ok
    18:46:42.0366 7744 [ 06e771aa596b8761107ab57e99f128d7 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:46:42.0368 7744 CryptSvc - ok
    18:46:42.0443 7744 [ 3c2177a897b4ca2788c6fb0c3fd81d4b ] CSC C:\Windows\system32\drivers\csc.sys
    18:46:42.0452 7744 CSC - ok
    18:46:42.0478 7744 [ 15f93b37f6801943360d9eb42485d5d3 ] CscService C:\Windows\System32\cscsvc.dll
    18:46:42.0485 7744 CscService - ok
    18:46:42.0607 7744 [ 42709e252b5350aee260dbfa2b4532c2 ] DbgSvc C:\Program Files\DebugDiag\DbgSvc.exe
    18:46:42.0612 7744 DbgSvc - ok
    18:46:42.0664 7744 [ 7caaf4af453ef3582fef65dd72caa0aa ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
    18:46:42.0666 7744 dc3d - ok
    18:46:42.0717 7744 [ 7660f01d3b38aca1747e397d21d790af ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:46:42.0735 7744 DcomLaunch - ok
    18:46:42.0784 7744 [ 8d6e10a2d9a5eed59562d9b82cf804e1 ] defragsvc C:\Windows\System32\defragsvc.dll
    18:46:42.0788 7744 defragsvc - ok
    18:46:42.0844 7744 [ f024449c97ec1e464aaffda18593db88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:46:42.0848 7744 DfsC - ok
    18:46:42.0907 7744 [ e9e01eb683c132f7fa27cd607b8a2b63 ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:46:42.0911 7744 Dhcp - ok
    18:46:42.0941 7744 [ 1a050b0274bfb3890703d490f330c0da ] discache C:\Windows\system32\drivers\discache.sys
    18:46:42.0942 7744 discache - ok
    18:46:43.0021 7744 [ 565003f326f99802e68ca78f2a68e9ff ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:46:43.0022 7744 Disk - ok
    18:46:43.0074 7744 [ 33ef4861f19a0736b11314aad9ae28d0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:46:43.0077 7744 Dnscache - ok
    18:46:43.0148 7744 [ 366ba8fb4b7bb7435e3b9eacb3843f67 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:46:43.0161 7744 dot3svc - ok
    18:46:43.0171 7744 [ 8ec04ca86f1d68da9e11952eb85973d6 ] DPS C:\Windows\system32\dps.dll
    18:46:43.0174 7744 DPS - ok
    18:46:43.0225 7744 [ b918e7c5f9bf77202f89e1a9539f2eb4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:46:43.0226 7744 drmkaud - ok
    18:46:43.0327 7744 [ a666127b9fc5b8c82a3afe4e4a5508f1 ] DUMeterDrv C:\Program Files\DU Meter\DUMETR32.SYS
    18:46:43.0339 7744 DUMeterDrv - ok
    18:46:43.0356 7744 DUMeterSvc - ok
    18:46:43.0411 7744 [ 23f5d28378a160352ba8f817bd8c71cb ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:46:43.0420 7744 DXGKrnl - ok
    18:46:43.0478 7744 [ 0535bfbedb9378ddd15bdf9957d57d71 ] e1express C:\Windows\system32\DRIVERS\e1e6232.sys
    18:46:43.0482 7744 e1express - ok
    18:46:43.0521 7744 [ 8600142fa91c1b96367d3300ad0f3f3a ] EapHost C:\Windows\System32\eapsvc.dll
    18:46:43.0523 7744 EapHost - ok
    18:46:43.0734 7744 [ 024e1b5cac09731e4d868e64dbfb4ab0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
    18:46:43.0802 7744 ebdrv - ok
    18:46:43.0864 7744 [ 47ce4e650d91dc095a2fddb15631a78a ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
    18:46:43.0869 7744 eeCtrl - ok
    18:46:43.0921 7744 [ 81951f51e318aecc2d68559e47485cc4 ] EFS C:\Windows\System32\lsass.exe
    18:46:43.0923 7744 EFS - ok
    18:46:43.0992 7744 [ a8c362018efc87beb013ee28f29c0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:46:44.0000 7744 ehRecvr - ok
    18:46:44.0040 7744 [ d389bff34f80caede417bf9d1507996a ] ehSched C:\Windows\ehome\ehsched.exe
    18:46:44.0043 7744 ehSched - ok
    18:46:44.0081 7744 [ 0ed67910c8c326796faa00b2bf6d9d3c ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:46:44.0087 7744 elxstor - ok
    18:46:44.0158 7744 [ 539ca34fbc74ec366a0d751028c32a08 ] epmntdrv C:\Windows\system32\epmntdrv.sys
    18:46:44.0160 7744 epmntdrv - ok
    18:46:44.0182 7744 [ 8fc3208352dd3912c94367a206ab3f11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:46:44.0183 7744 ErrDev - ok
    18:46:44.0224 7744 [ 1f2f4ab15ce03ecc257feb2f6dc5a013 ] EuGdiDrv C:\Windows\system32\EuGdiDrv.sys
    18:46:44.0226 7744 EuGdiDrv - ok
    18:46:44.0270 7744 [ f6916efc29d9953d5d0df06882ae8e16 ] EventSystem C:\Windows\system32\es.dll
    18:46:44.0274 7744 EventSystem - ok
    18:46:44.0294 7744 [ 2dc9108d74081149cc8b651d3a26207f ] exfat C:\Windows\system32\drivers\exfat.sys
    18:46:44.0297 7744 exfat - ok
    18:46:44.0327 7744 [ 7e0ab74553476622fb6ae36f73d97d35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:46:44.0330 7744 fastfat - ok
    18:46:44.0391 7744 [ 967ea5b213e9984cbe270205df37755b ] Fax C:\Windows\system32\fxssvc.exe
    18:46:44.0398 7744 Fax - ok
    18:46:44.0435 7744 [ e817a017f82df2a1f8cfdbda29388b29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:46:44.0436 7744 fdc - ok
    18:46:44.0444 7744 [ f3222c893bd2f5821a0179e5c71e88fb ] fdPHost C:\Windows\system32\fdPHost.dll
    18:46:44.0446 7744 fdPHost - ok
    18:46:44.0483 7744 [ 7dbe8cbfe79efbdeb98c9fb08d3a9a5b ] FDResPub C:\Windows\system32\fdrespub.dll
    18:46:44.0485 7744 FDResPub - ok
    18:46:44.0500 7744 [ 6cf00369c97f3cf563be99be983d13d8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:46:44.0502 7744 FileInfo - ok
    18:46:44.0520 7744 [ 42c51dc94c91da21cb9196eb64c45db9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:46:44.0521 7744 Filetrace - ok
    18:46:44.0577 7744 [ 1f63900e2eb00101b9aca2b7a870704e ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:46:44.0593 7744 FLEXnet Licensing Service - ok
    18:46:44.0619 7744 [ 87907aa70cb3c56600f1c2fb8841579b ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:46:44.0621 7744 flpydisk - ok
    18:46:44.0664 7744 [ 7520ec808e0c35e0ee6f841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:46:44.0667 7744 FltMgr - ok
    18:46:44.0709 7744 [ 9abce4fa55985cb4093c54d57c644cb6 ] FontCache C:\Windows\system32\FntCache.dll
    18:46:44.0742 7744 FontCache - ok
    18:46:44.0857 7744 [ e56f39f6b7fda0ac77a79b0fd3de1a2f ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    18:46:44.0858 7744 FontCache3.0.0.0 - ok
    18:46:44.0868 7744 [ 1a16b57943853e598cff37fe2b8cbf1d ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:46:44.0869 7744 FsDepends - ok
    18:46:44.0907 7744 [ 7dae5ebcc80e45d3253f4923dc424d05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:46:44.0908 7744 Fs_Rec - ok
    18:46:44.0958 7744 [ 8a73e79089b282100b9393b644cb853b ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:46:44.0961 7744 fvevol - ok
    18:46:45.0005 7744 [ 65ee0c7a58b65e74ae05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:46:45.0007 7744 gagp30kx - ok
    18:46:45.0065 7744 [ 8182ff89c65e4d38b2de4bb0fb18564e ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:46:45.0066 7744 GEARAspiWDM - ok
    18:46:45.0147 7744 [ 9f5f2f0fb0a7f5aa9f16b9a7b6dad89f ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    18:46:45.0154 7744 GoogleDesktopManager-051210-111108 - ok
    18:46:45.0299 7744 [ 0b53f4306e17025e7685d18c3a77127e ] GoToMyPC C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    18:46:45.0325 7744 GoToMyPC - ok
    18:46:45.0381 7744 [ e897eaf5ed6ba41e081060c9b447a673 ] gpsvc C:\Windows\System32\gpsvc.dll
    18:46:45.0389 7744 gpsvc - ok
    18:46:45.0436 7744 [ 626a24ed1228580b9518c01930936df9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
    18:46:45.0437 7744 gupdate - ok
    18:46:45.0470 7744 [ 626a24ed1228580b9518c01930936df9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
    18:46:45.0471 7744 gupdatem - ok
    18:46:45.0509 7744 [ 5d4bc124faae6730ac002cdb67bf1a1c ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:46:45.0512 7744 gusvc - ok
    18:46:45.0543 7744 [ 2084888f800fb1c1e514fd6da168b5b3 ] hcmon C:\Windows\system32\drivers\hcmon.sys
    18:46:45.0545 7744 hcmon - ok
    18:46:45.0577 7744 [ c44e3c2bab6837db337ddee7544736db ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:46:45.0578 7744 hcw85cir - ok
    18:46:45.0631 7744 [ a5ef29d5315111c80a5c1abad14c8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:46:45.0635 7744 HdAudAddService - ok
    18:46:45.0684 7744 [ 9036377b8a6c15dc2eec53e489d159b5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:46:45.0686 7744 HDAudBus - ok
    18:46:45.0700 7744 [ 1d58a7f3e11a9731d0eaaaa8405acc36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:46:45.0701 7744 HidBatt - ok
    18:46:45.0718 7744 [ 89448f40e6df260c206a193a4683ba78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:46:45.0720 7744 HidBth - ok
    18:46:45.0732 7744 [ cf50b4cf4a4f229b9f3c08351f99ca5e ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:46:45.0734 7744 HidIr - ok
    18:46:45.0766 7744 [ 2bc6f6a1992b3a77f5f41432ca6b3b6b ] hidserv C:\Windows\System32\hidserv.dll
  8. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    18:46:45.0768 7744 hidserv - ok
    18:46:45.0828 7744 [ 10c19f8290891af023eaec0832e1eb4d ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    18:46:45.0829 7744 HidUsb - ok
    18:46:45.0872 7744 [ 196b4e3f4cccc24af836ce58facbb699 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:46:45.0882 7744 hkmsvc - ok
    18:46:45.0924 7744 [ 6658f4404de03d75fe3ba09f7aba6a30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:46:45.0928 7744 HomeGroupListener - ok
    18:46:45.0970 7744 [ dbc02d918fff1cad628acbe0c0eaa8e8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:46:45.0975 7744 HomeGroupProvider - ok
    18:46:46.0022 7744 [ 295fdc419039090eb8b49ffdbb374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:46:46.0024 7744 HpSAMD - ok
    18:46:46.0079 7744 [ 871917b07a141bff43d76d8844d48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:46:46.0086 7744 HTTP - ok
    18:46:46.0134 7744 [ 0c4e035c7f105f1299258c90886c64c5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:46:46.0135 7744 hwpolicy - ok
    18:46:46.0183 7744 [ f151f0bdc47f4a28b1b20a0818ea36d6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:46:46.0185 7744 i8042prt - ok
    18:46:46.0274 7744 [ 72b53e9c8924949dec8f3799bcba2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    18:46:46.0291 7744 IAANTMON - ok
    18:46:46.0362 7744 [ e5a0034847537eaee3c00349d5c34c5f ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    18:46:46.0364 7744 iaStor - ok
    18:46:46.0424 7744 [ 5cd5f9a5444e6cdcb0ac89bd62d8b76e ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:46:46.0428 7744 iaStorV - ok
    18:46:46.0492 7744 [ 6f95324909b502e2651442c1548ab12f ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    18:46:46.0495 7744 IDriverT - ok
    18:46:46.0566 7744 [ c521d7eb6497bb1af6afa89e322fb43c ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    18:46:46.0577 7744 idsvc - ok
    18:46:46.0632 7744 [ 4173ff5708f3236cf25195fecd742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:46:46.0634 7744 iirsp - ok
    18:46:46.0696 7744 [ f95622f161474511b8d80d6b093aa610 ] IKEEXT C:\Windows\System32\ikeext.dll
    18:46:46.0705 7744 IKEEXT - ok
    18:46:46.0757 7744 [ a0f12f2c9ba6c72f3987ce780e77c130 ] intelide C:\Windows\system32\drivers\intelide.sys
    18:46:46.0759 7744 intelide - ok
    18:46:46.0776 7744 [ 3b514d27bfc4accb4037bc6685f766e0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:46:46.0778 7744 intelppm - ok
    18:46:46.0805 7744 IogearUDSMBus - ok
    18:46:46.0878 7744 [ acb364b9075a45c0736e5c47be5cae19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:46:46.0881 7744 IPBusEnum - ok
    18:46:46.0930 7744 [ 709d1761d3b19a932ff0238ea6d50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:46:46.0932 7744 IpFilterDriver - ok
    18:46:46.0994 7744 [ 4d65a07b795d6674312f879d09aa7663 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:46:47.0005 7744 iphlpsvc - ok
    18:46:47.0014 7744 [ 4bd7134618c1d2a27466a099062547bf ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:46:47.0016 7744 IPMIDRV - ok
    18:46:47.0029 7744 [ a5fa468d67abcdaa36264e463a7bb0cd ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:46:47.0031 7744 IPNAT - ok
    18:46:47.0101 7744 [ 57edb35ea2feca88f8b17c0c095c9a56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:46:47.0126 7744 iPod Service - ok
    18:46:47.0165 7744 [ 42996cff20a3084a56017b7902307e9f ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:46:47.0167 7744 IRENUM - ok
    18:46:47.0182 7744 [ 1f32bb6b38f62f7df1a7ab7292638a35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:46:47.0184 7744 isapnp - ok
    18:46:47.0208 7744 [ cb7a9abb12b8415bce5d74994c7ba3ae ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:46:47.0212 7744 iScsiPrt - ok
    18:46:47.0248 7744 [ adef52ca1aeae82b50df86b56413107e ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    18:46:47.0250 7744 kbdclass - ok
    18:46:47.0297 7744 [ 9e3ced91863e6ee98c24794d05e27a71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    18:46:47.0298 7744 kbdhid - ok
    18:46:47.0311 7744 [ 81951f51e318aecc2d68559e47485cc4 ] KeyIso C:\Windows\system32\lsass.exe
    18:46:47.0313 7744 KeyIso - ok
    18:46:47.0426 7744 [ 51527a0a1ff0660489843b069f923dae ] kmodurl C:\Program Files\Kingsoft\PcDoctor\kmodurl.sys
    18:46:47.0428 7744 kmodurl - ok
    18:46:47.0490 7744 [ 641ea07d25c8a39a7868bc7f769d4b9a ] KSafeSvc C:\Program Files\Kingsoft\PcDoctor\KSafeSvc.exe
    18:46:47.0492 7744 KSafeSvc - ok
    18:46:47.0524 7744 [ b7895b4182c0d16f6efadeb8081e8d36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:46:47.0526 7744 KSecDD - ok
    18:46:47.0563 7744 [ d30159ac9237519fbc62c6ec247d2d46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:46:47.0565 7744 KSecPkg - ok
    18:46:47.0607 7744 [ 89a7b9cc98d0d80c6f31b91c0a310fcd ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:46:47.0613 7744 KtmRm - ok
    18:46:47.0676 7744 [ d64af876d53eca3668bb97b51b4e70ab ] LanmanServer C:\Windows\System32\srvsvc.dll
    18:46:47.0681 7744 LanmanServer - ok
    18:46:47.0693 7744 [ 58405e4f68ba8e4057c6e914f326aba2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:46:47.0697 7744 LanmanWorkstation - ok
    18:46:47.0761 7744 [ bae60e7df29313470d6f18fe2550f53e ] libusb0 C:\Windows\system32\DRIVERS\libusb0.sys
    18:46:47.0763 7744 libusb0 - ok
    18:46:47.0822 7744 [ f7611ec07349979da9b0ae1f18ccc7a6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:46:47.0823 7744 lltdio - ok
    18:46:47.0892 7744 [ 5700673e13a2117fa3b9020c852c01e2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:46:47.0926 7744 lltdsvc - ok
    18:46:47.0946 7744 [ 55ca01ba19d0006c8f2639b6c045e08b ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:46:47.0948 7744 lmhosts - ok
    18:46:48.0065 7744 [ 63daf163d1617dd611bd0ab8e41a43e8 ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    18:46:48.0068 7744 LMIGuardianSvc - ok
    18:46:48.0113 7744 [ 4f69faaabb7db0d43e327c0b6aab40fc ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys
    18:46:48.0114 7744 LMIInfo - ok
    18:46:48.0154 7744 [ 175f50f37eeaa1d4d744bcccbb7cf68c ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe
    18:46:48.0156 7744 LMIMaint - ok
    18:46:48.0191 7744 [ 4477689e2d8ae6b78ba34c9af4cc1ed1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys
    18:46:48.0192 7744 lmimirr - ok
    18:46:48.0216 7744 LMIRfsClientNP - ok
    18:46:48.0238 7744 [ 3faa563ddf853320f90259d455a01d79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys
    18:46:48.0240 7744 LMIRfsDriver - ok
    18:46:48.0277 7744 [ 432618fa75b61059d2c57d6a7e55147a ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe
    18:46:48.0280 7744 LogMeIn - ok
    18:46:48.0348 7744 [ eb119a53ccf2acc000ac71b065b78fef ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:46:48.0363 7744 LSI_FC - ok
    18:46:48.0380 7744 [ 8ade1c877256a22e49b75d1cc9161f9c ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:46:48.0382 7744 LSI_SAS - ok
    18:46:48.0410 7744 [ dc9dc3d3daa0e276fd2ec262e38b11e9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:46:48.0412 7744 LSI_SAS2 - ok
    18:46:48.0429 7744 [ 0a036c7d7cab643a7f07135ac47e0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:46:48.0431 7744 LSI_SCSI - ok
    18:46:48.0476 7744 [ 6703e366cc18d3b6e534f5cf7df39cee ] luafv C:\Windows\system32\drivers\luafv.sys
    18:46:48.0479 7744 luafv - ok
    18:46:48.0536 7744 [ 6dfe7f2e8e8a337263aa5c92a215f161 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    18:46:48.0538 7744 MBAMProtector - ok
    18:46:48.0661 7744 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
    18:46:48.0671 7744 MBAMService - ok
    18:46:48.0714 7744 [ 8fd868e32459ece2a1bb0169f513d31e ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys
    18:46:48.0717 7744 mcdbus - ok
    18:46:48.0756 7744 [ bfb9ee8ee977efe85d1a3105abef6dd1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:46:48.0759 7744 Mcx2Svc - ok
    18:46:48.0874 7744 [ 11f714f85530a2bd134074dc30e99fca ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    18:46:48.0880 7744 MDM - ok
    18:46:48.0922 7744 [ 0fff5b045293002ab38eb1fd1fc2fb74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:46:48.0923 7744 megasas - ok
    18:46:48.0966 7744 [ dcbab2920c75f390caf1d29f675d03d6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:46:48.0969 7744 MegaSR - ok
    18:46:49.0057 7744 Microsoft SharePoint Workspace Audit Service - ok
    18:46:49.0091 7744 [ 146b6f43a673379a3c670e86d89be5ea ] MMCSS C:\Windows\system32\mmcss.dll
    18:46:49.0094 7744 MMCSS - ok
    18:46:49.0134 7744 [ c6a81f138f297cc7e653efc059cca033 ] Modem C:\Windows\system32\drivers\modem.sys
    18:46:49.0135 7744 Modem - ok
    18:46:49.0171 7744 [ 79d10964de86b292320e9dfe02282a23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:46:49.0180 7744 monitor - ok
    18:46:49.0215 7744 [ fb18cc1d4c2e716b6b903b0ac0cc0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    18:46:49.0217 7744 mouclass - ok
    18:46:49.0260 7744 [ 2c388d2cd01c9042596cf3c8f3c7b24d ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:46:49.0261 7744 mouhid - ok
    18:46:49.0309 7744 [ fc8771f45ecccfd89684e38842539b9b ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:46:49.0313 7744 mountmgr - ok
    18:46:49.0386 7744 [ d993bea500e7382dc4e760bf4f35efcb ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    18:46:49.0395 7744 MpFilter - ok
    18:46:49.0414 7744 [ 2d699fb6e89ce0d8da14ecc03b3edfe0 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:46:49.0416 7744 mpio - ok
    18:46:49.0613 7744 [ a69630d039c38018689190234f866d77 ] MpKsl7ad2c85a c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\MpKsl7ad2c85a.sys
    18:46:49.0614 7744 MpKsl7ad2c85a - ok
    18:46:49.0646 7744 [ ad2723a7b53dd1aacae6ad8c0bfbf4d0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:46:49.0648 7744 mpsdrv - ok
    18:46:49.0726 7744 [ 9835584e999d25004e1ee8e5f3e3b881 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:46:49.0740 7744 MpsSvc - ok
    18:46:49.0780 7744 [ ceb46ab7c01c9f825f8cc6babc18166a ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:46:49.0782 7744 MRxDAV - ok
    18:46:49.0826 7744 [ 5d16c921e3671636c0eba3bbaac5fd25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:46:49.0828 7744 mrxsmb - ok
    18:46:49.0871 7744 [ 6d17a4791aca19328c685d256349fefc ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:46:49.0875 7744 mrxsmb10 - ok
    18:46:49.0890 7744 [ b81f204d146000be76651a50670a5e9e ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:46:49.0893 7744 mrxsmb20 - ok
    18:46:49.0941 7744 [ 012c5f4e9349e711e11e0f19a8589f0a ] msahci C:\Windows\system32\drivers\msahci.sys
    18:46:49.0943 7744 msahci - ok
    18:46:50.0017 7744 [ 31e023681015c35ebfe1498b07813b87 ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    18:46:50.0020 7744 MSCamSvc - ok
    18:46:50.0044 7744 [ 55055f8ad8be27a64c831322a780a228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:46:50.0046 7744 msdsm - ok
    18:46:50.0064 7744 [ e1bce74a3bd9902b72599c0192a07e27 ] MSDTC C:\Windows\System32\msdtc.exe
    18:46:50.0067 7744 MSDTC - ok
    18:46:50.0112 7744 [ daefb28e3af5a76abcc2c3078c07327f ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:46:50.0121 7744 Msfs - ok
    18:46:50.0133 7744 [ 3e1e5767043c5af9367f0056295e9f84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:46:50.0135 7744 mshidkmdf - ok
    18:46:50.0170 7744 [ 0a4e5757ae09fa9622e3158cc1aef114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:46:50.0171 7744 msisadrv - ok
    18:46:50.0212 7744 [ 90f7d9e6b6f27e1a707d4a297f077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:46:50.0215 7744 MSiSCSI - ok
    18:46:50.0220 7744 msiserver - ok
    18:46:50.0269 7744 [ 8c0860d6366aaffb6c5bb9df9448e631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:46:50.0271 7744 MSKSSRV - ok
    18:46:50.0357 7744 [ 24516bf4e12a46cb67302e2cdcb8cddf ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:46:50.0357 7744 MsMpSvc - ok
    18:46:50.0375 7744 [ 3ea8b949f963562cedbb549eac0c11ce ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:46:50.0376 7744 MSPCLOCK - ok
    18:46:50.0402 7744 [ f456e973590d663b1073e9c463b40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:46:50.0403 7744 MSPQM - ok
    18:46:50.0421 7744 [ 0e008fc4819d238c51d7c93e7b41e560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:46:50.0424 7744 MsRPC - ok
    18:46:50.0468 7744 [ fc6b9ff600cc585ea38b12589bd4e246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:46:50.0477 7744 mssmbios - ok
    18:46:50.0561 7744 MSSQL$MICROSOFTSCM - ok
    18:46:50.0690 7744 [ f1761c8fb2b25a32c6d63e36bb88c3ae ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
    18:46:50.0692 7744 MSSQLServerADHelper100 - ok
    18:46:50.0738 7744 [ b42c6b921f61a6e55159b8be6cd54a36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:46:50.0739 7744 MSTEE - ok
    18:46:50.0754 7744 [ 33599130f44e1f34631cea241de8ac84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:46:50.0755 7744 MTConfig - ok
    18:46:50.0770 7744 [ 159fad02f64e6381758c990f753bcc80 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:46:50.0771 7744 Mup - ok
    18:46:50.0827 7744 [ 428c611928df3e96538a482117e659f7 ] NAL C:\Windows\system32\Drivers\iqvw32.sys
    18:46:50.0829 7744 NAL - ok
    18:46:50.0884 7744 [ 61d57a5d7c6d9afe10e77dae6e1b445e ] napagent C:\Windows\system32\qagentRT.dll
    18:46:50.0890 7744 napagent - ok
    18:46:50.0952 7744 [ 26384429fcd85d83746f63e798ab1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:46:50.0956 7744 NativeWifiP - ok
    18:46:51.0042 7744 [ c339d6bde0fa22ba79398ff743866db2 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:46:51.0068 7744 NDIS - ok
    18:46:51.0089 7744 [ 0e1787aa6c9191d3d319e8bafe86f80c ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:46:51.0091 7744 NdisCap - ok
    18:46:51.0134 7744 [ e4a8aec125a2e43a9e32afeea7c9c888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:46:51.0136 7744 NdisTapi - ok
    18:46:51.0167 7744 [ d8a65dafb3eb41cbb622745676fcd072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:46:51.0168 7744 Ndisuio - ok
    18:46:51.0212 7744 [ 38fbe267e7e6983311179230facb1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:46:51.0214 7744 NdisWan - ok
    18:46:51.0265 7744 [ a4bdc541e69674fbff1a8ff00be913f2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:46:51.0267 7744 NDProxy - ok
    18:46:51.0293 7744 [ 80b275b1ce3b0e79909db7b39af74d51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:46:51.0294 7744 NetBIOS - ok
    18:46:51.0345 7744 [ 280122ddcf04b378edd1ad54d71c1e54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:46:51.0348 7744 NetBT - ok
    18:46:51.0359 7744 [ 81951f51e318aecc2d68559e47485cc4 ] Netlogon C:\Windows\system32\lsass.exe
    18:46:51.0361 7744 Netlogon - ok
    18:46:51.0418 7744 [ 7cccfca7510684768da22092d1fa4db2 ] Netman C:\Windows\System32\netman.dll
    18:46:51.0424 7744 Netman - ok
    18:46:51.0453 7744 [ 8c338238c16777a802d6a9211eb2ba50 ] netprofm C:\Windows\System32\netprofm.dll
    18:46:51.0459 7744 netprofm - ok
    18:46:51.0481 7744 [ f476ec40033cdb91efbe73eb99b8362d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:46:51.0484 7744 NetTcpPortSharing - ok
    18:46:51.0524 7744 [ 1d85c4b390b0ee09c7a46b91efb2c097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:46:51.0525 7744 nfrd960 - ok
    18:46:51.0598 7744 [ b52f26bade7d7e4a79706e3fd91834cd ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:46:51.0599 7744 NisDrv - ok
    18:46:51.0627 7744 [ 290c0d4c4889398797f8df3be00b9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    18:46:51.0630 7744 NisSrv - ok
    18:46:51.0670 7744 [ 912084381d30d8b89ec4e293053f4710 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:46:51.0675 7744 NlaSvc - ok
    18:46:51.0688 7744 [ 1db262a9f8c087e8153d89bef3d2235f ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:46:51.0690 7744 Npfs - ok
    18:46:51.0730 7744 [ ba387e955e890c8a88306d9b8d06bf17 ] nsi C:\Windows\system32\nsisvc.dll
    18:46:51.0739 7744 nsi - ok
    18:46:51.0756 7744 [ e9a0a4d07e53d8fea2bb8387a3293c58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:46:51.0757 7744 nsiproxy - ok
    18:46:51.0819 7744 [ 81189c3d7763838e55c397759d49007a ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:46:51.0854 7744 Ntfs - ok
    18:46:51.0890 7744 [ f9756a98d69098dca8945d62858a812c ] Null C:\Windows\system32\drivers\Null.sys
    18:46:51.0891 7744 Null - ok
    18:46:51.0929 7744 [ b3e25ee28883877076e0e1ff877d02e0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:46:51.0931 7744 nvraid - ok
    18:46:51.0974 7744 [ 4380e59a170d88c4f1022eff6719a8a4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:46:51.0976 7744 nvstor - ok
    18:46:52.0010 7744 [ 5a0983915f02bae73267cc2a041f717d ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:46:52.0013 7744 nv_agp - ok
    18:46:52.0057 7744 [ 08a70a1f2cdde9bb49b885cb817a66eb ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:46:52.0063 7744 ohci1394 - ok
    18:46:52.0100 7744 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:46:52.0103 7744 ose - ok
    18:46:52.0278 7744 [ 358a9cca612c68eb2f07ddad4ce1d8d7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:46:52.0396 7744 osppsvc - ok
    18:46:52.0451 7744 [ 82a8521ddc60710c3d3d3e7325209bec ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:46:52.0456 7744 p2pimsvc - ok
    18:46:52.0509 7744 [ 59c3ddd501e39e006dac31bf55150d91 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:46:52.0524 7744 p2psvc - ok
    18:46:52.0566 7744 [ 2ea877ed5dd9713c5ac74e8ea7348d14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:46:52.0568 7744 Parport - ok
    18:46:52.0590 7744 Partizan - ok
    18:46:52.0621 7744 [ 3f34a1b4c5f6475f320c275e63afce9b ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:46:52.0623 7744 partmgr - ok
    18:46:52.0639 7744 [ eb0a59f29c19b86479d36b35983daadc ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    18:46:52.0640 7744 Parvdm - ok
    18:46:52.0659 7744 [ 358ab7956d3160000726574083dfc8a6 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:46:52.0664 7744 PcaSvc - ok
    18:46:52.0733 7744 [ 92fddbed716bf5c3cb766101563cfce5 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
    18:46:52.0738 7744 PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
    18:46:52.0776 7744 [ 673e55c3498eb970088e812ea820aa8f ] pci C:\Windows\system32\drivers\pci.sys
    18:46:52.0778 7744 pci - ok
    18:46:52.0811 7744 [ afe86f419014db4e5593f69ffe26ce0a ] pciide C:\Windows\system32\drivers\pciide.sys
    18:46:52.0812 7744 pciide - ok
    18:46:52.0832 7744 [ f396431b31693e71e8a80687ef523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:46:52.0835 7744 pcmcia - ok
    18:46:52.0849 7744 [ 250f6b43d2b613172035c6747aeeb19f ] pcw C:\Windows\system32\drivers\pcw.sys
    18:46:52.0850 7744 pcw - ok
    18:46:52.0877 7744 [ 9e0104ba49f4e6973749a02bf41344ed ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:46:52.0894 7744 PEAUTH - ok
    18:46:52.0972 7744 [ af4d64d2a57b9772cf3801950b8058a6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    18:46:53.0006 7744 PeerDistSvc - ok
    18:46:53.0121 7744 [ 414bba67a3ded1d28437eb66aeb8a720 ] pla C:\Windows\system32\pla.dll
    18:46:53.0163 7744 pla - ok
    18:46:53.0200 7744 [ 2aba2f545b35f9c6cc2cfc4e1d539a80 ] PLCNDIS5 C:\Windows\system32\PLCNDIS5.SYS
    18:46:53.0212 7744 PLCNDIS5 - ok
    18:46:53.0265 7744 [ ec7bc28d207da09e79b3e9faf8b232ca ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:46:53.0275 7744 PlugPlay - ok
    18:46:53.0285 7744 [ 63ff8572611249931eb16bb8eed6afc8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:46:53.0288 7744 PNRPAutoReg - ok
    18:46:53.0309 7744 [ 82a8521ddc60710c3d3d3e7325209bec ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:46:53.0312 7744 PNRPsvc - ok
    18:46:53.0373 7744 [ 896d916de06f5502d301e8c4dc442ae8 ] Point32 C:\Windows\system32\DRIVERS\point32.sys
    18:46:53.0375 7744 Point32 - ok
    18:46:53.0392 7744 [ 53946b69ba0836bd95b03759530c81ec ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:46:53.0397 7744 PolicyAgent - ok
    18:46:53.0445 7744 [ f87d30e72e03d579a5199ccb3831d6ea ] Power C:\Windows\system32\umpo.dll
    18:46:53.0449 7744 Power - ok
    18:46:53.0491 7744 [ 631e3e205ad6d86f2aed6a4a8e69f2db ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:46:53.0493 7744 PptpMiniport - ok
    18:46:53.0506 7744 [ 85b1e3a0c7585bc4aae6899ec6fcf011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:46:53.0508 7744 Processor - ok
    18:46:53.0585 7744 [ cadefac453040e370a1bdff3973be00d ] ProfSvc C:\Windows\system32\profsvc.dll
    18:46:53.0589 7744 ProfSvc - ok
    18:46:53.0599 7744 [ 81951f51e318aecc2d68559e47485cc4 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:46:53.0601 7744 ProtectedStorage - ok
    18:46:53.0644 7744 [ 6270ccae2a86de6d146529fe55b3246a ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:46:53.0647 7744 Psched - ok
    18:46:53.0694 7744 [ e7483be1e7a6fb16fc9ad6b54f99dee4 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    18:46:53.0697 7744 PSI_SVC_2 - ok
    18:46:53.0734 7744 [ 153d02480a0a2f45785522e814c634b6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
    18:46:53.0736 7744 PxHelp20 - ok
    18:46:53.0774 7744 [ ab95ecf1f6659a60ddc166d8315b0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:46:53.0809 7744 ql2300 - ok
    18:46:53.0841 7744 [ b4dd51dd25182244b86737dc51af2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:46:53.0843 7744 ql40xx - ok
    18:46:53.0902 7744 [ 31ac809e7707eb580b2bdb760390765a ] QWAVE C:\Windows\system32\qwave.dll
    18:46:53.0907 7744 QWAVE - ok
    18:46:53.0918 7744 [ 584078ca1b95ca72df2a27c336f9719d ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:46:53.0919 7744 QWAVEdrv - ok
    18:46:53.0936 7744 [ 30a81b53c766d0133bb86d234e5556ab ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:46:53.0938 7744 RasAcd - ok
    18:46:53.0979 7744 [ 57ec4aef73660166074d8f7f31c0d4fd ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:46:53.0981 7744 RasAgileVpn - ok
    18:46:54.0024 7744 [ a60f1839849c0c00739787fd5ec03f13 ] RasAuto C:\Windows\System32\rasauto.dll
    18:46:54.0027 7744 RasAuto - ok
    18:46:54.0052 7744 [ d9f91eafec2815365cbe6d167e4e332a ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:46:54.0054 7744 Rasl2tp - ok
    18:46:54.0106 7744 [ cb9e04dc05eacf5b9a36ca276d475006 ] RasMan C:\Windows\System32\rasmans.dll
    18:46:54.0116 7744 RasMan - ok
    18:46:54.0133 7744 [ 0fe8b15916307a6ac12bfb6a63e45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:46:54.0135 7744 RasPppoe - ok
    18:46:54.0151 7744 [ 44101f495a83ea6401d886e7fd70096b ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:46:54.0153 7744 RasSstp - ok
    18:46:54.0190 7744 [ d528bc58a489409ba40334ebf96a311b ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:46:54.0194 7744 rdbss - ok
    18:46:54.0205 7744 [ 0d8f05481cb76e70e1da06ee9f0da9df ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:46:54.0206 7744 rdpbus - ok
    18:46:54.0244 7744 [ 23dae03f29d253ae74c44f99e515f9a1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:46:54.0254 7744 RDPCDD - ok
    18:46:54.0296 7744 [ b973fcfc50dc1434e1970a146f7e3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    18:46:54.0299 7744 RDPDR - ok
    18:46:54.0341 7744 [ 5a53ca1598dd4156d44196d200c94b8a ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:46:54.0343 7744 RDPENCDD - ok
    18:46:54.0376 7744 [ 44b0a53cd4f27d50ed461dae0c0b4e1f ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:46:54.0378 7744 RDPREFMP - ok
    18:46:54.0430 7744 [ 68a0387f58e226deee23d9715955572a ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    18:46:54.0432 7744 RdpVideoMiniport - ok
    18:46:54.0473 7744 [ f031683e6d1fea157abb2ff260b51e61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:46:54.0476 7744 RDPWD - ok
    18:46:54.0530 7744 [ 518395321dc96fe2c9f0e96ac743b656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:46:54.0533 7744 rdyboost - ok
    18:46:54.0572 7744 [ 7b5e1419717fac363a31cc302895217a ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:46:54.0575 7744 RemoteAccess - ok
    18:46:54.0620 7744 [ cb9a8683f4ef2bf99e123d79950d7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:46:54.0624 7744 RemoteRegistry - ok
    18:46:54.0685 7744 [ cb928d9e6daf51879dd6ba8d02f01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
    18:46:54.0694 7744 RFCOMM - ok
    18:46:54.0741 7744 [ f17713d108aca124a139fde877eef68a ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys
    18:46:54.0743 7744 RimUsb - ok
    18:46:54.0758 7744 [ 2c4fb2e9f039287767c384e46ee91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
    18:46:54.0759 7744 RimVSerPort - ok
  9. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    18:46:54.0809 7744 [ 564297827d213f52c7a3a2ff749568ca ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
    18:46:54.0823 7744 ROOTMODEM - ok
    18:46:54.0940 7744 [ afd61a7c48a3e15c86a6fadf0b69a2e4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    18:46:54.0951 7744 Roxio UPnP Renderer 9 - ok
    18:46:54.0965 7744 [ efbb36e2bb02169d26e9980778fc20d3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    18:46:54.0970 7744 Roxio Upnp Server 9 - ok
    18:46:55.0110 7744 [ 78e680a105f47b6aa0003bd23ed9fa51 ] RoxLiveShare9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    18:46:55.0115 7744 RoxLiveShare9 - ok
    18:46:55.0169 7744 [ 9d5c024170c376d7cc66ed853fda9068 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    18:46:55.0203 7744 RoxMediaDB9 - ok
    18:46:55.0267 7744 [ 87f175539dbba297018aa7fcdd563ff7 ] RoxWatch9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    18:46:55.0275 7744 RoxWatch9 - ok
    18:46:55.0330 7744 [ 78d072f35bc45d9e4e1b61895c152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:46:55.0334 7744 RpcEptMapper - ok
    18:46:55.0371 7744 [ 94d36c0e44677dd26981d2bfeef2a29d ] RpcLocator C:\Windows\system32\locator.exe
    18:46:55.0374 7744 RpcLocator - ok
    18:46:55.0412 7744 [ 7660f01d3b38aca1747e397d21d790af ] RpcSs C:\Windows\system32\rpcss.dll
    18:46:55.0417 7744 RpcSs - ok
    18:46:55.0473 7744 [ fd692c6ffade58f7c4c3c3c9a0ec35bd ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys
    18:46:55.0476 7744 RsFx0103 - ok
    18:46:55.0527 7744 [ 032b0d36ad92b582d869879f5af5b928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:46:55.0529 7744 rspndr - ok
    18:46:55.0565 7744 [ 7fa7f2e249a5dcbb7970630e15e1f482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    18:46:55.0567 7744 s3cap - ok
    18:46:55.0583 7744 [ 81951f51e318aecc2d68559e47485cc4 ] SamSs C:\Windows\system32\lsass.exe
    18:46:55.0585 7744 SamSs - ok
    18:46:55.0666 7744 [ 361094945053c2c04312ef2e5f14eeaf ] SANDRA C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\WNt500x86\Sandra.sys
    18:46:55.0668 7744 SANDRA - ok
    18:46:55.0684 7744 [ 201c4ca2beb6152b0238dea13f9ee85d ] SandraAgentSrv C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe
    18:46:55.0686 7744 SandraAgentSrv - ok
    18:46:55.0727 7744 [ 39763504067962108505bff25f024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:46:55.0729 7744 SASDIFSV - ok
    18:46:55.0774 7744 [ 77b9fc20084b48408ad3e87570eb4a85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    18:46:55.0775 7744 SASKUTIL - ok
    18:46:55.0818 7744 [ 05d860da1040f111503ac416ccef2bca ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:46:55.0820 7744 sbp2port - ok
    18:46:55.0917 7744 [ 794d4b48dfb6e999537c7c3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    18:46:55.0931 7744 SBSDWSCService - ok
    18:46:55.0976 7744 [ 8fc518ffe9519c2631d37515a68009c4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:46:55.0981 7744 SCardSvr - ok
    18:46:56.0022 7744 [ 0693b5ec673e34dc147e195779a4dcf6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:46:56.0023 7744 scfilter - ok
    18:46:56.0070 7744 [ a04bb13f8a72f8b6e8b4071723e4e336 ] Schedule C:\Windows\system32\schedsvc.dll
    18:46:56.0113 7744 Schedule - ok
    18:46:56.0149 7744 [ 319c6b309773d063541d01df8ac6f55f ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:46:56.0150 7744 SCPolicySvc - ok
    18:46:56.0192 7744 [ 08236c4bce5edd0a0318a438af28e0f7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:46:56.0196 7744 SDRSVC - ok
    18:46:56.0249 7744 [ 90a3935d05b494a5a39d37e71f09a677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:46:56.0251 7744 secdrv - ok
    18:46:56.0266 7744 [ a59b3a4442c52060cc7a85293aa3546f ] seclogon C:\Windows\system32\seclogon.dll
    18:46:56.0269 7744 seclogon - ok
    18:46:56.0327 7744 [ dcb7fcdcc97f87360f75d77425b81737 ] SENS C:\Windows\system32\sens.dll
    18:46:56.0330 7744 SENS - ok
    18:46:56.0364 7744 [ 50087fe1ee447009c9cc2997b90de53f ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:46:56.0367 7744 SensrSvc - ok
    18:46:56.0381 7744 [ 9ad8b8b515e3df6acd4212ef465de2d1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:46:56.0383 7744 Serenum - ok
    18:46:56.0397 7744 [ 5fb7fcea0490d821f26f39cc5ea3d1e2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:46:56.0399 7744 Serial - ok
    18:46:56.0439 7744 [ 79bffb520327ff916a582dfea17aa813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:46:56.0452 7744 sermouse - ok
    18:46:56.0505 7744 [ 4ae380f39a0032eab7dd953030b26d28 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:46:56.0509 7744 SessionEnv - ok
    18:46:56.0545 7744 [ 9f976e1eb233df46fce808d9dea3eb9c ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:46:56.0546 7744 sffdisk - ok
    18:46:56.0561 7744 [ 932a68ee27833cfd57c1639d375f2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:46:56.0563 7744 sffp_mmc - ok
    18:46:56.0575 7744 [ 6d4ccaedc018f1cf52866bbbaa235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:46:56.0576 7744 sffp_sd - ok
    18:46:56.0595 7744 [ db96666cc8312ebc45032f30b007a547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:46:56.0596 7744 sfloppy - ok
    18:46:56.0658 7744 [ d1a079a0de2ea524513b6930c24527a2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:46:56.0663 7744 SharedAccess - ok
    18:46:56.0718 7744 [ 414da952a35bf5d50192e28263b40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:46:56.0736 7744 ShellHWDetection - ok
    18:46:56.0781 7744 [ 3ead8e1668ce42a0afe41d56e7157bcf ] silabenm C:\Windows\system32\DRIVERS\silabenm.sys
    18:46:56.0782 7744 silabenm - ok
    18:46:56.0822 7744 [ 177d3ebf3e236a272d769c14f73ecc3e ] silabser C:\Windows\system32\DRIVERS\silabser.sys
    18:46:56.0824 7744 silabser - ok
    18:46:56.0857 7744 [ 2565cac0dc9fe0371bdce60832582b2e ] sisagp C:\Windows\system32\drivers\sisagp.sys
    18:46:56.0859 7744 sisagp - ok
    18:46:56.0902 7744 [ a9f0486851becb6dda1d89d381e71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:46:56.0903 7744 SiSRaid2 - ok
    18:46:56.0917 7744 [ 3727097b55738e2f554972c3be5bc1aa ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:46:56.0919 7744 SiSRaid4 - ok
    18:46:57.0005 7744 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    18:46:57.0008 7744 SkypeUpdate - ok
    18:46:57.0087 7744 [ 0973bd0931bf4d0dfb1885bd464e9766 ] SlingAgentService C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    18:46:57.0089 7744 SlingAgentService - ok
    18:46:57.0132 7744 [ 3e21c083b8a01cb70ba1f09303010fce ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:46:57.0134 7744 Smb - ok
    18:46:57.0189 7744 [ 85bada660d57bc5aef52b11cabd6d8f9 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
    18:46:57.0192 7744 snapman - ok
    18:46:57.0238 7744 [ 6a984831644eca1a33ffeae4126f4f37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:46:57.0241 7744 SNMPTRAP - ok
    18:46:57.0280 7744 [ 95cf1ae7527fb70f7816563cbc09d942 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:46:57.0288 7744 spldr - ok
    18:46:57.0340 7744 [ 9aea093b8f9c37cf45538382caba2475 ] Spooler C:\Windows\System32\spoolsv.exe
    18:46:57.0346 7744 Spooler - ok
    18:46:57.0436 7744 [ cf87a1de791347e75b98885214ced2b8 ] sppsvc C:\Windows\system32\sppsvc.exe
    18:46:57.0506 7744 sppsvc - ok
    18:46:57.0544 7744 [ b0180b20b065d89232a78a40fe56eaa6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:46:57.0547 7744 sppuinotify - ok
    18:46:57.0628 7744 [ cdddec541bc3c96f91ecb48759673505 ] sptd C:\Windows\system32\Drivers\sptd.sys
    18:46:57.0628 7744 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
    18:46:57.0630 7744 sptd ( LockedFile.Multi.Generic ) - warning
    18:46:57.0630 7744 sptd - detected LockedFile.Multi.Generic (1)
    18:46:57.0693 7744 [ a687b5b326afcfcf182c4931d1ff9771 ] SQLAgent$MICROSOFTSCM c:\Program Files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\SQLAGENT.EXE
    18:46:57.0698 7744 SQLAgent$MICROSOFTSCM - ok
    18:46:57.0774 7744 [ b54b48f6d92423440c264e91225c5ff1 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    18:46:57.0778 7744 SQLBrowser - ok
    18:46:57.0822 7744 [ 637a0f23f9012358e92e6f99835494d1 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    18:46:57.0824 7744 SQLWriter - ok
    18:46:57.0871 7744 [ e4c2764065d66ea1d2d3ebc28fe99c46 ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:46:57.0884 7744 srv - ok
    18:46:57.0928 7744 [ 03f0545bd8d4c77fa0ae1ceedfcc71ab ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:46:57.0934 7744 srv2 - ok
    18:46:57.0972 7744 [ be6bd660caa6f291ae06a718a4fa8abc ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:46:57.0975 7744 srvnet - ok
    18:46:58.0020 7744 [ d887c9fd02ac9fa880f6e5027a43e118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:46:58.0024 7744 SSDPSRV - ok
    18:46:58.0038 7744 [ d318f23be45d5e3a107469eb64815b50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:46:58.0042 7744 SstpSvc - ok
    18:46:58.0134 7744 [ b1691af4a072cb674d600db16dd7308e ] StarWindServiceAE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    18:46:58.0138 7744 StarWindServiceAE - ok
    18:46:58.0182 7744 [ db32d325c192b801df274bfd12a7e72b ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:46:58.0183 7744 stexstor - ok
    18:46:58.0227 7744 [ 167909a1c36aa3e8f2582962f0ccc748 ] STHDA C:\Windows\system32\drivers\stwrt.sys
    18:46:58.0231 7744 STHDA - ok
    18:46:58.0275 7744 [ e1fb3706030fb4578a0d72c2fc3689e4 ] StiSvc C:\Windows\System32\wiaservc.dll
    18:46:58.0317 7744 StiSvc - ok
    18:46:58.0394 7744 [ 7489520e98a119b5a9a00857f4f87d16 ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    18:46:58.0396 7744 stllssvr - ok
    18:46:58.0430 7744 [ 472af0311073dceceaa8fa18ba2bdf89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    18:46:58.0432 7744 storflt - ok
    18:46:58.0471 7744 [ dcaffd62259e0bdb433dd67b5bb37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    18:46:58.0473 7744 storvsc - ok
    18:46:58.0508 7744 [ e58c78a848add9610a4db6d214af5224 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:46:58.0512 7744 swenum - ok
    18:46:58.0557 7744 [ a28bd92df340e57b024ba433165d34d7 ] swprv C:\Windows\System32\swprv.dll
    18:46:58.0563 7744 swprv - ok
    18:46:58.0582 7744 Synth3dVsc - ok
    18:46:58.0640 7744 [ 36650d618ca34c9d357dfd3d89b2c56f ] SysMain C:\Windows\system32\sysmain.dll
    18:46:58.0683 7744 SysMain - ok
    18:46:58.0708 7744 [ 763fecdc3d30c815fe72dd57936c6cd1 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:46:58.0712 7744 TabletInputService - ok
    18:46:58.0782 7744 [ 613bf4820361543956909043a265c6ac ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:46:58.0789 7744 TapiSrv - ok
    18:46:58.0802 7744 [ b799d9fdb26111737f58288d8dc172d9 ] TBS C:\Windows\System32\tbssvc.dll
    18:46:58.0806 7744 TBS - ok
    18:46:58.0899 7744 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:46:58.0926 7744 Tcpip - ok
    18:46:58.0990 7744 [ 7fa2e0f8b072bd04b77b421480b6cc22 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:46:58.0998 7744 TCPIP6 - ok
    18:46:59.0053 7744 [ cca24162e055c3714ce5a88b100c64ed ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:46:59.0055 7744 tcpipreg - ok
    18:46:59.0094 7744 [ 1cb91b2bd8f6dd367dfc2ef26fd751b2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:46:59.0095 7744 TDPIPE - ok
    18:46:59.0165 7744 [ 431801fcc97034e04a6eff81136578d7 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
    18:46:59.0183 7744 tdrpman273 - ok
    18:46:59.0219 7744 [ 2c2c5afe7ee4f620d69c23c0617651a8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:46:59.0221 7744 TDTCP - ok
    18:46:59.0273 7744 [ b459575348c20e8121d6039da063c704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:46:59.0281 7744 tdx - ok
    18:46:59.0419 7744 [ 8a9828975a857e477efef5a61ba45ac0 ] TeamViewer6 C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    18:46:59.0471 7744 TeamViewer6 - ok
    18:46:59.0486 7744 [ 04dbf4b01ea4bf25a9a3e84affac9b20 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:46:59.0488 7744 TermDD - ok
    18:46:59.0530 7744 [ 382c804c92811be57829d8e550a900e2 ] TermService C:\Windows\System32\termsrv.dll
    18:46:59.0539 7744 TermService - ok
    18:46:59.0573 7744 [ 42fb6afd6b79d9fe07381609172e7ca4 ] Themes C:\Windows\system32\themeservice.dll
    18:46:59.0577 7744 Themes - ok
    18:46:59.0587 7744 [ 146b6f43a673379a3c670e86d89be5ea ] THREADORDER C:\Windows\system32\mmcss.dll
    18:46:59.0589 7744 THREADORDER - ok
    18:46:59.0654 7744 [ a34d7024bb7140ec785c86bc065d4f60 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
    18:46:59.0671 7744 timounter - ok
    18:46:59.0719 7744 [ 4792c0378db99a9bc2ae2de6cfff0c3a ] TrkWks C:\Windows\System32\trkwks.dll
    18:46:59.0723 7744 TrkWks - ok
    18:46:59.0781 7744 [ 2c49b175aee1d4364b91b531417fe583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:46:59.0785 7744 TrustedInstaller - ok
    18:46:59.0828 7744 [ 254bb140eee3c59d6114c1a86b636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:46:59.0829 7744 tssecsrv - ok
    18:46:59.0882 7744 [ fd1d6c73e6333be727cbcc6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:46:59.0884 7744 TsUsbFlt - ok
    18:46:59.0889 7744 tsusbhub - ok
    18:46:59.0955 7744 [ b2fa25d9b17a68bb93d58b0556e8c90d ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:46:59.0957 7744 tunnel - ok
    18:46:59.0987 7744 [ 750fbcb269f4d7dd2e420c56b795db6d ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:46:59.0997 7744 uagp35 - ok
    18:47:00.0021 7744 [ ee43346c7e4b5e63e54f927babbb32ff ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:47:00.0025 7744 udfs - ok
    18:47:00.0130 7744 [ 60217ba49d2796ea149ded4d030af728 ] ufad-ws60 C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
    18:47:00.0141 7744 ufad-ws60 - ok
    18:47:00.0188 7744 [ 8344fd4fce927880aa1aa7681d4927e5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:47:00.0191 7744 UI0Detect - ok
    18:47:00.0232 7744 [ 44e8048ace47befbfdc2e9be4cbc8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:47:00.0234 7744 uliagpkx - ok
    18:47:00.0304 7744 [ d295bed4b898f0fd999fcfa9b32b071b ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    18:47:00.0305 7744 umbus - ok
    18:47:00.0323 7744 [ 7550ad0c6998ba1cb4843e920ee0feac ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:47:00.0324 7744 UmPass - ok
    18:47:00.0393 7744 [ 409994a8eaceee4e328749c0353527a0 ] UmRdpService C:\Windows\System32\umrdp.dll
    18:47:00.0398 7744 UmRdpService - ok
    18:47:00.0415 7744 [ 833fbb672460efce8011d262175fad33 ] upnphost C:\Windows\System32\upnphost.dll
    18:47:00.0422 7744 upnphost - ok
    18:47:00.0476 7744 [ eafe1e00739afe6c51487a050e772e17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
    18:47:00.0478 7744 USBAAPL - ok
    18:47:00.0532 7744 [ 1d9f2bd026e8e2d45033a4df3f16b78c ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
    18:47:00.0534 7744 usbaudio - ok
    18:47:00.0561 7744 [ bd9c55d7023c5de374507acc7a14e2ac ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
  10. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    18:47:00.0563 7744 usbccgp - ok
    18:47:00.0580 7744 [ 04ec7cec62ec3b6d9354eee93327fc82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:47:00.0582 7744 usbcir - ok
    18:47:00.0601 7744 [ f92de757e4b7ce9c07c5e65423f3ae3b ] usbehci C:\Windows\system32\drivers\usbehci.sys
    18:47:00.0603 7744 usbehci - ok
    18:47:00.0618 7744 [ 8dc94aec6a7e644a06135ae7506dc2e9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:47:00.0623 7744 usbhub - ok
    18:47:00.0662 7744 [ e185d44fac515a18d9deddc23c2cdf44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    18:47:00.0678 7744 usbohci - ok
    18:47:00.0734 7744 [ 797d862fe0875e75c7cc4c1ad7b30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:47:00.0752 7744 usbprint - ok
    18:47:00.0804 7744 [ 576096ccbc07e7c4ea4f5e6686d6888f ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    18:47:00.0806 7744 usbscan - ok
    18:47:00.0843 7744 [ f991ab9cc6b908db552166768176896a ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:47:00.0852 7744 USBSTOR - ok
    18:47:00.0871 7744 [ 68df884cf41cdada664beb01daf67e3d ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:47:00.0872 7744 usbuhci - ok
    18:47:00.0912 7744 [ 081e6e1c91aec36758902a9f727cd23c ] UxSms C:\Windows\System32\uxsms.dll
    18:47:00.0922 7744 UxSms - ok
    18:47:00.0938 7744 [ 81951f51e318aecc2d68559e47485cc4 ] VaultSvc C:\Windows\system32\lsass.exe
    18:47:00.0940 7744 VaultSvc - ok
    18:47:00.0991 7744 [ a059c4c3edb09e07d21a8e5c0aabd3cb ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:47:00.0993 7744 vdrvroot - ok
    18:47:01.0056 7744 [ c3cd30495687c2a2f66a65ca6fd89be9 ] vds C:\Windows\System32\vds.exe
    18:47:01.0073 7744 vds - ok
    18:47:01.0113 7744 [ 17c408214ea61696cec9c66e388b14f3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:47:01.0114 7744 vga - ok
    18:47:01.0130 7744 [ 8e38096ad5c8570a6f1570a61e251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:47:01.0131 7744 VgaSave - ok
    18:47:01.0136 7744 VGPU - ok
    18:47:01.0153 7744 [ 5461686cca2fda57b024547733ab42e3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:47:01.0156 7744 vhdmp - ok
    18:47:01.0197 7744 [ c829317a37b4bea8f39735d4b076e923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    18:47:01.0199 7744 viaagp - ok
    18:47:01.0229 7744 [ e02f079a6aa107f06b16549c6e5c7b74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
    18:47:01.0230 7744 ViaC7 - ok
    18:47:01.0268 7744 [ e43574f6a56a0ee11809b48c09e4fd3c ] viaide C:\Windows\system32\drivers\viaide.sys
    18:47:01.0269 7744 viaide - ok
    18:47:01.0311 7744 [ 54405be685c69db2f105dacd0979f02c ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    18:47:01.0313 7744 VMAuthdService - ok
    18:47:01.0331 7744 [ c2f2911156fdc7817c52829c86da494e ] vmbus C:\Windows\system32\drivers\vmbus.sys
    18:47:01.0334 7744 vmbus - ok
    18:47:01.0345 7744 [ d4d77455211e204f370d08f4963063ce ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    18:47:01.0346 7744 VMBusHID - ok
    18:47:01.0378 7744 [ bf327b6ae50c0d5d1cc7aa49cf56c9f3 ] vmci C:\Windows\system32\Drivers\vmci.sys
    18:47:01.0380 7744 vmci - ok
    18:47:01.0412 7744 [ 47755d44592212c8e609b0bb36227a4b ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
    18:47:01.0416 7744 vmkbd - ok
    18:47:01.0457 7744 [ 5692cbd2a25e04c62707bfc311884b65 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
    18:47:01.0458 7744 VMnetBridge - ok
    18:47:01.0492 7744 [ 94b88227432c3b8c7e2bc1c9199adfd2 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
    18:47:01.0498 7744 VMnetDHCP - ok
    18:47:01.0512 7744 [ 6a1b3f7d9e25929fd42712ab80aebf62 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
    18:47:01.0513 7744 VMnetuserif - ok
    18:47:01.0576 7744 [ a50ba461a8b81ab21fb206b8b0c6fb0e ] VMware NAT Service C:\Windows\system32\vmnat.exe
    18:47:01.0593 7744 VMware NAT Service - ok
    18:47:01.0621 7744 [ 925faad003f782057f1e0eea0797900e ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
    18:47:01.0632 7744 vmx86 - ok
    18:47:01.0649 7744 [ 4c63e00f2f4b5f86ab48a58cd990f212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:47:01.0651 7744 volmgr - ok
    18:47:01.0688 7744 [ b5bb72067ddddbbfb04b2f89ff8c3c87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:47:01.0692 7744 volmgrx - ok
    18:47:01.0707 7744 [ f497f67932c6fa693d7de2780631cfe7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:47:01.0711 7744 volsnap - ok
    18:47:01.0761 7744 [ b26536add1d748cda104d856c979ae79 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
    18:47:01.0764 7744 vpcbus - ok
    18:47:01.0810 7744 [ a0f7e923a6261760130f22b85df9040e ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
    18:47:01.0812 7744 vpcnfltr - ok
    18:47:01.0827 7744 [ 5f4b55e91ce7e2523c9e1e0ece858869 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
    18:47:01.0829 7744 vpcusb - ok
    18:47:01.0926 7744 [ b487191fe18d6863381a1ac55482469a ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
    18:47:01.0931 7744 vpcvmm - ok
    18:47:01.0976 7744 [ 9dfa0cc2f8855a04816729651175b631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:47:01.0979 7744 vsmraid - ok
    18:47:02.0056 7744 [ 209a3b1901b83aeb8527ed211cce9e4c ] VSS C:\Windows\system32\vssvc.exe
    18:47:02.0089 7744 VSS - ok
    18:47:02.0202 7744 [ 682fcf7d2eb5158cd30408e976562408 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
    18:47:02.0217 7744 VSTHWBS2 - ok
    18:47:02.0266 7744 [ e4fa7aff5046fc49de22e903b7e35add ] vstor2-ws60 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
    18:47:02.0285 7744 vstor2-ws60 - ok
    18:47:02.0328 7744 [ ceb4e3b6890e1e42dca6694d9e59e1a0 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
    18:47:02.0379 7744 VST_DPV - ok
    18:47:02.0401 7744 [ 90567b1e658001e79d7c8bbd3dde5aa6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    18:47:02.0402 7744 vwifibus - ok
    18:47:02.0499 7744 [ ca8e534392bc862b4f882718a4493c4b ] VX6000 C:\Windows\system32\DRIVERS\VX6000Xp.sys
    18:47:02.0560 7744 VX6000 - ok
    18:47:02.0605 7744 [ 55187fd710e27d5095d10a472c8baf1c ] W32Time C:\Windows\system32\w32time.dll
    18:47:02.0625 7744 W32Time - ok
    18:47:02.0647 7744 [ de3721e89c653aa281428c8a69745d90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:47:02.0649 7744 WacomPen - ok
    18:47:02.0703 7744 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:47:02.0705 7744 WANARP - ok
    18:47:02.0709 7744 [ 3c3c78515f5ab448b022bdf5b8ffdd2e ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:47:02.0710 7744 Wanarpv6 - ok
    18:47:02.0791 7744 [ 353a04c273ec58475d8633e75ccd5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:47:02.0817 7744 WatAdminSvc - ok
    18:47:02.0878 7744 [ 691e3285e53dca558e1a84667f13e15a ] wbengine C:\Windows\system32\wbengine.exe
    18:47:02.0913 7744 wbengine - ok
    18:47:02.0933 7744 [ 9614b5d29dc76ac3c29f6d2d3aa70e67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:47:02.0939 7744 WbioSrvc - ok
    18:47:02.0974 7744 [ 34eee0dfaadb4f691d6d5308a51315dc ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:47:02.0980 7744 wcncsvc - ok
    18:47:02.0996 7744 [ 5d930b6357a6d2af4d7653bdabbf352f ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:47:03.0000 7744 WcsPlugInService - ok
    18:47:03.0020 7744 [ 1112a9badacb47b7c0bb0392e3158dff ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:47:03.0022 7744 Wd - ok
    18:47:03.0045 7744 [ 9950e3d0f08141c7e89e64456ae7dc73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:47:03.0052 7744 Wdf01000 - ok
    18:47:03.0067 7744 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:47:03.0071 7744 WdiServiceHost - ok
    18:47:03.0084 7744 [ 46ef9dc96265fd0b423db72e7c38c2a5 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:47:03.0087 7744 WdiSystemHost - ok
    18:47:03.0125 7744 [ a9d880f97530d5b8fee278923349929d ] WebClient C:\Windows\System32\webclnt.dll
    18:47:03.0134 7744 WebClient - ok
    18:47:03.0155 7744 [ 760f0afe937a77cff27153206534f275 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:47:03.0160 7744 Wecsvc - ok
    18:47:03.0170 7744 [ ac804569bb2364fb6017370258a4091b ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:47:03.0174 7744 wercplsupport - ok
    18:47:03.0223 7744 [ 08e420d873e4fd85241ee2421b02c4a4 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:47:03.0227 7744 WerSvc - ok
    18:47:03.0275 7744 [ 8b9a943f3b53861f2bfaf6c186168f79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:47:03.0277 7744 WfpLwf - ok
    18:47:03.0291 7744 [ 5cf95b35e59e2a38023836fff31be64c ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:47:03.0293 7744 WIMMount - ok
    18:47:03.0318 7744 [ bc0c7ea89194c299f051c24119000e17 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
    18:47:03.0327 7744 winachsf - ok
    18:47:03.0406 7744 [ 3fae8f94296001c32eab62cd7d82e0fd ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    18:47:03.0424 7744 WinDefend - ok
    18:47:03.0430 7744 WinHttpAutoProxySvc - ok
    18:47:03.0509 7744 [ f62e510b6ad4c21eb9fe8668ed251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:47:03.0511 7744 Winmgmt - ok
    18:47:03.0574 7744 [ 1b91cd34ea3a90ab6a4ef0550174f4cc ] WinRM C:\Windows\system32\WsmSvc.dll
    18:47:03.0609 7744 WinRM - ok
    18:47:03.0678 7744 [ a67e5f9a400f3bd1be3d80613b45f708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:47:03.0680 7744 WinUsb - ok
    18:47:03.0793 7744 [ a5c691ae2899a31c03aa9ec7dd07d7a0 ] WinVNC4 C:\Program Files\RealVNC\VNC4\WinVNC4.exe
    18:47:03.0845 7744 WinVNC4 - ok
    18:47:03.0895 7744 [ 16935c98ff639d185086a3529b1f2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:47:03.0945 7744 Wlansvc - ok
    18:47:04.0055 7744 [ 5144ae67d60ec653f97ddf3feed29e77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:47:04.0098 7744 wlidsvc - ok
    18:47:04.0134 7744 [ 0217679b8fca58714c3bf2726d2ca84e ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:47:04.0151 7744 WmiAcpi - ok
    18:47:04.0200 7744 [ 6eb6b66517b048d87dc1856ddf1f4c3f ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:47:04.0203 7744 wmiApSrv - ok
    18:47:04.0309 7744 [ 3b40d3a61aa8c21b88ae57c58ab3122e ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    18:47:04.0335 7744 WMPNetworkSvc - ok
    18:47:04.0373 7744 [ a2f0ec770a92f2b3f9de6d518e11409c ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:47:04.0376 7744 WPCSvc - ok
    18:47:04.0418 7744 [ aa53356d60af47eacc85bc617a4f3f66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:47:04.0423 7744 WPDBusEnum - ok
    18:47:04.0459 7744 [ 6db3276587b853bf886b69528fdb048c ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:47:04.0460 7744 ws2ifsl - ok
    18:47:04.0521 7744 [ 6f5d49efe0e7164e03ae773a3fe25340 ] wscsvc C:\Windows\system32\wscsvc.dll
    18:47:04.0525 7744 wscsvc - ok
    18:47:04.0530 7744 WSearch - ok
    18:47:04.0689 7744 [ fc3ec24fce372c89423e015a2ac1a31e ] wuauserv C:\Windows\system32\wuaueng.dll
    18:47:04.0739 7744 wuauserv - ok
    18:47:04.0753 7744 [ e714a1c0354636837e20ccbf00888ee7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:47:04.0755 7744 WudfPf - ok
    18:47:04.0812 7744 [ 1023ee888c9b47178c5293ed5336ab69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:47:04.0815 7744 WUDFRd - ok
    18:47:04.0870 7744 [ 8d1e1e529a2c9e9b6a85b55a345f7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:47:04.0874 7744 wudfsvc - ok
    18:47:04.0915 7744 [ ff2d745b560f7c71b31f30f4d49f73d2 ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:47:04.0920 7744 WwanSvc - ok
    18:47:04.0954 7744 [ 6d87c2dad885a8a98b9d2ad680a4086e ] XE102Mp5 C:\Windows\system32\Drivers\XE102Mp5.sys
    18:47:04.0969 7744 XE102Mp5 - ok
    18:47:04.0991 7744 [ 8368bd6dee11a749b7db2b64648dd0d4 ] XE102Sp5 C:\Windows\system32\Drivers\XE102Sp5.sys
    18:47:04.0992 7744 XE102Sp5 - ok
    18:47:05.0003 7744 ================ Scan global ===============================
    18:47:05.0058 7744 (dab748ae0439955ed2fa22357533dddb) C:\Windows\system32\basesrv.dll
    18:47:05.0093 7744 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
    18:47:05.0108 7744 (183b4188d5d91b271613ec3efd1b3cef) C:\Windows\system32\winsrv.dll
    18:47:05.0147 7744 (364455805e64882844ee9acb72522830) C:\Windows\system32\sxssrv.dll
    18:47:05.0185 7744 (5f1b6a9c35d3d5ca72d6d6fdef9747d6) C:\Windows\system32\services.exe
    18:47:05.0190 7744 [Global] - ok
    18:47:05.0191 7744 ================ Scan MBR ==================================
    18:47:05.0203 7744 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    18:47:05.0744 7744 \Device\Harddisk0\DR0 - ok
    18:47:05.0752 7744 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR3
    18:47:05.0790 7744 \Device\Harddisk3\DR3 - ok
    18:47:05.0794 7744 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk5\DR5
    18:47:05.0799 7744 \Device\Harddisk5\DR5 - ok
    18:47:05.0800 7744 ================ Scan VBR ==================================
    18:47:05.0825 7744 Boot (0x1200) (173dbb5fc803f4bb3b92ded59212312c) \Device\Harddisk0\DR0\Partition1
    18:47:05.0842 7744 \Device\Harddisk0\DR0\Partition1 - ok
    18:47:05.0865 7744 Boot (0x1200) (827794e2647edcb93718b3d8f7447a0e) \Device\Harddisk0\DR0\Partition2
    18:47:05.0867 7744 \Device\Harddisk0\DR0\Partition2 - ok
    18:47:05.0872 7744 Boot (0x1200) (cbbd46975ba897d6f25049bf9ea2206a) \Device\Harddisk3\DR3\Partition1
    18:47:05.0874 7744 \Device\Harddisk3\DR3\Partition1 - ok
    18:47:05.0877 7744 Boot (0x1200) (6b61feff5c335ea1239eb52fc6ccdf96) \Device\Harddisk5\DR5\Partition1
    18:47:05.0880 7744 \Device\Harddisk5\DR5\Partition1 - ok
    18:47:05.0880 7744 ============================================================
    18:47:05.0880 7744 Scan finished
    18:47:05.0880 7744 ============================================================
    18:47:05.0898 9136 Detected object count: 1
    18:47:05.0898 9136 Actual detected object count: 1
    18:47:09.0040 9136 sptd ( LockedFile.Multi.Generic ) - skipped by user
    18:47:09.0040 9136 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
  11. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    ComboFix 12-08-18.03 - Reginald 08/18/2012 21:29:12.3.4 - x86
    Running from: c:\users\Reginald\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
    c:\programdata\Safe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-19 03:43 . 2012-08-19 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-18 14:28 . 2012-08-18 14:28 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\offreg.dll
    2012-08-18 14:27 . 2012-08-18 14:27 -------- d-----w- c:\users\Reginald\AppData\Roaming\Anvisoft
    2012-08-18 14:27 . 2012-07-13 05:49 14160 ----a-w- c:\windows\system32\drivers\asdws.sys
    2012-08-18 14:27 . 2012-07-13 05:49 22864 ----a-w- c:\windows\system32\drivers\asdrs.sys
    2012-08-18 14:27 . 2012-07-13 05:49 16208 ----a-w- c:\windows\system32\drivers\asdrm.sys
    2012-08-18 14:27 . 2012-08-18 14:27 -------- d-----w- c:\programdata\Anvisoft
    2012-08-18 14:27 . 2012-08-18 14:27 -------- d-----w- c:\program files\Anvisoft
    2012-08-18 13:39 . 2012-08-18 13:39 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\MpKsl7ad2c85a.sys
    2012-08-17 20:51 . 2009-08-20 05:50 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2012-08-17 20:47 . 2012-07-30 20:52 103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2012-08-17 19:02 . 2012-07-16 08:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\mpengine.dll
    2012-08-17 16:23 . 2012-08-17 16:23 -------- d-----w- c:\program files\ESET
    2012-08-16 17:25 . 2012-08-17 14:20 -------- d-----w- c:\users\Reginald\AppData\Roaming\ActiveWords 2.0
    2012-08-16 17:25 . 2012-08-16 17:25 -------- d-----w- c:\programdata\Licenses
    2012-08-16 17:25 . 2012-08-16 17:25 232915 ----a-w- c:\windows\ActiveWords Uninstaller.exe
    2012-08-16 17:25 . 2012-08-16 17:25 -------- d-----w- c:\program files\Common Files\orangequava
    2012-08-16 17:25 . 2012-08-16 17:25 -------- d-----w- c:\program files\ActiveWords
    2012-08-16 13:42 . 2012-07-16 08:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-08-16 13:13 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
    2012-08-16 13:09 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-08-16 13:09 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
    2012-08-16 13:09 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
    2012-08-16 13:09 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
    2012-08-16 13:09 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
    2012-08-15 23:44 . 2012-08-15 23:44 -------- d-----w- c:\program files\AirPort
    2012-08-15 15:23 . 2012-08-15 15:23 -------- d-----w- C:\Backreg
    2012-08-15 12:10 . 2012-08-15 12:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2012-08-15 12:10 . 2012-08-15 12:10 -------- d-----w- c:\program files\LSoft Technologies
    2012-08-15 03:59 . 2012-08-15 03:59 -------- d-----w- c:\windows\RestoreSafeDeleted
    2012-08-15 03:52 . 2012-08-15 15:17 -------- d-----w- c:\program files\UnHackMe
    2012-08-15 03:28 . 2012-08-15 03:28 2 --shatr- c:\windows\winstart.bat
    2012-08-15 03:28 . 2012-08-15 03:28 -------- d-----w- c:\program files\Greatis
    2012-08-15 03:23 . 2012-08-15 15:10 -------- d-----w- c:\programdata\RegRun
    2012-08-15 02:08 . 2012-08-15 02:10 -------- d-----w- c:\programdata\HitmanPro
    2012-08-15 01:14 . 2012-02-09 20:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93354889-7EA1-40C7-AC78-80F571619CC8}\gapaengine.dll
    2012-08-15 01:13 . 2012-08-15 01:13 100864 ----a-w- C:\pwlyikod.sys
    2012-08-15 01:08 . 2012-08-15 01:08 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-15 00:41 . 2012-08-15 00:41 -------- d-----w- c:\programdata\Sophos
    2012-08-15 00:41 . 2012-08-15 00:41 73728 ----a-r- c:\users\Reginald\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-08-15 00:41 . 2012-08-15 00:41 73728 ----a-r- c:\users\Reginald\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
    2012-08-15 00:41 . 2012-08-15 00:41 73728 ----a-r- c:\users\Reginald\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
    2012-08-15 00:41 . 2012-08-15 00:41 -------- d-----w- c:\program files\Sophos
    2012-08-15 00:19 . 2012-08-15 02:50 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-21 11:43 . 2012-07-21 11:43 -------- d-----w- c:\users\Reginald\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-21 11:43 . 2012-07-21 11:43 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-07-21 11:43 . 2012-07-21 11:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2012-07-20 19:18 . 2012-07-20 19:18 -------- d-----w- c:\program files\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-16 16:11 . 2010-06-10 14:52 848 --sha-w- c:\programdata\KGyGaAvL.sys
    2012-08-15 07:17 . 2012-04-15 11:37 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-15 07:17 . 2011-06-03 22:49 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-15 00:20 . 2009-07-13 23:11 259072 ----a-w- c:\windows\system32\services.exe
    2012-07-12 09:36 . 2010-04-05 15:54 83392 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2012-07-12 09:36 . 2010-04-05 15:54 52128 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2012-07-12 09:36 . 2010-04-05 15:54 30624 ----a-w- c:\windows\system32\LMIport.dll
    2012-07-12 09:36 . 2010-04-05 15:54 87456 ----a-w- c:\windows\system32\LMIinit.dll
    2012-07-03 19:46 . 2012-04-17 22:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-06 14:49 . 2012-06-06 14:49 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
    2012-06-06 05:05 . 2012-07-11 07:53 1390080 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 07:53 1236992 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 07:53 805376 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 16:54 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 16:54 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 16:54 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 16:54 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 16:54 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 16:54 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 16:54 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 21:19 . 2012-06-21 16:54 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 21:12 . 2012-06-21 16:54 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 04:45 . 2012-07-11 07:53 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 04:45 . 2012-07-11 07:53 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 04:40 . 2012-07-11 07:53 369336 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 04:40 . 2012-07-11 07:53 225280 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 04:39 . 2012-07-11 07:53 219136 ----a-w- c:\windows\system32\ncrypt.dll
    2012-05-22 19:16 . 2010-04-05 15:54 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
    2012-04-17 02:14 . 2011-08-07 19:20 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-08-14 12:06 . 2010-08-14 12:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files\AddThis Toolbar\Helper.dll" [2010-06-08 243200]
    .
    [HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]
    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]
    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-08-23 4608]
    "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-09-29 2942856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-14 39408]
    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-19 109336]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VX6000"="c:\windows\vVX6000.exe" [2009-06-26 759296]
    "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-14 30192]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
    "QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2009-06-22 83232]
    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-03-27 96816]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2010-02-17 2621440]
    "SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536448]
    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5458848]
    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390736]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
    "KSafeTray"="c:\program files\Kingsoft\PcDoctor\KSafeTray.exe" [2012-04-11 1308064]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
    "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-07-20 1217864]
    .
    c:\users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Active WebCam.LNK - c:\program files\Active WebCam\WebCam.exe [2009-8-18 4899136]
    ActiveWords.lnk - c:\program files\ActiveWords\AWMonitor.exe [2012-3-3 3506176]
    Dropbox.lnk - c:\users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    Virtual Weather Station.lnk - c:\vws\vws.exe [2011-10-19 21328896]
    WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2011-8-26 2542080]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-26 50688]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
    Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-11-30 279912]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 ACTIVEWEBCAMWATCHDOG;Active WebCam Watchdog;c:\program files\Active WebCam\Watchdog.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]
    R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [x]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\Drivers\XE102Mp5.sys [x]
    R3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\Drivers\XE102Sp5.sys [x]
    R4 ACTIVEWEBCAM;Active WebCam;c:\program files\Active WebCam\WebCam.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
    R4 SQLAgent$MICROSOFTSCM;SQL Server Agent (MICROSOFTSCM);c:\program files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
    S1 kmodurl;kmodurl;c:\program files\Kingsoft\PcDoctor\kmodurl.sys [x]
    S1 MpKsl7ad2c85a;MpKsl7ad2c85a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\MpKsl7ad2c85a.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
    S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [x]
    S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [x]
    S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
    S2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [x]
    S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
    S2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [x]
    S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [x]
    S2 KSafeSvc;KSafe service;c:\program files\Kingsoft\PcDoctor\KSafeSvc.exe [x]
    S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 MSSQL$MICROSOFTSCM;SQL Server (MICROSOFTSCM);c:\program files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\sqlservr.exe [x]
    S2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [x]
    S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
    S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]
    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
    S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [x]
    S3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]
    S3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]
    S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
    S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]
    S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 22278196
    *NewlyCreated* - 92405968
    *NewlyCreated* - ASDRM
    *NewlyCreated* - ASDRS
    *NewlyCreated* - ASDWS
    *NewlyCreated* - ASWMBR
    *NewlyCreated* - CPUDRV
    *NewlyCreated* - MPKSL7AD2C85A
    *NewlyCreated* - PWLYIKOD
    *Deregistered* - 22278196
    *Deregistered* - 92405968
    *Deregistered* - asdrm
    *Deregistered* - aswMBR
    *Deregistered* - pwlyikod
    .
    Contents of the 'Scheduled Tasks' folder
    .
  13. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 07:17]
    .
    2012-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 18:57]
    .
    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 18:57]
    .
    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000Core.job
    - c:\users\Reginald\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 20:34]
    .
    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000UA.job
    - c:\users\Reginald\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 20:34]
    .
    2012-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
    .
    2012-08-18 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]
    .
    2012-08-19 c:\windows\Tasks\User_Feed_Synchronization-{1D9D0871-37AF-43C2-BA55-FCB153C904EF}.job
    - c:\windows\system32\msfeedssync.exe [2011-06-03 22:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta
    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    Trusted Zone: garmin.com\connect
    Trusted Zone: garmin.com\mygarmin
    Trusted Zone: garmin.com\www
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
    Trusted Zone: zoombak.com\locate
    Trusted Zone: zoombak.com\shop
    TCP: DhcpNameServer = 72.19.128.53 72.19.128.99
    TCP: Interfaces\{297982DB-7F42-4718-8D4B-A71C72C5621A}: DhcpNameServer = 72.19.128.53 72.19.128.99
    DPF: CaptureClient - hxxp://192.168.1.110/CaptureClient.cab
    DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} - hxxp://192.168.1.210/xplugxLiteTW.cab
    FF - ProfilePath - c:\users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\
    FF - prefs.js: browser.startup.homepage - hxxp://watch.slingbox.com/watch/sling_player
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{9EBF8AAF-0A31-4786-909A-97A0EF101743} - (no file)
    AddRemove-7-Zip - c:\program files\7-Zip\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]
    "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*o*o*k*m*a*r*k*s* *T*o*o*l*b*a*r*
    \Microsoft]

    "Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,78,00,
    00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,a5,ba,a6,20,00,46,72,65,65,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*o*o*k*m*a*r*k*s* *T*o*o*l*b*a*r*
    \News]

    "Order"=hex:08,00,00,00,02,00,00,00,fc,03,00,00,01,00,00,00,09,00,00,00,6c,00,
    00,00,00,00,00,00,5e,00,32,00,cd,00,00,00,00,bd,65,70,20,00,42,42,43,20,4e,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*o*o*k*m*a*r*k*s* *T*o*o*l*b*a*r*
    \Popular]

    "Order"=hex:08,00,00,00,02,00,00,00,c4,01,00,00,01,00,00,00,04,00,00,00,66,00,
    00,00,00,00,00,00,58,00,32,00,cd,00,00,00,00,a2,23,05,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Business and Finance]

    "Order"=hex:08,00,00,00,02,00,00,00,14,05,00,00,01,00,00,00,09,00,00,00,7e,00,
    00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,86,ca,f9,20,00,43,61,72,65,65,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Computers and Internet]

    "Order"=hex:08,00,00,00,02,00,00,00,a6,04,00,00,01,00,00,00,09,00,00,00,70,00,
    00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,f4,d4,29,20,00,40,76,61,6e,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Directories]

    "Order"=hex:08,00,00,00,02,00,00,00,12,05,00,00,01,00,00,00,09,00,00,00,a2,00,
    00,00,00,00,00,00,94,00,32,00,84,00,00,00,00,37,e6,6b,20,00,34,61,6e,79,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Entertainment and Lifestyles]

    "Order"=hex:08,00,00,00,02,00,00,00,b2,04,00,00,01,00,00,00,09,00,00,00,90,00,
    00,00,00,00,00,00,82,00,32,00,84,00,00,00,00,1f,71,d7,20,00,43,65,6c,65,62,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \News and Sports]

    "Order"=hex:08,00,00,00,02,00,00,00,ce,04,00,00,01,00,00,00,09,00,00,00,78,00,
    00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,c2,11,99,20,00,41,42,43,4e,45,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Personal Toolbar Folder]

    "Order"=hex:08,00,00,00,02,00,00,00,b0,03,00,00,01,00,00,00,08,00,00,00,70,00,
    00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,d2,e6,29,20,00,43,61,6c,65,6e,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Search]

    "Order"=hex:08,00,00,00,02,00,00,00,92,03,00,00,01,00,00,00,08,00,00,00,72,00,
    00,00,00,00,00,00,64,00,32,00,84,00,00,00,00,dc,5c,7d,20,00,41,62,6f,75,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Shopping and Classifieds]

    "Order"=hex:08,00,00,00,02,00,00,00,b4,04,00,00,01,00,00,00,09,00,00,00,76,00,
    00,00,00,00,00,00,68,00,32,00,84,00,00,00,00,6b,e0,e3,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Travel and Leisure]

    "Order"=hex:08,00,00,00,02,00,00,00,a0,04,00,00,01,00,00,00,09,00,00,00,82,00,
    00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,75,30,93,20,00,4c,65,69,73,75,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \What's New and Cool]

    "Order"=hex:08,00,00,00,02,00,00,00,e6,04,00,00,01,00,00,00,09,00,00,00,9c,00,
    00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,67,aa,7d,20,00,41,64,76,65,72,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Business and Finance]

    "Order"=hex:08,00,00,00,02,00,00,00,f0,04,00,00,01,00,00,00,09,00,00,00,7a,00,
    00,00,00,00,00,00,6c,00,32,00,cd,00,00,00,00,b5,fc,e8,20,00,43,61,72,65,65,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Computers and Internet]

    "Order"=hex:08,00,00,00,02,00,00,00,82,04,00,00,01,00,00,00,09,00,00,00,6c,00,
    00,00,00,00,00,00,5e,00,32,00,cd,00,00,00,00,12,d9,88,20,00,40,76,61,6e,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Directories]

    "Order"=hex:08,00,00,00,02,00,00,00,ee,04,00,00,01,00,00,00,09,00,00,00,9e,00,
    00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,81,e4,88,20,00,34,61,6e,79,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Entertainment and Lifestyles]

    "Order"=hex:08,00,00,00,02,00,00,00,8e,04,00,00,01,00,00,00,09,00,00,00,8c,00,
    00,00,00,00,00,00,7e,00,32,00,cd,00,00,00,00,62,71,02,20,00,43,65,6c,65,62,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \News and Sports]

    "Order"=hex:08,00,00,00,02,00,00,00,aa,04,00,00,01,00,00,00,09,00,00,00,74,00,
    00,00,00,00,00,00,66,00,32,00,cd,00,00,00,00,52,65,7c,20,00,41,42,43,4e,45,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Personal Toolbar Folder]

    "Order"=hex:08,00,00,00,02,00,00,00,90,03,00,00,01,00,00,00,08,00,00,00,6c,00,
    00,00,00,00,00,00,5e,00,32,00,cd,00,00,00,00,8d,1f,0f,20,00,43,61,6c,65,6e,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Search]

    "Order"=hex:08,00,00,00,02,00,00,00,72,03,00,00,01,00,00,00,08,00,00,00,6e,00,
    00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,8d,f8,b7,20,00,41,62,6f,75,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Shopping and Classifieds]

    "Order"=hex:08,00,00,00,02,00,00,00,90,04,00,00,01,00,00,00,09,00,00,00,72,00,
    00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,83,23,9e,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Travel and Leisure]

    "Order"=hex:08,00,00,00,02,00,00,00,7c,04,00,00,01,00,00,00,09,00,00,00,7e,00,
    00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,a7,04,67,20,00,4c,65,69,73,75,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \What's New and Cool]

    "Order"=hex:08,00,00,00,02,00,00,00,c2,04,00,00,01,00,00,00,09,00,00,00,98,00,
    00,00,00,00,00,00,8a,00,32,00,cd,00,00,00,00,52,d6,a4,20,00,41,64,76,65,72,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*I*n*k*s*


    \Bookmarks bar]

    "Order"=hex:08,00,00,00,02,00,00,00,e4,1f,00,00,01,00,00,00,49,00,00,00,68,00,
    00,00,48,00,00,00,5a,00,32,00,cd,00,00,00,00,3f,e0,7d,20,00,7e,72,65,67,68,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations]

    "Order"=hex:08,00,00,00,02,00,00,00,28,04,00,00,01,00,00,00,0b,00,00,00,6c,00,
    00,00,00,00,00,00,5e,00,31,00,00,00,00,00,00,f6,fa,3e,10,00,41,6c,74,65,72,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Alternative]

    "Order"=hex:08,00,00,00,02,00,00,00,30,0c,00,00,01,00,00,00,15,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,ec,9c,e4,20,00,33,57,4b,20,55,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Classical]

    "Order"=hex:08,00,00,00,02,00,00,00,a0,05,00,00,01,00,00,00,09,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,ed,a9,92,20,00,43,42,43,20,52,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Country]

    "Order"=hex:08,00,00,00,02,00,00,00,70,07,00,00,01,00,00,00,0c,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,e1,cc,2f,20,00,39,36,2e,33,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\International]

    "Order"=hex:08,00,00,00,02,00,00,00,98,03,00,00,01,00,00,00,06,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,b6,16,80,20,00,4e,65,74,52,61,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Jazz]

    "Order"=hex:08,00,00,00,02,00,00,00,12,05,00,00,01,00,00,00,08,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,5f,eb,8f,20,00,42,65,61,63,68,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\News]

    "Order"=hex:08,00,00,00,02,00,00,00,98,05,00,00,01,00,00,00,09,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,5b,fd,5d,20,00,43,42,43,20,52,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Pop]

    "Order"=hex:08,00,00,00,02,00,00,00,cc,10,00,00,01,00,00,00,1c,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,0e,03,54,20,00,39,33,2e,31,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Rock]

    "Order"=hex:08,00,00,00,02,00,00,00,ca,09,00,00,01,00,00,00,10,00,00,00,a0,00,
    00,00,00,00,00,00,92,00,32,00,84,00,00,00,00,dd,b9,a0,20,00,39,32,20,4b,51,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Spiritual]

    "Order"=hex:08,00,00,00,02,00,00,00,5e,03,00,00,01,00,00,00,06,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,3a,18,ad,20,00,43,68,72,69,73,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Sports]

    "Order"=hex:08,00,00,00,02,00,00,00,b8,05,00,00,01,00,00,00,0a,00,00,00,ac,00,
    00,00,00,00,00,00,9e,00,32,00,84,00,00,00,00,91,03,de,20,00,45,53,50,4e,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Talk]

    "Order"=hex:08,00,00,00,02,00,00,00,02,09,00,00,01,00,00,00,10,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,4b,42,b9,20,00,37,37,20,57,41,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations]

    "Order"=hex:08,00,00,00,02,00,00,00,fc,03,00,00,01,00,00,00,0b,00,00,00,68,00,
    00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,0f,0b,f9,10,00,41,6c,74,65,72,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Alternative]

    "Order"=hex:08,00,00,00,02,00,00,00,dc,0b,00,00,01,00,00,00,15,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,1f,d5,8f,20,00,33,57,4b,20,55,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Classical]

    "Order"=hex:08,00,00,00,02,00,00,00,7c,05,00,00,01,00,00,00,09,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,5a,f6,4a,20,00,43,42,43,20,52,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Country]

    "Order"=hex:08,00,00,00,02,00,00,00,ae,06,00,00,01,00,00,00,0b,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ed,e9,b7,20,00,39,36,2e,33,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\International]

    "Order"=hex:08,00,00,00,02,00,00,00,80,03,00,00,01,00,00,00,06,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,fd,f2,65,20,00,4e,65,74,52,61,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
  14. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    \RealPlayer Stations\Jazz]
    "Order"=hex:08,00,00,00,02,00,00,00,12,05,00,00,01,00,00,00,08,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,5f,eb,8f,20,00,42,65,61,63,68,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\News]

    "Order"=hex:08,00,00,00,02,00,00,00,98,05,00,00,01,00,00,00,09,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,5b,fd,5d,20,00,43,42,43,20,52,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Pop]

    "Order"=hex:08,00,00,00,02,00,00,00,cc,10,00,00,01,00,00,00,1c,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,0e,03,54,20,00,39,33,2e,31,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Rock]

    "Order"=hex:08,00,00,00,02,00,00,00,ca,09,00,00,01,00,00,00,10,00,00,00,a0,00,
    00,00,00,00,00,00,92,00,32,00,84,00,00,00,00,dd,b9,a0,20,00,39,32,20,4b,51,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Spiritual]

    "Order"=hex:08,00,00,00,02,00,00,00,5e,03,00,00,01,00,00,00,06,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,3a,18,ad,20,00,43,68,72,69,73,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Sports]

    "Order"=hex:08,00,00,00,02,00,00,00,b8,05,00,00,01,00,00,00,0a,00,00,00,ac,00,
    00,00,00,00,00,00,9e,00,32,00,84,00,00,00,00,91,03,de,20,00,45,53,50,4e,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Talk]

    "Order"=hex:08,00,00,00,02,00,00,00,02,09,00,00,01,00,00,00,10,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,4b,42,b9,20,00,37,37,20,57,41,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations]

    "Order"=hex:08,00,00,00,02,00,00,00,fc,03,00,00,01,00,00,00,0b,00,00,00,68,00,
    00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,0f,0b,f9,10,00,41,6c,74,65,72,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Alternative]

    "Order"=hex:08,00,00,00,02,00,00,00,dc,0b,00,00,01,00,00,00,15,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,1f,d5,8f,20,00,33,57,4b,20,55,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Classical]

    "Order"=hex:08,00,00,00,02,00,00,00,7c,05,00,00,01,00,00,00,09,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,5a,f6,4a,20,00,43,42,43,20,52,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Country]

    "Order"=hex:08,00,00,00,02,00,00,00,ae,06,00,00,01,00,00,00,0b,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ed,e9,b7,20,00,39,36,2e,33,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\International]

    "Order"=hex:08,00,00,00,02,00,00,00,80,03,00,00,01,00,00,00,06,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,fd,f2,65,20,00,4e,65,74,52,61,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Jazz]

    "Order"=hex:08,00,00,00,02,00,00,00,f2,04,00,00,01,00,00,00,08,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ce,ea,5b,20,00,42,65,61,63,68,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\News]

    "Order"=hex:08,00,00,00,02,00,00,00,74,05,00,00,01,00,00,00,09,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,86,76,c7,20,00,43,42,43,20,52,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Pop]

    "Order"=hex:08,00,00,00,02,00,00,00,5c,10,00,00,01,00,00,00,1c,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,df,4d,5e,20,00,39,33,2e,31,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Rock]

    "Order"=hex:08,00,00,00,02,00,00,00,8a,09,00,00,01,00,00,00,10,00,00,00,9c,00,
    00,00,00,00,00,00,8e,00,32,00,cd,00,00,00,00,8b,58,cc,20,00,39,32,20,4b,51,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Spiritual]

    "Order"=hex:08,00,00,00,02,00,00,00,46,03,00,00,01,00,00,00,06,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ea,15,5b,20,00,43,68,72,69,73,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Sports]

    "Order"=hex:08,00,00,00,02,00,00,00,90,05,00,00,01,00,00,00,0a,00,00,00,a8,00,
    00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,9e,c3,6b,20,00,45,53,50,4e,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Talk]

    "Order"=hex:08,00,00,00,02,00,00,00,c2,08,00,00,01,00,00,00,10,00,00,00,92,00,
    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,7a,47,b3,20,00,37,37,20,57,41,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*B*C* *Y*a*h*o*o*!* *D*S*L*
    \Yahoo!]

    "Order"=hex:08,00,00,00,02,00,00,00,38,0a,00,00,01,00,00,00,14,00,00,00,7c,00,
    00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,aa,87,d2,20,00,4c,41,55,4e,43,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*B*C* *Y*a*h*o*o*!* *D*S*L*

    \Yahoo!]

    "Order"=hex:08,00,00,00,02,00,00,00,e8,09,00,00,01,00,00,00,14,00,00,00,78,00,
    00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,18,84,70,20,00,4c,41,55,4e,43,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Baseball]

    "Order"=hex:08,00,00,00,02,00,00,00,28,07,00,00,01,00,00,00,0a,00,00,00,c0,00,
    00,00,00,00,00,00,b2,00,32,00,84,00,00,00,00,a5,a1,9f,20,00,42,61,73,65,62,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Gardening]

    "Order"=hex:08,00,00,00,02,00,00,00,08,02,00,00,01,00,00,00,03,00,00,00,9c,00,
    00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,9d,ef,03,20,00,46,69,6e,65,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Graduation]

    "Order"=hex:08,00,00,00,02,00,00,00,04,04,00,00,01,00,00,00,05,00,00,00,00,01,
    00,00,00,00,00,00,f2,00,32,00,84,00,00,00,00,d3,92,d6,20,00,47,6f,72,64,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Home Improvement]

    "Order"=hex:08,00,00,00,02,00,00,00,22,03,00,00,01,00,00,00,05,00,00,00,c4,00,
    00,00,00,00,00,00,b6,00,32,00,84,00,00,00,00,9e,c8,e0,20,00,42,6f,62,56,69,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Microsoft Windows Plus! DME]

    "Order"=hex:08,00,00,00,02,00,00,00,fa,00,00,00,01,00,00,00,01,00,00,00,ee,00,
    00,00,00,00,00,00,e0,00,32,00,84,00,00,00,00,bc,3c,ae,20,00,4d,69,63,72,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day]

    "Order"=hex:08,00,00,00,02,00,00,00,90,03,00,00,01,00,00,00,07,00,00,00,5a,00,
    00,00,01,00,00,00,4c,00,31,00,00,00,00,00,00,dd,f6,b2,10,00,43,61,72,64,73,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Cards]

    "Order"=hex:08,00,00,00,02,00,00,00,f0,02,00,00,01,00,00,00,04,00,00,00,ca,00,
    00,00,00,00,00,00,bc,00,32,00,84,00,00,00,00,bc,a7,ca,20,00,41,6d,65,72,69,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Flowers & Chocolate]

    "Order"=hex:08,00,00,00,02,00,00,00,66,03,00,00,01,00,00,00,05,00,00,00,8a,00,
    00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,0d,6c,9e,20,00,31,2d,38,30,30,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Gifts]

    "Order"=hex:08,00,00,00,02,00,00,00,b0,04,00,00,01,00,00,00,06,00,00,00,88,00,
    00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,ef,f4,ab,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Kids]

    "Order"=hex:08,00,00,00,02,00,00,00,92,02,00,00,01,00,00,00,03,00,00,00,ee,00,
    00,00,00,00,00,00,e0,00,32,00,84,00,00,00,00,77,f8,b6,20,00,42,69,6c,6c,79,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Outdoor Activities]

    "Order"=hex:08,00,00,00,02,00,00,00,9e,04,00,00,01,00,00,00,05,00,00,00,cc,00,
    00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,98,c4,27,20,00,43,61,6d,70,69,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Photography]

    "Order"=hex:08,00,00,00,02,00,00,00,70,05,00,00,01,00,00,00,07,00,00,00,8e,00,
    00,00,03,00,00,00,80,00,31,00,00,00,00,00,00,86,0b,4f,10,00,4e,65,77,73,2c,\
    .
  15. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Photography\News, Reviews & How To]

    "Order"=hex:08,00,00,00,02,00,00,00,e0,04,00,00,01,00,00,00,05,00,00,00,3c,01,
    00,00,00,00,00,00,2e,01,32,00,84,00,00,00,00,4a,0f,14,20,00,44,69,67,69,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Photography\On-Line Stores]

    "Order"=hex:08,00,00,00,02,00,00,00,5e,04,00,00,01,00,00,00,05,00,00,00,2a,01,
    00,00,00,00,00,00,1c,01,32,00,84,00,00,00,00,27,d9,dd,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Wildlife & Nature]

    "Order"=hex:08,00,00,00,02,00,00,00,b0,04,00,00,01,00,00,00,05,00,00,00,3c,01,
    00,00,00,00,00,00,2e,01,32,00,84,00,00,00,00,3a,bb,a1,20,00,41,64,76,65,6e,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Baseball]

    "Order"=hex:08,00,00,00,02,00,00,00,00,07,00,00,01,00,00,00,0a,00,00,00,bc,00,
    00,00,00,00,00,00,ae,00,32,00,cd,00,00,00,00,2d,83,89,20,00,42,61,73,65,62,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Gardening]

    "Order"=hex:08,00,00,00,02,00,00,00,fc,01,00,00,01,00,00,00,03,00,00,00,98,00,
    00,00,00,00,00,00,8a,00,32,00,cd,00,00,00,00,35,68,30,20,00,46,69,6e,65,20,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Graduation]

    "Order"=hex:08,00,00,00,02,00,00,00,f0,03,00,00,01,00,00,00,05,00,00,00,fc,00,
    00,00,00,00,00,00,ee,00,32,00,cd,00,00,00,00,0c,9d,1b,20,00,47,6f,72,64,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Home Improvement]

    "Order"=hex:08,00,00,00,02,00,00,00,0e,03,00,00,01,00,00,00,05,00,00,00,c0,00,
    00,00,00,00,00,00,b2,00,32,00,cd,00,00,00,00,39,4b,fc,20,00,42,6f,62,56,69,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Microsoft Windows Plus! DME]

    "Order"=hex:08,00,00,00,02,00,00,00,f6,00,00,00,01,00,00,00,01,00,00,00,ea,00,
    00,00,00,00,00,00,dc,00,32,00,cd,00,00,00,00,86,0b,c5,20,00,4d,69,63,72,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day]

    "Order"=hex:08,00,00,00,02,00,00,00,74,03,00,00,01,00,00,00,07,00,00,00,56,00,
    00,00,01,00,00,00,48,00,31,00,00,00,00,00,00,9d,36,10,10,00,43,61,72,64,73,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Cards]

    "Order"=hex:08,00,00,00,02,00,00,00,e0,02,00,00,01,00,00,00,04,00,00,00,c6,00,
    00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,93,a0,ac,20,00,41,6d,65,72,69,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Flowers & Chocolate]

    "Order"=hex:08,00,00,00,02,00,00,00,52,03,00,00,01,00,00,00,05,00,00,00,86,00,
    00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,ce,ed,38,20,00,31,2d,38,30,30,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Gifts]

    "Order"=hex:08,00,00,00,02,00,00,00,98,04,00,00,01,00,00,00,06,00,00,00,84,00,
    00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,5b,7c,87,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Kids]

    "Order"=hex:08,00,00,00,02,00,00,00,86,02,00,00,01,00,00,00,03,00,00,00,ea,00,
    00,00,00,00,00,00,dc,00,32,00,cd,00,00,00,00,77,5f,7e,20,00,42,69,6c,6c,79,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Outdoor Activities]

    "Order"=hex:08,00,00,00,02,00,00,00,8a,04,00,00,01,00,00,00,05,00,00,00,c8,00,
    00,00,00,00,00,00,ba,00,32,00,cd,00,00,00,00,39,70,fa,20,00,43,61,6d,70,69,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Photography]

    "Order"=hex:08,00,00,00,02,00,00,00,54,05,00,00,01,00,00,00,07,00,00,00,8a,00,
    00,00,03,00,00,00,7c,00,31,00,00,00,00,00,00,58,d9,86,10,00,4e,65,77,73,2c,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Photography\News, Reviews & How To]

    "Order"=hex:08,00,00,00,02,00,00,00,cc,04,00,00,01,00,00,00,05,00,00,00,38,01,
    00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,f6,57,84,20,00,44,69,67,69,74,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Photography\On-Line Stores]

    "Order"=hex:08,00,00,00,02,00,00,00,4a,04,00,00,01,00,00,00,05,00,00,00,26,01,
    00,00,00,00,00,00,18,01,32,00,cd,00,00,00,00,ec,14,f7,20,00,41,6d,61,7a,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Wildlife & Nature]

    "Order"=hex:08,00,00,00,02,00,00,00,9c,04,00,00,01,00,00,00,05,00,00,00,38,01,
    00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,8a,a1,a7,20,00,41,64,76,65,6e,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-10
  16. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*V*
    ]

    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,ea,01,00,00,01,00,00,00,02,00,00,00,ee,00,
    00,00,00,00,00,00,e0,00,32,00,84,00,00,00,00,5c,13,09,20,00,77,77,69,54,56,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*V*

    ]

    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,e2,01,00,00,01,00,00,00,02,00,00,00,ea,00,
    00,00,00,00,00,00,dc,00,32,00,cd,00,00,00,00,d6,dc,c6,20,00,77,77,69,54,56,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*p*
    ]

    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,36,01,00,00,01,00,00,00,02,00,00,00,9a,00,
    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,ec,21,94,20,00,57,69,6e,64,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*p*

    ]

    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,2e,01,00,00,01,00,00,00,02,00,00,00,96,00,
    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,de,77,65,20,00,57,69,6e,64,6f,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*
    ]

    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,18,0a,00,00,01,00,00,00,0d,00,00,00,f0,00,
    00,00,00,00,00,00,e2,00,32,00,84,00,00,00,00,9d,d1,af,20,00,41,63,74,69,76,\
    .
    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*

    ]

    @SACL=(02 0001)
    "Order"=hex:08,00,00,00,02,00,00,00,fe,08,00,00,01,00,00,00,0c,00,00,00,ec,00,
    00,00,00,00,00,00,de,00,32,00,cd,00,00,00,00,ea,9a,0d,20,00,41,63,74,69,76,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-18 21:47:51
    ComboFix-quarantined-files.txt 2012-08-19 03:47
    ComboFix2.txt 2012-08-17 15:10
    .
    Pre-Run: 91,629,699,072 bytes free
    Post-Run: 91,735,994,368 bytes free
    .
    - - End Of File - - BB601623529C5AB9E01A11839EF477FF
  17. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    Rkill 2.2.1 by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2012 BleepingComputer.com

    More Information about Rkill can be found at this link:

    http://www.bleepingcomputer.com/forums/topic308364.html



    Program started at: 08/18/2012 10:16:20 PM in x86 mode.

    Windows Version: Windows 7



    Checking for Windows services to stop.



    * No malware services found to stop.



    Checking for processes to terminate.



    * No malware processes found to kill.



    Checking Registry for malware related settings.



    * Advanced Explorer Setting Removed: HideIcons [HKCU]



    Backup Registry file created at:

    C:\Users\Reginald\Desktop\rkill\rkill-08-18-2012-10-16-21.reg



    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    * HKLM\Software\Classes\.com "@" has been changed to ComFile!

    * HKLM\Software\Classes\.com "@" was reset to comfile!





    Performing miscellaneous checks.



    * No issues found.



    Checking Windows Service Integrity:



    * atapi => \SystemRoot\system32\drivers\atapi.sys [Incorrect ImagePath]



    Searching for Missing Digital Signatures:

    * No issues found.



    Program finished at: 08/18/2012 10:16:27 PM
    Execution time: 0 hours(s), 0 minute(s), and 7 seconds(s
  18. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    Combofix in saf mode immediately after Rkill

    ComboFix 12-08-18.03 - Reginald 08/18/2012 22:19:44.4.4 - x86 MINIMAL

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3070.2559 [GMT -6:00]

    Running from: c:\users\Reginald\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    * Created a new restore point

    .

    .

    ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 )))))))))))))))))))))))))))))))

    .

    .

    2012-08-19 04:30 . 2012-08-19 04:30-------- d-----w- c:\users\Default\AppData\Local\temp

    2012-08-18 14:28 . 2012-08-18 14:2856200----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\offreg.dll

    2012-08-18 14:27 . 2012-08-18 14:27-------- d-----w- c:\users\Reginald\AppData\Roaming\Anvisoft

    2012-08-18 14:27 . 2012-07-13 05:4914160----a-w- c:\windows\system32\drivers\asdws.sys

    2012-08-18 14:27 . 2012-07-13 05:4922864----a-w- c:\windows\system32\drivers\asdrs.sys

    2012-08-18 14:27 . 2012-07-13 05:4916208----a-w- c:\windows\system32\drivers\asdrm.sys

    2012-08-18 14:27 . 2012-08-18 14:27-------- d-----w- c:\programdata\Anvisoft

    2012-08-18 14:27 . 2012-08-18 14:27-------- d-----w- c:\program files\Anvisoft

    2012-08-17 20:51 . 2009-08-20 05:5022872----a-r- c:\windows\system32\AdobePDFUI.dll

    2012-08-17 20:47 . 2012-07-30 20:52103904 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

    2012-08-17 19:02 . 2012-07-16 08:416891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D038EA17-3377-478B-B5ED-19B9E4CFA74B}\mpengine.dll

    2012-08-17 16:23 . 2012-08-17 16:23-------- d-----w- c:\program files\ESET

    2012-08-16 17:25 . 2012-08-17 14:20-------- d-----w- c:\users\Reginald\AppData\Roaming\ActiveWords 2.0

    2012-08-16 17:25 . 2012-08-16 17:25-------- d-----w- c:\programdata\Licenses

    2012-08-16 17:25 . 2012-08-16 17:25232915 ----a-w- c:\windows\ActiveWords Uninstaller.exe

    2012-08-16 17:25 . 2012-08-16 17:25-------- d-----w- c:\program files\Common Files\orangequava

    2012-08-16 17:25 . 2012-08-16 17:25-------- d-----w- c:\program files\ActiveWords

    2012-08-16 13:42 . 2012-07-16 08:416891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2012-08-16 13:13 . 2012-07-06 19:23393728 ----a-w- c:\windows\system32\drivers\bthport.sys

    2012-08-16 13:09 . 2012-07-18 17:472345984 ----a-w- c:\windows\system32\win32k.sys

    2012-08-16 13:09 . 2012-05-05 07:46400896 ----a-w- c:\windows\system32\srcore.dll

    2012-08-16 13:09 . 2012-07-04 21:1441984----a-w- c:\windows\system32\browcli.dll

    2012-08-16 13:09 . 2012-07-04 21:14102912 ----a-w- c:\windows\system32\browser.dll

    2012-08-16 13:09 . 2012-05-14 04:33769024 ----a-w- c:\windows\system32\localspl.dll

    2012-08-15 23:44 . 2012-08-15 23:44-------- d-----w- c:\program files\AirPort

    2012-08-15 15:23 . 2012-08-15 15:23-------- d-----w- C:\Backreg

    2012-08-15 12:10 . 2012-08-15 12:10691696 ----a-w- c:\windows\system32\drivers\sptd.sys

    2012-08-15 12:10 . 2012-08-15 12:10-------- d-----w- c:\program files\LSoft Technologies

    2012-08-15 03:59 . 2012-08-15 03:59-------- d-----w- c:\windows\RestoreSafeDeleted

    2012-08-15 03:52 . 2012-08-15 15:17-------- d-----w- c:\program files\UnHackMe

    2012-08-15 03:28 . 2012-08-15 03:282 --shatr- c:\windows\winstart.bat

    2012-08-15 03:28 . 2012-08-15 03:28-------- d-----w- c:\program files\Greatis

    2012-08-15 03:23 . 2012-08-15 15:10-------- d-----w- c:\programdata\RegRun

    2012-08-15 02:08 . 2012-08-15 02:10-------- d-----w- c:\programdata\HitmanPro

    2012-08-15 01:14 . 2012-02-09 20:17713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{93354889-7EA1-40C7-AC78-80F571619CC8}\gapaengine.dll

    2012-08-15 01:13 . 2012-08-15 01:13100864 ----a-w- C:\pwlyikod.sys

    2012-08-15 01:08 . 2012-08-15 01:08-------- d-----w- c:\program files\Microsoft Security Client

    2012-08-15 00:41 . 2012-08-15 00:41-------- d-----w- c:\programdata\Sophos

    2012-08-15 00:41 . 2012-08-15 00:4173728----a-r- c:\users\Reginald\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe

    2012-08-15 00:41 . 2012-08-15 00:4173728----a-r- c:\users\Reginald\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe

    2012-08-15 00:41 . 2012-08-15 00:4173728----a-r- c:\users\Reginald\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe

    2012-08-15 00:41 . 2012-08-15 00:41-------- d-----w- c:\program files\Sophos

    2012-08-15 00:19 . 2012-08-15 02:50-------- d-----w- C:\TDSSKiller_Quarantine

    2012-07-21 11:43 . 2012-07-21 11:43-------- d-----w- c:\users\Reginald\AppData\Roaming\SUPERAntiSpyware.com

    2012-07-21 11:43 . 2012-07-21 11:43-------- d-----w- c:\program files\SUPERAntiSpyware

    2012-07-21 11:43 . 2012-07-21 11:43-------- d-----w- c:\programdata\SUPERAntiSpyware.com

    2012-07-20 19:18 . 2012-07-20 19:18-------- d-----w- c:\program files\Common Files\Skype

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-08-16 16:11 . 2010-06-10 14:52848 --sha-w- c:\programdata\KGyGaAvL.sys

    2012-08-15 07:17 . 2012-04-15 11:37426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2012-08-15 07:17 . 2011-06-03 22:4970344----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2012-08-15 00:20 . 2009-07-13 23:11259072 ----a-w- c:\windows\system32\services.exe

    2012-07-12 09:36 . 2010-04-05 15:5483392----a-w- c:\windows\system32\LMIRfsClientNP.dll

    2012-07-12 09:36 . 2010-04-05 15:5452128----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

    2012-07-12 09:36 . 2010-04-05 15:5430624----a-w- c:\windows\system32\LMIport.dll

    2012-07-12 09:36 . 2010-04-05 15:5487456----a-w- c:\windows\system32\LMIinit.dll

    2012-07-03 19:46 . 2012-04-17 22:1622344----a-w- c:\windows\system32\drivers\mbam.sys

    2012-06-06 14:49 . 2012-06-06 14:491070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

    2012-06-06 05:05 . 2012-07-11 07:531390080 ----a-w- c:\windows\system32\msxml6.dll

    2012-06-06 05:05 . 2012-07-11 07:531236992 ----a-w- c:\windows\system32\msxml3.dll

    2012-06-06 05:03 . 2012-07-11 07:53805376 ----a-w- c:\windows\system32\cdosys.dll

    2012-06-02 22:19 . 2012-06-21 16:5453784----a-w- c:\windows\system32\wuauclt.exe

    2012-06-02 22:19 . 2012-06-21 16:5445080----a-w- c:\windows\system32\wups2.dll

    2012-06-02 22:19 . 2012-06-21 16:5435864----a-w- c:\windows\system32\wups.dll

    2012-06-02 22:19 . 2012-06-21 16:54577048 ----a-w- c:\windows\system32\wuapi.dll

    2012-06-02 22:19 . 2012-06-21 16:541933848 ----a-w- c:\windows\system32\wuaueng.dll

    2012-06-02 22:12 . 2012-06-21 16:542422272 ----a-w- c:\windows\system32\wucltux.dll

    2012-06-02 22:12 . 2012-06-21 16:5488576----a-w- c:\windows\system32\wudriver.dll

    2012-06-02 21:19 . 2012-06-21 16:54171904 ----a-w- c:\windows\system32\wuwebv.dll

    2012-06-02 21:12 . 2012-06-21 16:5433792----a-w- c:\windows\system32\wuapp.exe

    2012-06-02 04:45 . 2012-07-11 07:5367440----a-w- c:\windows\system32\drivers\ksecdd.sys

    2012-06-02 04:45 . 2012-07-11 07:53134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

    2012-06-02 04:40 . 2012-07-11 07:53369336 ----a-w- c:\windows\system32\drivers\cng.sys

    2012-06-02 04:40 . 2012-07-11 07:53225280 ----a-w- c:\windows\system32\schannel.dll

    2012-06-02 04:39 . 2012-07-11 07:53219136 ----a-w- c:\windows\system32\ncrypt.dll

    2012-05-22 19:16 . 2010-04-05 15:5483360----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak

    2012-04-17 02:14 . 2011-08-07 19:2097208----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

    2010-08-14 12:06 . 2010-08-14 12:06119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

    "{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}"= "c:\program files\AddThis Toolbar\Helper.dll" [2010-06-08 243200]

    .

    [HKEY_CLASSES_ROOT\clsid\{fa887e92-8f5f-4ec9-99ca-09be0e4120d6}]

    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

    [HKEY_CLASSES_ROOT\TypeLib\{4ACB7285-8557-43C3-80DA-22D40B15DC77}]

    [HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2011-02-18 05:12 94208----a-w- c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AirVideoServer"="c:\program files\AirVideoServer\AirVideoServer.exe" [2010-09-22 4923784]

    "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-08-23 4608]

    "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-09-29 2942856]

    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 144384]

    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-14 39408]

    "OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]

    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

    "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-07-19 109336]

    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 4777856]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "VX6000"="c:\windows\vVX6000.exe" [2009-06-26 759296]

    "Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]

    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]

    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]

    "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2009-03-11 611712]

    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

    "ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]

    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-14 30192]

    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]

    "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118640]

    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]

    "QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE" [2009-06-22 83232]

    "vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-03-27 96816]

    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]

    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

    "SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2010-02-17 2621440]

    "SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-20 2536448]

    "TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-21 5458848]

    "Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-21 390736]

    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

    "KSafeTray"="c:\program files\Kingsoft\PcDoctor\KSafeTray.exe" [2012-04-11 1308064]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

    "AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]

    "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-07-20 1217864]

    .

    c:\users\Reginald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    Active WebCam.LNK - c:\program files\Active WebCam\WebCam.exe [2009-8-18 4899136]

    ActiveWords.lnk - c:\program files\ActiveWords\AWMonitor.exe [2012-3-3 3506176]

    Dropbox.lnk - c:\users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

    Virtual Weather Station.lnk - c:\vws\vws.exe [2011-10-19 21328896]

    WePrint Server.lnk - c:\program files\WePrint\WePrint Server.exe [2011-8-26 2542080]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-9-14 271736]

    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]

    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-4-26 50688]

    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]

    Snagit 10.lnk - c:\program files\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    "EnableLinkedConnections"= 1 (0x1)

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-11-30 279912]

    .

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

    @=""

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]

    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

    .

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

    R1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [x]

    R1 kmodurl;kmodurl;c:\program files\Kingsoft\PcDoctor\kmodurl.sys [x]

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]

    R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [x]

    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

    R2 APC Data Service;APC Data Service;c:\program files\APC\APC PowerChute Personal Edition\dataserv.exe [x]

    R2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [x]

    R2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]

    R2 asdws;AnviSmartDefender Web Guard;c:\windows\system32\DRIVERS\asdws.sys [x]

    R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]

    R2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [x]

    R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [x]

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

    R2 KSafeSvc;KSafe service;c:\program files\Kingsoft\PcDoctor\KSafeSvc.exe [x]

    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]

    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe [x]

    R2 MSSQL$MICROSOFTSCM;SQL Server (MICROSOFTSCM);c:\program files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\sqlservr.exe [x]

    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

    R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [x]

    R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]

    R2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [x]

    R3 ACTIVEWEBCAMWATCHDOG;Active WebCam Watchdog;c:\program files\Active WebCam\Watchdog.exe [x]

    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

    R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

    R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

    R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [x]

    R3 DUMeterDrv;Hagel Technologies DU Meter traffic accounting driver;c:\program files\DU Meter\DUMETR32.SYS [x]

    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]

    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]

    R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]

    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

    R3 libusb0;LibUsb-Win32 - Kernel Driver 06/04/2010,1.12.1.0;c:\windows\system32\DRIVERS\libusb0.sys [x]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

    R3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [x]

    R3 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;c:\windows\system32\PLCNDIS5.SYS [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

    R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2009.SP3c\RpcAgentSrv.exe [x]

    R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [x]

    R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [x]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

    R3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [x]

    R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

    R3 XE102Mp5;XE102Mp5 NDIS Protocol Driver;c:\windows\system32\Drivers\XE102Mp5.sys [x]

    R3 XE102Sp5;XE102Sp5 NDIS Protocol Driver;c:\windows\system32\Drivers\XE102Sp5.sys [x]

    R4 ACTIVEWEBCAM;Active WebCam;c:\program files\Active WebCam\WebCam.exe [x]

    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]

    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]

    R4 SQLAgent$MICROSOFTSCM;SQL Server Agent (MICROSOFTSCM);c:\program files\Microsoft SQL Server\MSSQL10.MICROSOFTSCM\MSSQL\Binn\SQLAGENT.EXE [x]

    S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]

    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]

    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - CPUDRV

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 07:17]

    .

    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 18:57]

    .

    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-28 18:57]

    .

    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000Core.job

    - c:\users\Reginald\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 20:34]

    .

    2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1359024441-3580254713-1987414973-1000UA.job

    - c:\users\Reginald\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-22 20:34]

    .

    2012-08-14 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job

    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]

    .

    2012-08-19 c:\windows\Tasks\SystemToolsDailyTest.job
     
  19. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 05:40]

    .

    2012-08-19 c:\windows\Tasks\User_Feed_Synchronization-{1D9D0871-37AF-43C2-BA55-FCB153C904EF}.job

    - c:\windows\system32\msfeedssync.exe [2011-06-03 22:38]

    .

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uDefault_Search_URL = hxxp://www.google.com/ie

    mStart Page = hxxp://www.google.com/

    uInternet Settings,ProxyOverride = *.local

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

    IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

    IE: E&xport to Microsoft Excel - c:\progra~1\Microsoft Office\Office14\EXCEL.EXE/3000

    IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html

    IE: Open with WordPerfect - c:\program files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta

    IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html

    IE: Se&nd to OneNote - c:\progra~1\Microsoft Office\Office14\ONBttnIE.dll/105

    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

    Trusted Zone: garmin.com\connect

    Trusted Zone: garmin.com\mygarmin

    Trusted Zone: garmin.com\www

    Trusted Zone: real.com\rhap-app-4-0

    Trusted Zone: real.com\rhapreg

    Trusted Zone: zoombak.com\locate

    Trusted Zone: zoombak.com\shop

    TCP: DhcpNameServer = 72.19.128.53 72.19.128.99

    TCP: Interfaces\{297982DB-7F42-4718-8D4B-A71C72C5621A}: DhcpNameServer = 72.19.128.53 72.19.128.99

    DPF: CaptureClient - hxxp://192.168.1.110/CaptureClient.cab

    DPF: {22D82B43-FF26-455A-A96D-A6C61F056ED7} - hxxp://192.168.1.210/xplugxLiteTW.cab

    FF - ProfilePath - c:\users\Reginald\AppData\Roaming\Mozilla\Firefox\Profiles\0gixnud9.default\

    FF - prefs.js: browser.startup.homepage - hxxp://watch.slingbox.com/watch/sling_player

    .

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DUMeterSvc]

    "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{E9D79540-57D5953E-06020101}_0]

    "ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*o*o*k*m*a*r*k*s* *T*o*o*l*b*a*r*
    \Microsoft]


    "Order"=hex:08,00,00,00,02,00,00,00,02,01,00,00,01,00,00,00,02,00,00,00,78,00,

    00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,a5,ba,a6,20,00,46,72,65,65,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*o*o*k*m*a*r*k*s* *T*o*o*l*b*a*r*
    \News]


    "Order"=hex:08,00,00,00,02,00,00,00,fc,03,00,00,01,00,00,00,09,00,00,00,6c,00,

    00,00,00,00,00,00,5e,00,32,00,cd,00,00,00,00,bd,65,70,20,00,42,42,43,20,4e,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\B*o*o*k*m*a*r*k*s* *T*o*o*l*b*a*r*
    \Popular]


    "Order"=hex:08,00,00,00,02,00,00,00,c4,01,00,00,01,00,00,00,04,00,00,00,66,00,

    00,00,00,00,00,00,58,00,32,00,cd,00,00,00,00,a2,23,05,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Business and Finance]


    "Order"=hex:08,00,00,00,02,00,00,00,14,05,00,00,01,00,00,00,09,00,00,00,7e,00,

    00,00,00,00,00,00,70,00,32,00,84,00,00,00,00,86,ca,f9,20,00,43,61,72,65,65,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Computers and Internet]


    "Order"=hex:08,00,00,00,02,00,00,00,a6,04,00,00,01,00,00,00,09,00,00,00,70,00,

    00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,f4,d4,29,20,00,40,76,61,6e,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Directories]


    "Order"=hex:08,00,00,00,02,00,00,00,12,05,00,00,01,00,00,00,09,00,00,00,a2,00,

    00,00,00,00,00,00,94,00,32,00,84,00,00,00,00,37,e6,6b,20,00,34,61,6e,79,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Entertainment and Lifestyles]


    "Order"=hex:08,00,00,00,02,00,00,00,b2,04,00,00,01,00,00,00,09,00,00,00,90,00,

    00,00,00,00,00,00,82,00,32,00,84,00,00,00,00,1f,71,d7,20,00,43,65,6c,65,62,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \News and Sports]


    "Order"=hex:08,00,00,00,02,00,00,00,ce,04,00,00,01,00,00,00,09,00,00,00,78,00,

    00,00,00,00,00,00,6a,00,32,00,84,00,00,00,00,c2,11,99,20,00,41,42,43,4e,45,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Personal Toolbar Folder]


    "Order"=hex:08,00,00,00,02,00,00,00,b0,03,00,00,01,00,00,00,08,00,00,00,70,00,

    00,00,00,00,00,00,62,00,32,00,84,00,00,00,00,d2,e6,29,20,00,43,61,6c,65,6e,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Search]


    "Order"=hex:08,00,00,00,02,00,00,00,92,03,00,00,01,00,00,00,08,00,00,00,72,00,

    00,00,00,00,00,00,64,00,32,00,84,00,00,00,00,dc,5c,7d,20,00,41,62,6f,75,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Shopping and Classifieds]


    "Order"=hex:08,00,00,00,02,00,00,00,b4,04,00,00,01,00,00,00,09,00,00,00,76,00,

    00,00,00,00,00,00,68,00,32,00,84,00,00,00,00,6b,e0,e3,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \Travel and Leisure]


    "Order"=hex:08,00,00,00,02,00,00,00,a0,04,00,00,01,00,00,00,09,00,00,00,82,00,

    00,00,00,00,00,00,74,00,32,00,84,00,00,00,00,75,30,93,20,00,4c,65,69,73,75,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*
    \What's New and Cool]


    "Order"=hex:08,00,00,00,02,00,00,00,e6,04,00,00,01,00,00,00,09,00,00,00,9c,00,

    00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,67,aa,7d,20,00,41,64,76,65,72,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Business and Finance]


    "Order"=hex:08,00,00,00,02,00,00,00,f0,04,00,00,01,00,00,00,09,00,00,00,7a,00,

    00,00,00,00,00,00,6c,00,32,00,cd,00,00,00,00,b5,fc,e8,20,00,43,61,72,65,65,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Computers and Internet]


    "Order"=hex:08,00,00,00,02,00,00,00,82,04,00,00,01,00,00,00,09,00,00,00,6c,00,

    00,00,00,00,00,00,5e,00,32,00,cd,00,00,00,00,12,d9,88,20,00,40,76,61,6e,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Directories]


    "Order"=hex:08,00,00,00,02,00,00,00,ee,04,00,00,01,00,00,00,09,00,00,00,9e,00,

    00,00,00,00,00,00,90,00,32,00,cd,00,00,00,00,81,e4,88,20,00,34,61,6e,79,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Entertainment and Lifestyles]


    "Order"=hex:08,00,00,00,02,00,00,00,8e,04,00,00,01,00,00,00,09,00,00,00,8c,00,

    00,00,00,00,00,00,7e,00,32,00,cd,00,00,00,00,62,71,02,20,00,43,65,6c,65,62,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \News and Sports]


    "Order"=hex:08,00,00,00,02,00,00,00,aa,04,00,00,01,00,00,00,09,00,00,00,74,00,

    00,00,00,00,00,00,66,00,32,00,cd,00,00,00,00,52,65,7c,20,00,41,42,43,4e,45,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Personal Toolbar Folder]


    "Order"=hex:08,00,00,00,02,00,00,00,90,03,00,00,01,00,00,00,08,00,00,00,6c,00,

    00,00,00,00,00,00,5e,00,32,00,cd,00,00,00,00,8d,1f,0f,20,00,43,61,6c,65,6e,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Search]


    "Order"=hex:08,00,00,00,02,00,00,00,72,03,00,00,01,00,00,00,08,00,00,00,6e,00,

    00,00,00,00,00,00,60,00,32,00,cd,00,00,00,00,8d,f8,b7,20,00,41,62,6f,75,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Shopping and Classifieds]


    "Order"=hex:08,00,00,00,02,00,00,00,90,04,00,00,01,00,00,00,09,00,00,00,72,00,

    00,00,00,00,00,00,64,00,32,00,cd,00,00,00,00,83,23,9e,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \Travel and Leisure]


    "Order"=hex:08,00,00,00,02,00,00,00,7c,04,00,00,01,00,00,00,09,00,00,00,7e,00,

    00,00,00,00,00,00,70,00,32,00,cd,00,00,00,00,a7,04,67,20,00,4c,65,69,73,75,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\I*m*p*o*r*t*e*d* *b*o*o*k*m*a*r*k*s*

    \What's New and Cool]


    "Order"=hex:08,00,00,00,02,00,00,00,c2,04,00,00,01,00,00,00,09,00,00,00,98,00,

    00,00,00,00,00,00,8a,00,32,00,cd,00,00,00,00,52,d6,a4,20,00,41,64,76,65,72,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\L*I*n*k*s*


    \Bookmarks bar]


    "Order"=hex:08,00,00,00,02,00,00,00,e4,1f,00,00,01,00,00,00,49,00,00,00,68,00,

    00,00,48,00,00,00,5a,00,32,00,cd,00,00,00,00,3f,e0,7d,20,00,7e,72,65,67,68,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations]


    "Order"=hex:08,00,00,00,02,00,00,00,28,04,00,00,01,00,00,00,0b,00,00,00,6c,00,

    00,00,00,00,00,00,5e,00,31,00,00,00,00,00,00,f6,fa,3e,10,00,41,6c,74,65,72,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Alternative]


    "Order"=hex:08,00,00,00,02,00,00,00,30,0c,00,00,01,00,00,00,15,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,ec,9c,e4,20,00,33,57,4b,20,55,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Classical]


    "Order"=hex:08,00,00,00,02,00,00,00,a0,05,00,00,01,00,00,00,09,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,ed,a9,92,20,00,43,42,43,20,52,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Country]


    "Order"=hex:08,00,00,00,02,00,00,00,70,07,00,00,01,00,00,00,0c,00,00,00,9a,00,

    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,e1,cc,2f,20,00,39,36,2e,33,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\International]


    "Order"=hex:08,00,00,00,02,00,00,00,98,03,00,00,01,00,00,00,06,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,b6,16,80,20,00,4e,65,74,52,61,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Jazz]


    "Order"=hex:08,00,00,00,02,00,00,00,12,05,00,00,01,00,00,00,08,00,00,00,9a,00,

    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,5f,eb,8f,20,00,42,65,61,63,68,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\News]


    "Order"=hex:08,00,00,00,02,00,00,00,98,05,00,00,01,00,00,00,09,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,5b,fd,5d,20,00,43,42,43,20,52,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Pop]


    "Order"=hex:08,00,00,00,02,00,00,00,cc,10,00,00,01,00,00,00,1c,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,0e,03,54,20,00,39,33,2e,31,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Rock]


    "Order"=hex:08,00,00,00,02,00,00,00,ca,09,00,00,01,00,00,00,10,00,00,00,a0,00,

    00,00,00,00,00,00,92,00,32,00,84,00,00,00,00,dd,b9,a0,20,00,39,32,20,4b,51,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Spiritual]


    "Order"=hex:08,00,00,00,02,00,00,00,5e,03,00,00,01,00,00,00,06,00,00,00,9a,00,

    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,3a,18,ad,20,00,43,68,72,69,73,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Sports]


    "Order"=hex:08,00,00,00,02,00,00,00,b8,05,00,00,01,00,00,00,0a,00,00,00,ac,00,

    00,00,00,00,00,00,9e,00,32,00,84,00,00,00,00,91,03,de,20,00,45,53,50,4e,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*
    \RealPlayer Stations\Talk]


    "Order"=hex:08,00,00,00,02,00,00,00,02,09,00,00,01,00,00,00,10,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,84,00,00,00,00,4b,42,b9,20,00,37,37,20,57,41,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations]


    "Order"=hex:08,00,00,00,02,00,00,00,fc,03,00,00,01,00,00,00,0b,00,00,00,68,00,

    00,00,00,00,00,00,5a,00,31,00,00,00,00,00,00,0f,0b,f9,10,00,41,6c,74,65,72,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Alternative]


    "Order"=hex:08,00,00,00,02,00,00,00,dc,0b,00,00,01,00,00,00,15,00,00,00,92,00,

    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,1f,d5,8f,20,00,33,57,4b,20,55,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Classical]


    "Order"=hex:08,00,00,00,02,00,00,00,7c,05,00,00,01,00,00,00,09,00,00,00,92,00,

    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,5a,f6,4a,20,00,43,42,43,20,52,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Country]


    "Order"=hex:08,00,00,00,02,00,00,00,ae,06,00,00,01,00,00,00,0b,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ed,e9,b7,20,00,39,36,2e,33,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\International]


    "Order"=hex:08,00,00,00,02,00,00,00,80,03,00,00,01,00,00,00,06,00,00,00,92,00,

    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,fd,f2,65,20,00,4e,65,74,52,61,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Jazz]


    "Order"=hex:08,00,00,00,02,00,00,00,f2,04,00,00,01,00,00,00,08,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ce,ea,5b,20,00,42,65,61,63,68,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\News]


    "Order"=hex:08,00,00,00,02,00,00,00,74,05,00,00,01,00,00,00,09,00,00,00,92,00,

    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,86,76,c7,20,00,43,42,43,20,52,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Pop]


    "Order"=hex:08,00,00,00,02,00,00,00,5c,10,00,00,01,00,00,00,1c,00,00,00,92,00,

    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,df,4d,5e,20,00,39,33,2e,31,20,\
  20. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-.

    1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Rock]


    "Order"=hex:08,00,00,00,02,00,00,00,8a,09,00,00,01,00,00,00,10,00,00,00,9c,00,

    00,00,00,00,00,00,8e,00,32,00,cd,00,00,00,00,8b,58,cc,20,00,39,32,20,4b,51,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Spiritual]


    "Order"=hex:08,00,00,00,02,00,00,00,46,03,00,00,01,00,00,00,06,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,ea,15,5b,20,00,43,68,72,69,73,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Sports]


    "Order"=hex:08,00,00,00,02,00,00,00,90,05,00,00,01,00,00,00,0a,00,00,00,a8,00,

    00,00,00,00,00,00,9a,00,32,00,cd,00,00,00,00,9e,c3,6b,20,00,45,53,50,4e,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\M*e*d*I*a*

    \RealPlayer Stations\Talk]


    "Order"=hex:08,00,00,00,02,00,00,00,c2,08,00,00,01,00,00,00,10,00,00,00,92,00,

    00,00,00,00,00,00,84,00,32,00,cd,00,00,00,00,7a,47,b3,20,00,37,37,20,57,41,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*B*C* *Y*a*h*o*o*!* *D*S*L*
    \Yahoo!]


    "Order"=hex:08,00,00,00,02,00,00,00,38,0a,00,00,01,00,00,00,14,00,00,00,7c,00,

    00,00,00,00,00,00,6e,00,32,00,84,00,00,00,00,aa,87,d2,20,00,4c,41,55,4e,43,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*B*C* *Y*a*h*o*o*!* *D*S*L*

    \Yahoo!]


    "Order"=hex:08,00,00,00,02,00,00,00,e8,09,00,00,01,00,00,00,14,00,00,00,78,00,

    00,00,00,00,00,00,6a,00,32,00,cd,00,00,00,00,18,84,70,20,00,4c,41,55,4e,43,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Baseball]


    "Order"=hex:08,00,00,00,02,00,00,00,28,07,00,00,01,00,00,00,0a,00,00,00,c0,00,

    00,00,00,00,00,00,b2,00,32,00,84,00,00,00,00,a5,a1,9f,20,00,42,61,73,65,62,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Gardening]


    "Order"=hex:08,00,00,00,02,00,00,00,08,02,00,00,01,00,00,00,03,00,00,00,9c,00,

    00,00,00,00,00,00,8e,00,32,00,84,00,00,00,00,9d,ef,03,20,00,46,69,6e,65,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Graduation]


    "Order"=hex:08,00,00,00,02,00,00,00,04,04,00,00,01,00,00,00,05,00,00,00,00,01,

    00,00,00,00,00,00,f2,00,32,00,84,00,00,00,00,d3,92,d6,20,00,47,6f,72,64,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Home Improvement]


    "Order"=hex:08,00,00,00,02,00,00,00,22,03,00,00,01,00,00,00,05,00,00,00,c4,00,

    00,00,00,00,00,00,b6,00,32,00,84,00,00,00,00,9e,c8,e0,20,00,42,6f,62,56,69,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Microsoft Windows Plus! DME]


    "Order"=hex:08,00,00,00,02,00,00,00,fa,00,00,00,01,00,00,00,01,00,00,00,ee,00,

    00,00,00,00,00,00,e0,00,32,00,84,00,00,00,00,bc,3c,ae,20,00,4d,69,63,72,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day]


    "Order"=hex:08,00,00,00,02,00,00,00,90,03,00,00,01,00,00,00,07,00,00,00,5a,00,

    00,00,01,00,00,00,4c,00,31,00,00,00,00,00,00,dd,f6,b2,10,00,43,61,72,64,73,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Cards]


    "Order"=hex:08,00,00,00,02,00,00,00,f0,02,00,00,01,00,00,00,04,00,00,00,ca,00,

    00,00,00,00,00,00,bc,00,32,00,84,00,00,00,00,bc,a7,ca,20,00,41,6d,65,72,69,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Flowers & Chocolate]


    "Order"=hex:08,00,00,00,02,00,00,00,66,03,00,00,01,00,00,00,05,00,00,00,8a,00,

    00,00,00,00,00,00,7c,00,32,00,84,00,00,00,00,0d,6c,9e,20,00,31,2d,38,30,30,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Gifts]


    "Order"=hex:08,00,00,00,02,00,00,00,b0,04,00,00,01,00,00,00,06,00,00,00,88,00,

    00,00,00,00,00,00,7a,00,32,00,84,00,00,00,00,ef,f4,ab,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Mother's Day\Kids]


    "Order"=hex:08,00,00,00,02,00,00,00,92,02,00,00,01,00,00,00,03,00,00,00,ee,00,

    00,00,00,00,00,00,e0,00,32,00,84,00,00,00,00,77,f8,b6,20,00,42,69,6c,6c,79,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Outdoor Activities]


    "Order"=hex:08,00,00,00,02,00,00,00,9e,04,00,00,01,00,00,00,05,00,00,00,cc,00,

    00,00,00,00,00,00,be,00,32,00,84,00,00,00,00,98,c4,27,20,00,43,61,6d,70,69,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Photography]


    "Order"=hex:08,00,00,00,02,00,00,00,70,05,00,00,01,00,00,00,07,00,00,00,8e,00,

    00,00,03,00,00,00,80,00,31,00,00,00,00,00,00,86,0b,4f,10,00,4e,65,77,73,2c,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Photography\News, Reviews & How To]


    "Order"=hex:08,00,00,00,02,00,00,00,e0,04,00,00,01,00,00,00,05,00,00,00,3c,01,

    00,00,00,00,00,00,2e,01,32,00,84,00,00,00,00,4a,0f,14,20,00,44,69,67,69,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Photography\On-Line Stores]


    "Order"=hex:08,00,00,00,02,00,00,00,5e,04,00,00,01,00,00,00,05,00,00,00,2a,01,

    00,00,00,00,00,00,1c,01,32,00,84,00,00,00,00,27,d9,dd,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*
    \Wildlife & Nature]


    "Order"=hex:08,00,00,00,02,00,00,00,b0,04,00,00,01,00,00,00,05,00,00,00,3c,01,

    00,00,00,00,00,00,2e,01,32,00,84,00,00,00,00,3a,bb,a1,20,00,41,64,76,65,6e,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Baseball]


    "Order"=hex:08,00,00,00,02,00,00,00,00,07,00,00,01,00,00,00,0a,00,00,00,bc,00,

    00,00,00,00,00,00,ae,00,32,00,cd,00,00,00,00,2d,83,89,20,00,42,61,73,65,62,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Gardening]


    "Order"=hex:08,00,00,00,02,00,00,00,fc,01,00,00,01,00,00,00,03,00,00,00,98,00,

    00,00,00,00,00,00,8a,00,32,00,cd,00,00,00,00,35,68,30,20,00,46,69,6e,65,20,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Graduation]


    "Order"=hex:08,00,00,00,02,00,00,00,f0,03,00,00,01,00,00,00,05,00,00,00,fc,00,

    00,00,00,00,00,00,ee,00,32,00,cd,00,00,00,00,0c,9d,1b,20,00,47,6f,72,64,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Home Improvement]


    "Order"=hex:08,00,00,00,02,00,00,00,0e,03,00,00,01,00,00,00,05,00,00,00,c0,00,

    00,00,00,00,00,00,b2,00,32,00,cd,00,00,00,00,39,4b,fc,20,00,42,6f,62,56,69,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Microsoft Windows Plus! DME]


    "Order"=hex:08,00,00,00,02,00,00,00,f6,00,00,00,01,00,00,00,01,00,00,00,ea,00,

    00,00,00,00,00,00,dc,00,32,00,cd,00,00,00,00,86,0b,c5,20,00,4d,69,63,72,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day]


    "Order"=hex:08,00,00,00,02,00,00,00,74,03,00,00,01,00,00,00,07,00,00,00,56,00,

    00,00,01,00,00,00,48,00,31,00,00,00,00,00,00,9d,36,10,10,00,43,61,72,64,73,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Cards]


    "Order"=hex:08,00,00,00,02,00,00,00,e0,02,00,00,01,00,00,00,04,00,00,00,c6,00,

    00,00,00,00,00,00,b8,00,32,00,cd,00,00,00,00,93,a0,ac,20,00,41,6d,65,72,69,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Flowers & Chocolate]


    "Order"=hex:08,00,00,00,02,00,00,00,52,03,00,00,01,00,00,00,05,00,00,00,86,00,

    00,00,00,00,00,00,78,00,32,00,cd,00,00,00,00,ce,ed,38,20,00,31,2d,38,30,30,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Gifts]


    "Order"=hex:08,00,00,00,02,00,00,00,98,04,00,00,01,00,00,00,06,00,00,00,84,00,

    00,00,00,00,00,00,76,00,32,00,cd,00,00,00,00,5b,7c,87,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Mother's Day\Kids]


    "Order"=hex:08,00,00,00,02,00,00,00,86,02,00,00,01,00,00,00,03,00,00,00,ea,00,

    00,00,00,00,00,00,dc,00,32,00,cd,00,00,00,00,77,5f,7e,20,00,42,69,6c,6c,79,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Outdoor Activities]


    "Order"=hex:08,00,00,00,02,00,00,00,8a,04,00,00,01,00,00,00,05,00,00,00,c8,00,

    00,00,00,00,00,00,ba,00,32,00,cd,00,00,00,00,39,70,fa,20,00,43,61,6d,70,69,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Photography]


    "Order"=hex:08,00,00,00,02,00,00,00,54,05,00,00,01,00,00,00,07,00,00,00,8a,00,

    00,00,03,00,00,00,7c,00,31,00,00,00,00,00,00,58,d9,86,10,00,4e,65,77,73,2c,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Photography\News, Reviews & How To]


    "Order"=hex:08,00,00,00,02,00,00,00,cc,04,00,00,01,00,00,00,05,00,00,00,38,01,

    00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,f6,57,84,20,00,44,69,67,69,74,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Photography\On-Line Stores]


    "Order"=hex:08,00,00,00,02,00,00,00,4a,04,00,00,01,00,00,00,05,00,00,00,26,01,

    00,00,00,00,00,00,18,01,32,00,cd,00,00,00,00,ec,14,f7,20,00,41,6d,61,7a,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\S*p*r*I*n*g* *F*a*v*o*r*I*t*e*s*

    \Wildlife & Nature]


    "Order"=hex:08,00,00,00,02,00,00,00,9c,04,00,00,01,00,00,00,05,00,00,00,38,01,

    00,00,00,00,00,00,2a,01,32,00,cd,00,00,00,00,8a,a1,a7,20,00,41,64,76,65,6e,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*V*
    ]


    @SACL=(02 0001)

    "Order"=hex:08,00,00,00,02,00,00,00,ea,01,00,00,01,00,00,00,02,00,00,00,ee,00,

    00,00,00,00,00,00,e0,00,32,00,84,00,00,00,00,5c,13,09,20,00,77,77,69,54,56,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\T*V*

    ]


    @SACL=(02 0001)

    "Order"=hex:08,00,00,00,02,00,00,00,e2,01,00,00,01,00,00,00,02,00,00,00,ea,00,

    00,00,00,00,00,00,dc,00,32,00,cd,00,00,00,00,d6,dc,c6,20,00,77,77,69,54,56,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*p*
    ]


    @SACL=(02 0001)

    "Order"=hex:08,00,00,00,02,00,00,00,36,01,00,00,01,00,00,00,02,00,00,00,9a,00,

    00,00,00,00,00,00,8c,00,32,00,84,00,00,00,00,ec,21,94,20,00,57,69,6e,64,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*p*

    ]


    @SACL=(02 0001)

    "Order"=hex:08,00,00,00,02,00,00,00,2e,01,00,00,01,00,00,00,02,00,00,00,96,00,

    00,00,00,00,00,00,88,00,32,00,cd,00,00,00,00,de,77,65,20,00,57,69,6e,64,6f,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*
    ]


    @SACL=(02 0001)

    "Order"=hex:08,00,00,00,02,00,00,00,18,0a,00,00,01,00,00,00,0d,00,00,00,f0,00,

    00,00,00,00,00,00,e2,00,32,00,84,00,00,00,00,9d,d1,af,20,00,41,63,74,69,76,\

    .

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\X*

    ]


    @SACL=(02 0001)

    "Order"=hex:08,00,00,00,02,00,00,00,fe,08,00,00,01,00,00,00,0c,00,00,00,ec,00,

    00,00,00,00,00,00,de,00,32,00,cd,00,00,00,00,ea,9a,0d,20,00,41,63,74,69,76,\

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    .

    - - - - - - - > 'Explorer.exe'(1720)

    c:\users\Reginald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

    c:\program files\Stardock\Fences\FencesMenu.dll

    c:\program files\stardock\fences\DesktopDock.dll

    .

    Completion time: 2012-08-18 22:32:59

    ComboFix-quarantined-files.txt 2012-08-19 04:32

    ComboFix2.txt 2012-08-19 03:47

    ComboFix3.txt 2012-08-17 15:10

    .

    Pre-Run: 91,843,907,584 bytes free

    Post-Run: 91,733,569,536 bytes free

    .

    - - End Of File - - 43DC461521D8EC9EDFB6CD546CC4E67A
  21. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Looks good :)

    Any current issues?

    Please don't change your posts font because it's harder to read.

    =================================================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ============================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  22. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    lwarebytes Anti-Malware (PRO) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.19.01

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Reginald :: REGINALD-PC [administrator]

    Protection: Disabled

    8/18/2012 11:32:25 PM
    mbam-log-2012-08-18 (23-32-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 241792
    Time elapsed: 15 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  23. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    Evert time I try and upload the extras.txt and the otl.txt file it won't save
    here is my attempt with extras.txt
    OTL Extras logfile created on: 8/18/2012 11:50:13 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Reginald\Desktop\Tech
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.31% Memory free
    5.99 Gb Paging File | 2.97 Gb Available in Paging File | 49.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.04 Gb Total Space | 85.45 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 10.94 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
    Drive E: | 375.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 468.19 Mb Total Space | 451.19 Mb Free Space | 96.37% Space Free | Partition Type: FAT
    Drive K: | 74.52 Gb Total Space | 32.02 Gb Free Space | 42.97% Space Free | Partition Type: NTFS

    Computer Name: REGINALD-PC | User Name: Reginald | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Key error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UpdatesDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{05515B24-EE02-422F-BE48-07496B1D6615}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9E1A23C6-C5DD-412E-AF38-5661E096BA9F}" = lport=5353 | protocol=17 | dir=in | name=bonjour |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{BED88789-1DDC-409E-ABA4-8C58366C11A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{395ED008-86FE-4B1D-94E2-0215C02B99B1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{65EFC9AF-7FD1-478A-A836-708FB79D4577}" = dir=in | app=c:\program files\airport\apagent.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6EAB84B0-599F-4687-A098-4A8DFD0A14E3}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{72247DBA-507C-447A-A540-C834D3A67F45}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A9747A1A-C901-485B-B24D-5F38591BD9A9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{16BB53E0-2CF3-49F9-9A46-835E253BD868}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "TCP Query User{1B7C658A-5BC5-4CCA-BFDA-A08D5FDF8597}C:\program files\airport\aputil.exe" = protocol=6 | dir=in | app=c:\program files\airport\aputil.exe |
    "TCP Query User{2DD15C1F-443A-4A2E-B403-D670309C0FEB}C:\program files\weprint\weprint server.exe" = protocol=6 | dir=in | app=c:\program files\weprint\weprint server.exe |
    "TCP Query User{AA726E93-1869-4477-8C7B-80802953B0DF}C:\program files\airvideoserver\airvideoserver.exe" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
    "TCP Query User{B3A9A1FC-EF63-4873-890A-D135E8C1A33F}C:\program files\weprint\weprint server.exe" = protocol=6 | dir=in | app=c:\program files\weprint\weprint server.exe |
    "TCP Query User{BD4FC17D-1BA0-404C-8733-85722EAEB974}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "TCP Query User{ED853B16-6ECD-43AB-8278-6F8B467C7C29}C:\program files\airvideoserver\airvideoserver.exe" = protocol=6 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
    "UDP Query User{482DD29E-CD28-4301-B8F9-542D861CED73}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "UDP Query User{AA2B871D-7C55-4A6C-A4BD-C1FB50E24EF1}C:\program files\airvideoserver\airvideoserver.exe" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
    "UDP Query User{BAB0A388-C74A-4CAD-9077-15E8F79F565F}C:\program files\airvideoserver\airvideoserver.exe" = protocol=17 | dir=in | app=c:\program files\airvideoserver\airvideoserver.exe |
    "UDP Query User{BB272032-5C38-4FE0-9A16-3A6BA2E17755}C:\program files\weprint\weprint server.exe" = protocol=17 | dir=in | app=c:\program files\weprint\weprint server.exe |
    "UDP Query User{D00D5BFF-8220-4E5A-BF46-15B06ED24EAD}C:\program files\weprint\weprint server.exe" = protocol=17 | dir=in | app=c:\program files\weprint\weprint server.exe |
    "UDP Query User{EA2B715C-A7F6-4404-B435-05C9BBE8AFC7}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
    "UDP Query User{FE6EB834-4072-4703-ACF8-7D69EC77B8CB}C:\program files\airport\aputil.exe" = protocol=17 | dir=in | app=c:\program files\airport\aputil.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}" = Acronis True Image Home 2011
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
    "{13BBBB38-22D8-4BF1-80CA-7D54152C2980}" = WebSlingPlayer ActiveX
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{183E58A5-A6F5-4FDD-8B37-5F483B6CCDDC}" = NETGEAR XE104 Powerline Encryption Utility
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
    "{1A22A15D-E88A-427A-90E2-137245143239}" = Garmin Lifetime Updater
    "{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
    "{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
    "{23DD8A17-65DB-4D49-A2E0-164C6F460E3F}" = Adobe Photoshop Lightroom 3
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
    "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
    "{34AFE453-F544-4269-89C9-CAB7F0744963}" = Nuance OmniPage 17
    "{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
    "{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
    "{3DB2107E-82FE-3167-6E71-B9D44EA4FD26}" = AMD Drag and Drop Transcoding
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
    "{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
    "{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
    "{59D007A3-05CD-4D7C-A660-FE2450BE4BDE}_is1" = Sanmaxi Outlook Password Recovery Trial Version 5.0.1
    "{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{665C721C-49A3-49E9-AED0-EBEDC1327D57}" = Setup Wizard
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{6E2DDDB8-1E70-4219-994B-5B9761F964FF}" = Silicon Laboratories CP210x VCP Drivers for Windows 2000/XP/2003 Server/Vista
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{73F01EB9-1682-4678-B856-F672D09F1E32}" = Garmin Lifetime Updater
    "{76109814-439E-46A1-8BD3-A3D5DEEF1FD6}" = NETGEAR XE102 Powerline Encryption Utility
    "{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{782A8AEE-0722-4E08-BB72-34C218CF166B}" = Uniblue PowerSuite 2009
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7AAA00C4-26E6-4EC0-8069-955B0A9D6009}" = Intel(R) Network Connections 15.2.89.0
    "{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{807CF799-E1B8-464D-8F6A-C01655332EFD}" = Microsoft Security Compliance Manager 1.0
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{83E3E4FD-1C5F-BB72-1118-799EC15CB30B}" = ATI Catalyst Install Manager
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84513125-0BC7-46F8-BE1E-309263B79AE2}" = Xmarks Thumbnails for IE
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9578C0CD-8108-4379-9026-4601F59859A0}" = Google Earth Pro
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
    "{A7DEBAA4-B211-4D1A-A6B3-E52BFAAA1D0C}" = Garmin Communicator Plugin
    "{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
    "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA68AAAE-41F0-40B5-8896-5947F5FD6889}" = AirPort
    "{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}_952" = Adobe Acrobat 9.5.2 - CPSID_83708
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
    "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
    "{B829E117-D072-41EA-9606-9826A38D34C1}" = Sophos Virus Removal Tool
    "{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
    "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
    "{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
    "{C05C9016-8774-46C0-8BD4-A8EE5E25572F}" = IPView Pro 2.0
    "{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Professional Business 2009.SP3c
    "{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
    "{C56BBAC8-0DD2-4CE4-86E0-F2BDEABDD0CF}" = Xmarks for IE
    "{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
    "{D25F26E6-7F37-4580-9E83-2BDD9BE9E0CE}" = BlackBerry Desktop Software 6.0
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
    "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
    "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529080}" = WordPerfect Office X4 - MAIL
    "{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E2C98732-F973-4985-A9C5-DC06178E16EE}" = Microsoft Mathematics Add-in (32-bit)
    "{E5839ADC-1116-49E2-8A0A-FE9EB65027DF}" = WeatherLink 5.8.3
    "{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
    "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0C003B5-6F66-49A3-86C4-49D7D2502ADA}" = Debug Diagnostics 1.2 32-bit
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1486DE6-CC2E-48C0-AD20-C2C142FA1636}" = APC PowerChute Personal Edition 3.0
    "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F7186715-3AEE-4C0A-B191-0D1835E57BE2}" = SetupWizard
    "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FD5FC366-49CA-497D-975C-B4C11696325F}" = Virtual Weather Station
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
    "ActiveWords" = ActiveWords
    "AddThis Toolbar" = AddThis Toolbar
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "AI RoboForm" = RoboForm 7-7-9-9 (All Users)
    "Air Video Server" = Air Video Server 2.4.3
    "Anvi Smart Defender" = Anvi Smart Defender 1.5
    "Any Video Converter Professional_is1" = Any Video Converter Professional 2.7.6
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0
    "BSPlayerp" = BS.Player PRO
    "CCleaner" = CCleaner
    "CopyTrans Suite" = CopyTrans Suite Remove Only
    "Cumulus_is1" = Cumulus 1.9.2
    "Dell Support Center" = Dell Support Center
    "DUMeter3_is1" = DU Meter
    "EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.0.0 Home Edition
    "ESET Online Scanner" = ESET Online Scanner v3
    "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
    "Fences Pro" = Fences Pro
    "Google Chrome Frame" = Google Chrome Frame
    "Google Desktop" = Google Desktop
    "Greatis Reanimator_is1" = RegRun Reanimator
    "HD Tune_is1" = HD Tune 2.55
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{3D08333C-C366-425D-8C2D-D05630D68A46}" = SlingPlayer
    "Jawbone Updater" = Jawbone Updater
    "Kingsoft PC Doctor" = Kingsoft PC Doctor 3.3.1.9
    "Loki ActiveX Control" = Loki ActiveX Control
    "MagicDisc 2.7.106" = MagicDisc 2.7.106
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
    "Microsoft Security Client" = Microsoft Security Essentials
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
    "Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
    "NetworkView_is1" = NetworkView Version 3.60
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Picasa 3" = Picasa 3
    "PROSetDX" = Intel(R) Network Connections 15.2.89.0
    "RealVNC_is1" = VNC Enterprise Edition E4.4.2
    "SABnzbd" = SABnzbd 0.6.10
    "StarDot_Tools_1.5" = StarDot Tools 1.5.3
    "SysMetrix" = SysMetrix 3.44
    "TeamViewer 6" = TeamViewer 6
    "TeamViewer 7" = TeamViewer 7
    "TerraExplorer" = TerraExplorer
    "Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
    "Uniblue PowerSuite 2009" = Uniblue PowerSuite 2009
    "Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
    "Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "VLC media player" = VLC media player 1.0.0
    "VNCMirror_is1" = VNC Mirror Driver 1.8.0
    "WePrint" = WePrint
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1359024441-3580254713-1987414973-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Chromium" = Chromium
    "Dropbox" = Dropbox
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Google Chrome" = Google Chrome
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "UnityWebPlayer" = Unity Web Player
    "uTorrent" = µTorrent

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 8/18/2012 8:39:44 AM | Computer Name = Reginald-PC | Source = Application Hang | ID = 1002
    Description = The program iTunes.exe version 10.6.1.7 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 1ca0 Start Time:
    01cd7cb83d4588cc Termination Time: 1087 Application Path: C:\Program Files\iTunes\iTunes.exe

    Report
    Id:

    Error - 8/18/2012 8:48:16 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/18/2012 10:35:55 PM | Computer Name = Reginald-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "c:\program files\EASEUS\easeus
    partition master 9.0.0 home edition\res\Help.exe". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 8/19/2012 12:12:28 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/19/2012 12:15:50 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/19/2012 12:18:24 AM | Computer Name = Reginald-PC | Source = VSS | ID = 18
    Description =

    Error - 8/19/2012 12:18:24 AM | Computer Name = Reginald-PC | Source = VSS | ID = 8193
    Description =

    Error - 8/19/2012 12:18:24 AM | Computer Name = Reginald-PC | Source = System Restore | ID = 8193
    Description =

    Error - 8/19/2012 12:38:55 AM | Computer Name = Reginald-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 8/19/2012 12:43:45 AM | Computer Name = Reginald-PC | Source = Application Hang | ID = 1002
    Description = The program IEXPLORE.EXE version 9.0.8112.16448 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1f6c Start
    Time: 01cd7dc4992a8e97 Termination Time: 24 Application Path: C:\Program Files\Internet
    Explorer\IEXPLORE.EXE Report Id:

    [ Media Center Events ]
    Error - 7/2/2009 10:07:30 AM | Computer Name = Reginald-PC | Source = Media Center Guide | ID = 0
    Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
    returned 0D Process: DefaultDomain Object Name: Media Center Guide

    [ System Events ]
    Error - 8/19/2012 12:31:49 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/19/2012 12:31:49 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/19/2012 12:31:49 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
    Description = The Network List Service service depends on the Network Location Awareness
    service which failed to start because of the following error: %%1068

    Error - 8/19/2012 12:35:32 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7000
    Description = The VMware Bridge Protocol service failed to start due to the following
    error: %%2

    Error - 8/19/2012 12:37:55 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
    Hard Drive Watcher 9 service to connect.

    Error - 8/19/2012 12:38:04 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7000
    Description = The VMware Network Application Interface service failed to start due
    to the following error: %%2

    Error - 8/19/2012 12:38:04 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
    Description = The VMware NAT Service service depends on the VMware Network Application
    Interface service which failed to start because of the following error: %%2

    Error - 8/19/2012 12:39:04 AM | Computer Name = Reginald-PC | Source = Service Control Manager | ID = 7001
    Description = The VMware DHCP Service service depends on the VMware Network Application
    Interface service which failed to start because of the following error: %%2

    Error - 8/19/2012 12:41:23 AM | Computer Name = Reginald-PC | Source = WMPNetworkSvc | ID = 866306
    Description =

    Error - 8/19/2012 12:41:23 AM | Computer Name = Reginald-PC | Source = WMPNetworkSvc | ID = 866306
    Description =


    < End of report >
  24. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    Took it that time here is the otl.txt
    Won't take the otl.txt file ??
  25. Reginald Hirsch

    Reginald Hirsch Newcomer, in training Topic Starter Posts: 30

    OTL logfile created on: 8/18/2012 11:50:13 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Reginald\Desktop\Tech
    Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 1.15 Gb Available Physical Memory | 38.31% Memory free
    5.99 Gb Paging File | 2.97 Gb Available in Paging File | 49.62% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 283.04 Gb Total Space | 85.45 Gb Free Space | 30.19% Space Free | Partition Type: NTFS
    Drive D: | 15.00 Gb Total Space | 10.94 Gb Free Space | 72.96% Space Free | Partition Type: NTFS
    Drive E: | 375.88 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive I: | 468.19 Mb Total Space | 451.19 Mb Free Space | 96.37% Space Free | Partition Type: FAT
    Drive K: | 74.52 Gb Total Space | 32.02 Gb Free Space | 42.97% Space Free | Partition Type: NTFS

    Computer Name: REGINALD-PC | User Name: Reginald | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/18 23:47:46 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Reginald\Desktop\Tech\OTL.exe
    PRC - [2012/07/30 15:02:22 | 000,640,480 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2012/07/25 11:27:38 | 003,506,176 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\AWMonitor.exe
    PRC - [2012/07/25 09:59:15 | 000,112,640 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\AWApps\L&T\AWLearnTrain.exe
    PRC - [2012/07/25 09:59:04 | 000,419,840 | ---- | M] (ActiveWords) -- C:\Program Files\ActiveWords\AWApps\AWInkPad\AWInkpad.exe
    PRC - [2012/07/25 09:59:01 | 000,035,328 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\AWFeedback.exe
    PRC - [2012/07/25 09:58:48 | 000,509,440 | ---- | M] (ActiveWord Systems, Inc.) -- C:\Program Files\ActiveWords\Nahuatl.exe
    PRC - [2012/07/20 02:11:38 | 000,686,408 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    PRC - [2012/07/20 02:11:28 | 001,217,864 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
    PRC - [2012/07/19 15:13:17 | 000,109,336 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    PRC - [2012/07/16 08:31:32 | 007,445,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    PRC - [2012/07/16 08:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/07/16 08:22:42 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\tv_w32.exe
    PRC - [2012/07/13 04:18:26 | 000,186,832 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
    PRC - [2012/07/12 03:36:52 | 000,136,616 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2012/07/12 03:36:32 | 000,374,184 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2012/07/09 17:38:53 | 004,777,856 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Reginald\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/04/10 22:26:24 | 001,308,064 | ---- | M] (Kingsoft Corporation) -- C:\Program Files\Kingsoft\PcDoctor\KSafeTray.exe
    PRC - [2012/04/10 22:26:22 | 000,452,512 | ---- | M] (Kingsoft Corporation) -- C:\Program Files\Kingsoft\PcDoctor\KSafeSvc.exe
    PRC - [2012/04/03 07:14:04 | 002,542,080 | ---- | M] (EuroSmartz Ltd) -- C:\Program Files\WePrint\WePrint Server.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    PRC - [2012/01/20 21:03:48 | 000,719,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    PRC - [2011/11/13 07:53:42 | 002,996,592 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2tray.exe
    PRC - [2011/11/13 07:53:40 | 000,946,032 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe
    PRC - [2011/11/13 07:53:36 | 002,120,048 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2pre.exe
    PRC - [2011/11/13 07:53:28 | 001,687,408 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMyPC\g2comm.exe
    PRC - [2011/10/19 10:28:50 | 021,328,896 | ---- | M] (Ambient, LLC) -- C:\vws\vws.exe
    PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
    PRC - [2011/07/12 18:01:38 | 000,345,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\DebugDiag\DbgSvc.exe
    PRC - [2011/07/08 03:25:22 | 000,401,408 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
    PRC - [2011/07/08 03:24:54 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
    PRC - [2011/06/23 22:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/12/08 11:20:14 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    PRC - [2010/09/29 15:30:36 | 002,942,856 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeter.exe
    PRC - [2010/09/29 15:30:36 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files\DU Meter\DUMeterSvc.exe
    PRC - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
    PRC - [2010/09/14 17:54:12 | 000,021,880 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\dataserv.exe
    PRC - [2010/09/14 17:53:40 | 000,705,912 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    PRC - [2010/09/14 17:53:20 | 000,660,856 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
    PRC - [2010/09/01 10:58:32 | 003,975,088 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
    PRC - [2010/08/21 08:54:14 | 000,390,736 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    PRC - [2010/08/21 08:54:08 | 000,779,960 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    PRC - [2010/08/21 08:51:50 | 005,458,848 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    PRC - [2010/08/20 16:00:50 | 002,536,448 | ---- | M] (Acronis) -- C:\Program Files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
    PRC - [2010/04/30 13:35:12 | 004,899,136 | ---- | M] (PY Software) -- C:\Program Files\Active WebCam\WebCam.exe
    PRC - [2010/04/30 13:35:02 | 000,738,640 | ---- | M] (PY Software) -- C:\Program Files\Active WebCam\Watchdog.exe
    PRC - [2010/04/30 13:08:32 | 000,323,072 | ---- | M] () -- C:\Program Files\Active WebCam\CompParams.exe
    PRC - [2010/04/13 19:01:58 | 000,094,024 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\TscHelp.exe
    PRC - [2010/04/13 19:01:56 | 000,079,688 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\SnagPriv.exe
    PRC - [2010/04/13 19:01:52 | 007,384,904 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\SnagitEditor.exe
    PRC - [2010/04/13 19:01:52 | 007,046,984 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\Snagit 10\Snagit32.exe
    PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2010/02/17 13:44:17 | 002,621,440 | ---- | M] (Nicholas Decker) -- C:\Program Files\SysMetrix\SysMetrix.exe
    PRC - [2009/11/11 16:17:02 | 000,771,360 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
    PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe
    PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    PRC - [2009/06/26 17:21:00 | 000,759,296 | ---- | M] (Microsoft Corporation
    ) -- C:\Windows\vVX6000.exe
    PRC - [2009/04/13 11:21:26 | 002,344,224 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2009/04/13 11:21:26 | 000,791,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2009/04/13 11:21:26 | 000,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/03/26 23:05:22 | 000,096,816 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2009/03/26 23:04:16 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/30 15:16:42 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2007/10/03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2007/05/28 10:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/18 22:40:41 | 000,065,024 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    MOD - [2012/08/18 22:40:41 | 000,052,736 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
    MOD - [2012/08/18 22:37:27 | 000,079,480 | ---- | M] () -- C:\jexepackres\JX94E44\miniupnpc.dll
    MOD - [2012/08/18 22:37:27 | 000,034,166 | ---- | M] () -- C:\jexepackres\JX94E44\natpmp.dll
    MOD - [2012/08/16 19:31:08 | 000,442,392 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\ppgooglenaclpluginchrome.dll
    MOD - [2012/08/16 19:31:06 | 012,236,824 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\PepperFlash\pepflashplayer.dll
    MOD - [2012/08/16 19:31:05 | 003,997,720 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\pdf.dll
    MOD - [2012/08/16 19:29:39 | 000,526,872 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\libglesv2.dll
    MOD - [2012/08/16 19:29:38 | 000,104,984 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\libegl.dll
    MOD - [2012/08/16 19:29:27 | 000,144,424 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\avutil-51.dll
    MOD - [2012/08/16 19:29:26 | 000,266,792 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\avformat-54.dll
    MOD - [2012/08/16 19:29:24 | 002,480,680 | ---- | M] () -- C:\Users\Reginald\AppData\Local\Google\Chrome\Application\21.0.1180.81\avcodec-54.dll
    MOD - [2012/07/25 09:59:01 | 000,014,848 | ---- | M] () -- C:\Program Files\ActiveWords\AWApps\AWInkPad\AxInterop.AWCONTROLLib.dll
    MOD - [2012/07/21 05:44:05 | 000,117,760 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    MOD - [2012/07/21 05:44:04 | 000,052,224 | ---- | M] () -- C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    MOD - [2012/07/20 02:11:36 | 000,784,712 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
    MOD - [2012/06/13 03:51:10 | 001,361,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Ink\4d381048e3b9c0914c0f72c6aa0a599d\Microsoft.Ink.ni.dll
    MOD - [2012/06/13 03:45:57 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
    MOD - [2012/06/13 03:45:40 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
    MOD - [2012/05/12 03:51:48 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
    MOD - [2012/05/12 03:51:48 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.Wrapper.dll
    MOD - [2012/05/12 03:51:46 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
    MOD - [2012/05/12 03:51:45 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
    MOD - [2012/05/12 03:49:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
    MOD - [2012/05/12 03:49:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/12 03:49:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/12 03:49:11 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2012/04/03 07:14:04 | 000,059,904 | ---- | M] () -- C:\Program Files\WePrint\zlib1.dll
    MOD - [2011/10/21 03:01:40 | 000,075,160 | ---- | M] () -- C:\Program Files\Kingsoft\PcDoctor\json.dll
    MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2011/05/23 19:34:50 | 000,140,664 | ---- | M] () -- C:\Program Files\Kingsoft\PcDoctor\zlib1.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    MOD - [2010/11/19 22:12:59 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    MOD - [2010/09/21 19:03:56 | 004,923,784 | ---- | M] () -- C:\Program Files\AirVideoServer\AirVideoServer.exe
    MOD - [2010/04/30 13:08:32 | 000,323,072 | ---- | M] () -- C:\Program Files\Active WebCam\CompParams.exe
    MOD - [2009/07/13 19:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
    MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    MOD - [2009/02/28 17:21:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    MOD - [2009/02/28 17:21:07 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    MOD - [2009/02/28 17:21:02 | 000,236,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    MOD - [2009/02/28 17:21:01 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
    MOD - [2009/02/28 17:21:00 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
    MOD - [2009/02/28 17:20:59 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
    MOD - [2009/02/28 17:20:58 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
    MOD - [2009/02/28 17:20:57 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
    MOD - [2009/02/28 17:20:55 | 001,400,832 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
    MOD - [2009/02/28 17:20:54 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
    MOD - [2009/02/28 17:20:50 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
    MOD - [2009/02/28 17:20:31 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    MOD - [2009/02/28 17:20:15 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    MOD - [2009/02/28 17:20:14 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    MOD - [2009/02/28 17:19:59 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
    MOD - [2009/02/28 17:19:57 | 000,404,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
    MOD - [2009/02/28 17:19:57 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    MOD - [2009/02/28 17:19:56 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
    MOD - [2009/02/28 17:19:51 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
    MOD - [2009/02/28 17:19:44 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.